From 1988a6a1b638aeec0a3a0548d15157e2d936509c Mon Sep 17 00:00:00 2001 From: LRVT <21357789+l4rm4nd@users.noreply.github.com> Date: Thu, 5 Feb 2026 00:05:04 +0100 Subject: [PATCH] Update docker-compose.yml --- examples/excalidraw/docker-compose.yml | 32 ++++++++++++++++++-------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/examples/excalidraw/docker-compose.yml b/examples/excalidraw/docker-compose.yml index fca39b0..c53f0b2 100644 --- a/examples/excalidraw/docker-compose.yml +++ b/examples/excalidraw/docker-compose.yml @@ -17,15 +17,26 @@ services: echo "Starting nginx..." nginx -g 'daemon off;' stdin_open: true + environment: + - NODE_ENV=production + - VITE_APP_WS_SERVER_URL=https://draw2gether.example.com healthcheck: test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:80/ >/dev/null 2>&1 || exit 1"] interval: 30s timeout: 5s retries: 3 start_period: 20s - environment: - - NODE_ENV=production - - VITE_APP_WS_SERVER_URL=https://draw2gether.example.com # define your custom url for selfhosted excalidraw-room below + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + tmpfs: + - /tmp:rw,noexec,nosuid,size=64m + - /var/cache/nginx/client_temp:rw,noexec,nosuid,size=64m #networks: # - proxy #labels: @@ -42,20 +53,23 @@ services: expose: - 80 restart: unless-stopped + read_only: true + tmpfs: + - /tmp:rw,noexec,nosuid,size=64m + security_opt: + - no-new-privileges:true + cap_drop: + - ALL healthcheck: test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:80/ >/dev/null 2>&1 || exit 1"] interval: 30s timeout: 5s retries: 3 - start_period: 20s + start_period: 20s #networks: # - proxy #labels: # - traefik.enable=true # - traefik.http.routers.excalidraw-collab.rule=Host(`draw2gether.example.com`) # - traefik.http.services.excalidraw-collab.loadbalancer.server.port=80 - # - traefik.docker.network=proxy - -#networks: -# proxy: -# external: true + # - traefik.docker.network=proxy \ No newline at end of file