43 lines
1014 B
Docker
43 lines
1014 B
Docker
# Multi-stage build for security
|
|
FROM golang:1.21-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o honeypot main.go
|
|
|
|
# Final minimal image
|
|
FROM alpine:3.18
|
|
|
|
# Create non-root user
|
|
RUN addgroup -g 1001 honeypot && \
|
|
adduser -D -s /bin/sh -u 1001 -G honeypot honeypot
|
|
|
|
# Install minimal dependencies
|
|
RUN apk --no-cache add ca-certificates sqlite
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy binary and set ownership
|
|
COPY --from=builder /app/honeypot .
|
|
COPY --from=builder /app/app/templates ./app/templates
|
|
RUN chown -R honeypot:honeypot /app
|
|
|
|
# Create restricted directories
|
|
RUN mkdir -p /app/data /app/logs && \
|
|
chown honeypot:honeypot /app/data /app/logs
|
|
|
|
# Switch to non-root user
|
|
USER honeypot
|
|
|
|
# Expose only necessary ports
|
|
EXPOSE 6333
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget --no-verbose --tries=1 --spider http://localhost:6333/ || exit 1
|
|
|
|
ENTRYPOINT ["./honeypot"]
|