fix: update Dockerfile with security notes and build context guidelines
Some checks failed
tests / build (push) Has been cancelled
Some checks failed
tests / build (push) Has been cancelled
This commit is contained in:
parent
8f93210970
commit
2bfee40acb
@ -12,7 +12,10 @@ COPY go.mod go.sum ./
|
||||
COPY vendor/ ./vendor/
|
||||
|
||||
# Now copy source and build. This layer rebuilds on any .go file change.
|
||||
# Do NOT include local configuration or secret files in the build context.
|
||||
# Ensure your .dockerignore excludes config files (e.g. config.json, v1.json, .env).
|
||||
COPY . .
|
||||
# If you need build-time secrets, use BuildKit secrets and `RUN --mount=type=secret,...`.
|
||||
RUN make release && make import && make ffmigrate
|
||||
|
||||
FROM $FFMPEG_IMAGE
|
||||
@ -31,7 +34,11 @@ ENV CORE_DB_DIR=/core/config
|
||||
ENV CORE_WHIP_ENABLE=true
|
||||
ENV CORE_WHIP_ADDRESS=:8555
|
||||
ENV CORE_WHIP_RTSP_ADDRESS=:8554
|
||||
ENV CORE_API_AUTH_ENABLE=false
|
||||
# Security note: do not hardcode sensitive configuration or secrets in the image.
|
||||
# Set runtime flags and secrets when launching the container instead, for example:
|
||||
# docker run -e CORE_API_AUTH_ENABLE=false ...
|
||||
# The following env is intentionally left unset in the image to avoid baking config:
|
||||
# ENV CORE_API_AUTH_ENABLE=false
|
||||
ENV CORE_RTMP_ENABLE=true
|
||||
ENV CORE_SRT_ENABLE=true
|
||||
ENV CORE_PLAYOUT_ENABLE=true
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user