search

xirixiz / dsmr-reader-docker

DSMR Reader in Docker.
https://hub.docker.com/r/xirixiz/dsmr-reader-docker
112 stars 33 forks source link

Some observations on the docker implementation #330

Closed gctwnl closed 1 year ago

gctwnl commented 1 year ago

Request

Security improvements.

  1. The UID for the DSMR nginx is hardcoded 100. That means the process runs as a user which may clash with another (it usurps the permissions of that user, e.g. _apt on ubuntu). While it is containerised, it is less secure than running as some separate guaranteed non-privileged user. Having the container work well with --user (or docker compose user: setting) would be an improvement.
  2. The nginx config contains both conf.d and http.d of which only the latter is used
  3. The nginx config accepts TLS v1.1. Time to be more strict.

Additional information

No response

xirixiz commented 1 year ago

Hi, thanks for your remarks!

  1. The user/uid used for DSMR is by default app/803. This default can be modified: https://github.com/xirixiz/dsmr-reader-docker#settings
  2. Correct. This changed in the last release and will be fixed next release.
  3. I agree and will fix it in the next release.
xirixiz commented 1 year ago

Updated the main branch for 2 and 3.