-
Notifications
You must be signed in to change notification settings - Fork 8
/
docker-compose.yaml
20 lines (20 loc) · 898 Bytes
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
services:
whoami:
# Docker image is configurable per config file:
image: ${WHOAMI_IMAGE}
# whoami needs no special privileges, so we drop them all. see SECURITY.md for details.
cap_drop:
- ALL
security_opt:
- no-new-privileges:true
# Good practice to not allow unprivileged processes to use ports <1024:
sysctls:
- net.ipv4.ip_unprivileged_port_start=1024
# This command is unique to whoami, for most apps you don't need to specify any command:
command: --port 8000 --name ${WHOAMI_INSTANCE:-default}
# Restart policy ensures this service always starts on boot unless manually shutdown:
restart: unless-stopped
# All labels are defined in the template: docker-compose.instance.yaml
# The labels will merge together here from the template output:
# docker-compose.override_{DOCKER_CONTEXT}_{INSTANCE}.yaml
labels: []