sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-17 01:30:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Security] Fix HIGH vulnerability: yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service (#1005)

Browse Source 
Co-authored-by: orbisai0security <orbisai0security@users.noreply.github.com>
Co-authored-by: houseme <housemecn@gmail.com>
This commit is contained in:
orbisai0security
2025-12-08 19:35:10 +05:30
committed by GitHub
parent 15c75b9d36
commit 7c98c62d60
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docker-compose.yml
View File

@@ -196,6 +196,8 @@ services:
# NGINX reverse proxy (optional) # NGINX reverse proxy (optional)
nginx: nginx:
security_opt:
- "no-new-privileges:true"
image: nginx:alpine image: nginx:alpine
container_name: nginx-proxy container_name: nginx-proxy
ports: ports:
@@ -204,9 +206,14 @@ services:
volumes: volumes:
- ./.docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./.docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./.docker/nginx/ssl:/etc/nginx/ssl:ro - ./.docker/nginx/ssl:/etc/nginx/ssl:ro
tmpfs:
- /var/run
- /var/cache/nginx
- /var/log/nginx
networks: networks:
- rustfs-network - rustfs-network
restart: unless-stopped restart: unless-stopped
read_only: true
profiles: profiles:
- proxy - proxy
depends_on: depends_on: