Closed dz0ny closed 6 years ago
Hmm I thought I commented on this before but not seeing it. I'm concerned with the hardcoded username and password. More than likely some one will try to use this in production with the defaults. I think you can use ENV variables
ENV is same as hardcoded value during build command(you can't control it). The better way IMHO is to use pwgen, that way password will be random on each build. And even if used in production, you won't have privilege escalation because container itself is sandboxed.
I like the pwgen Idea I've seen that with other containers and then you log
the random password so it is available through docker log
on startup
On Fri, May 30, 2014 at 11:59 PM, Janez Troha notifications@github.com wrote:
ENV is same as hardcoded value during build command(you can't control it). The better way IMHO is to use pwgen, that way password will be random on each build. And even if used in production, you won't have privilege escalation because container itself is sandboxed.
— Reply to this email directly or view it on GitHub https://github.com/kandanapp/kandan/pull/370#issuecomment-44719758.
Kev Zettler www.kevzettler.com
Nice! Only question: Anything keeping us from using 14.04 instead of 13.10? Just considering that the LTS is out, I think it might be best to utilize that.
It is not a better way than using external postgresql container that is packing postgresql and kandan into single container.
I've also tried to run kandan and hubot on docker and taking a way to link several container to work. https://github.com/miurahr/docker-kandan-hubot https://registry.hub.docker.com/u/miurahr/kandan-hubot/ Key component is a docker-compose.
It may help you getting ideas to improve 'the official' docker image.
I've added dockerfile which runs app in production mode and with PostgreSQL as db.