From 767b321f6004c0323ee4bab6f23983b4b961f177 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 1 Oct 2017 11:36:30 +0300 Subject: [PATCH] Do not mount certain Docker volumes as read-write unnecessarily --- .../templates/systemd/matrix-nginx-proxy.service.j2 | 4 ++-- .../templates/systemd/matrix-riot-web.service.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 index 975b6edb..384a834c 100644 --- a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 @@ -16,8 +16,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \ -p 443:443 \ --link matrix-synapse:synapse \ --link matrix-riot-web:riot \ - -v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d \ - -v {{ matrix_ssl_certs_path }}:{{ matrix_ssl_certs_path }} \ + -v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \ + -v {{ matrix_ssl_certs_path }}:{{ matrix_ssl_certs_path }}:ro \ {{ docker_nginx_image }} ExecStop=-/usr/bin/docker kill matrix-nginx-proxy ExecStop=-/usr/bin/docker rm matrix-nginx-proxy diff --git a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 index 510ba10d..7cc17c9f 100644 --- a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 @@ -8,7 +8,7 @@ Type=simple ExecStartPre=-/usr/bin/docker kill matrix-riot-web ExecStartPre=-/usr/bin/docker rm matrix-riot-web ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ - -v {{ matrix_nginx_riot_web_data_path }}:/data \ + -v {{ matrix_nginx_riot_web_data_path }}:/data:ro \ {% if not matrix_nginx_proxy_enabled %} -p 127.0.0.1:8765:8765 \ {% endif %}