fix: update Dockerfile with security notes and build context guidelines
Some checks failed
tests / build (push) Has been cancelled
Some checks failed
tests / build (push) Has been cancelled
This commit is contained in:
parent
8f93210970
commit
2bfee40acb
@ -12,7 +12,10 @@ COPY go.mod go.sum ./
|
|||||||
COPY vendor/ ./vendor/
|
COPY vendor/ ./vendor/
|
||||||
|
|
||||||
# Now copy source and build. This layer rebuilds on any .go file change.
|
# Now copy source and build. This layer rebuilds on any .go file change.
|
||||||
|
# Do NOT include local configuration or secret files in the build context.
|
||||||
|
# Ensure your .dockerignore excludes config files (e.g. config.json, v1.json, .env).
|
||||||
COPY . .
|
COPY . .
|
||||||
|
# If you need build-time secrets, use BuildKit secrets and `RUN --mount=type=secret,...`.
|
||||||
RUN make release && make import && make ffmigrate
|
RUN make release && make import && make ffmigrate
|
||||||
|
|
||||||
FROM $FFMPEG_IMAGE
|
FROM $FFMPEG_IMAGE
|
||||||
@ -31,7 +34,11 @@ ENV CORE_DB_DIR=/core/config
|
|||||||
ENV CORE_WHIP_ENABLE=true
|
ENV CORE_WHIP_ENABLE=true
|
||||||
ENV CORE_WHIP_ADDRESS=:8555
|
ENV CORE_WHIP_ADDRESS=:8555
|
||||||
ENV CORE_WHIP_RTSP_ADDRESS=:8554
|
ENV CORE_WHIP_RTSP_ADDRESS=:8554
|
||||||
ENV CORE_API_AUTH_ENABLE=false
|
# Security note: do not hardcode sensitive configuration or secrets in the image.
|
||||||
|
# Set runtime flags and secrets when launching the container instead, for example:
|
||||||
|
# docker run -e CORE_API_AUTH_ENABLE=false ...
|
||||||
|
# The following env is intentionally left unset in the image to avoid baking config:
|
||||||
|
# ENV CORE_API_AUTH_ENABLE=false
|
||||||
ENV CORE_RTMP_ENABLE=true
|
ENV CORE_RTMP_ENABLE=true
|
||||||
ENV CORE_SRT_ENABLE=true
|
ENV CORE_SRT_ENABLE=true
|
||||||
ENV CORE_PLAYOUT_ENABLE=true
|
ENV CORE_PLAYOUT_ENABLE=true
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user