This repository was archived by the owner on Jan 13, 2025. It is now read-only.
DO NOT USE THIS DIRECTLY #1052
Description
There are volume mounts from your Windows user's directory to containers. Anyone cannot be sure that the code running in the container is not malicious and by mounting ~/.aspnet/https and ~/.microsoft/usersecrets you are giving access to your critical files. This is a critical security issue and you should change the following volume definitions in docker-compose.override.yaml
version: '3.4'
services:
eshopwebmvc:
environment:
- ASPNETCORE_ENVIRONMENT=Docker
- ASPNETCORE_URLS=http://+:8080
ports:
- "5106:8080"
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
eshoppublicapi:
environment:
- ASPNETCORE_ENVIRONMENT=Docker
- ASPNETCORE_URLS=http://+:8080
ports:
- "5200:8080"
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
A better version of the docker-compose.override.yaml is below which does not use bind mounts but volumes managed by Docker itself.
version: '3.4'
services:
eshopwebmvc:
environment:
- ASPNETCORE_ENVIRONMENT=Docker
- ASPNETCORE_URLS=http://+:8080
ports:
- "5106:8080"
volumes:
- aspnet-https:/root/.aspnet/https:ro
- microsoft-usersecrets:/root/.microsoft/usersecrets:roo
eshoppublicapi:
environment:
- ASPNETCORE_ENVIRONMENT=Docker
- ASPNETCORE_URLS=http://+:8080
ports:
- "5200:8080"
volumes:
- aspnet-https:/root/.aspnet/https:ro
- microsoft-usersecrets:/root/.microsoft/usersecrets:ro
volumes:
aspnet-https:
microsoft-usersecrets: