added docker-compose and modified Dockerfile

dr3394 · dr3394 · commit 2bb8e02b7da3 · 2024-09-29T10:56:02.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -28,8 +28,11 @@ RUN chmod -R a-w /usr/local/lib/python3.8 && \
 # Switch to non-root user
 USER appuser
 
+# Expose port 5000
+EXPOSE 5000
+
 # Run the application
-CMD ["python", "pastebin.py"]
+CMD ["flask", "run", "--host=0.0.0.0"]
 
 # Note: This Dockerfile implements several security measures.
 # For full details on security practices, please refer to SECURITY.md
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,47 @@
+version: '3.8'  # Specify the Docker Compose version
+
+services:
+  pastebin: 
+    user: appuser  # Rule 2. Run as a non-root user     
+    build:
+      context: . 
+      dockerfile: Dockerfile
+    env_file:
+      - .env_file
+    ports:
+      - "5000:5000"
+    volumes:
+      - .:/app:ro  # Mount the current directory to /app in the container as read-only
+    restart: unless-stopped
+    
+    # Rule 7. Resource Limits
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"       # Limit container to 50% of a CPU
+          memory: "512M"    # Limit container memory to 512MB
+
+    # Rule 8. Read-Only Filesystem
+    read_only: true  # Mount the container's filesystem as read-only
+
+    # Rule 3. Drop All Capabilities
+    cap_drop:
+      - ALL
+
+    # Rule 4. Prevent the container from gaining new privileges
+    security_opt:
+      - no-new-privileges:true
+
+
+    # 8. Logging Configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+
+# Network Configuration
+networks:
+  pastebin_network:
+    driver: bridge
