search

OneBusAway / onebusaway-docker

Docker configuration for the OneBusAway Application Modules (https://github.com/OneBusAway/onebusaway-application-modules)
Apache License 2.0
18 stars 32 forks source link

Issue #34 Enhance Docker Security and Best Practices #40

Closed myselfdeepdas closed 7 months ago

myselfdeepdas commented 7 months ago

This pull request introduces improvements to enhance the security and follow best practices when running Docker containers for the OBA server and the transit data bundler.

Changes Made:

  1. oba/Dockerfile:

    • Create a non-root user ('oba') for improved security.
    • Switch to the non-root user for subsequent Dockerfile steps.
    • Refactor the Dockerfile to align with Docker best practices.

  2. bundler/Dockerfile:

    • Create a non-root user ('oba') for enhanced security.
    • Switch to the non-root user for the remaining Dockerfile steps.
    • Adjust the Dockerfile according to best practices.

Context:

The changes aim to minimize the potential security risks associated with running containers as the root user. Following best practices, we've created a dedicated non-root user for the containers, reducing the attack surface and enhancing the overall security posture.

Please review and merge these changes to ensure a more secure and reliable deployment of the OBA server and the transit data bundler containers.

Thank you!

CLAassistant commented 7 months ago

CLA assistant check
All committers have signed the CLA.

myselfdeepdas commented 7 months ago

Check it out—I made some changes

aaronbrethorst commented 7 months ago

Superseded by #55