Harden autoconfig and sanitize input
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
2025-09-28 12:42:26 -03:00
parent f643efb220
commit a0f148c3ef
4 changed files with 318 additions and 31 deletions

View File

@@ -1,10 +1,25 @@
FROM python:3.11-slim
# Create non-root user for security
RUN groupadd -r appuser && useradd -r -g appuser appuser
WORKDIR /app
# Copy application files
COPY app.py ./
COPY templates/ ./templates/
RUN pip install --no-cache Flask Jinja2 gunicorn
# Install dependencies as root
RUN pip install --no-cache-dir Flask Jinja2 gunicorn
# expose port 80
CMD ["gunicorn", "-b", "0.0.0.0:80", "app:app"]
# Create necessary directories and set permissions
RUN mkdir -p /tmp && chown -R appuser:appuser /app /tmp
# Switch to non-root user
USER appuser
# Expose port 8080 (internal)
EXPOSE 8080
# Bind to localhost only for security
CMD ["gunicorn", "-b", "127.0.0.1:8080", "--workers", "2", "--worker-class", "sync", "--worker-connections", "1000", "--max-requests", "1000", "--max-requests-jitter", "100", "--timeout", "30", "--keep-alive", "2", "app:app"]