mifi-holdings/mail-autoconfig
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More hardening and migration from Drone to Woodpecker

Browse Source
This commit is contained in:
Mike Fitzpatrick
2026-02-01 19:11:32 -03:00
parent a0f148c3ef
commit 5035ed118d
12 changed files with 558 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Dockerfile
View File

@@ -9,8 +9,9 @@ WORKDIR /app
COPY app.py ./
COPY templates/ ./templates/
# Install dependencies as root
RUN pip install --no-cache-dir Flask Jinja2 gunicorn
# Install dependencies as root (versions pinned in requirements.txt)
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
# Create necessary directories and set permissions
RUN mkdir -p /tmp && chown -R appuser:appuser /app /tmp
@@ -21,5 +22,5 @@ USER appuser
# Expose port 8080 (internal)
EXPOSE 8080
# Bind to localhost only for security
CMD ["gunicorn", "-b", "127.0.0.1:8080", "--workers", "2", "--worker-class", "sync", "--worker-connections", "1000", "--max-requests", "1000", "--max-requests-jitter", "100", "--timeout", "30", "--keep-alive", "2", "app:app"]
# Bind to 0.0.0.0 so Traefik (separate container) can reach us; exposure is limited to Docker network only (no host/internet direct access)
CMD ["gunicorn", "-b", "0.0.0.0:8080", "--workers", "2", "--worker-class", "sync", "--worker-connections", "1000", "--max-requests", "1000", "--max-requests-jitter", "100", "--timeout", "30", "--keep-alive", "2", "--limit-request-line", "4094", "--limit-request-fields", "100", "--worker-tmp-dir", "/tmp", "app:app"]