Welcome to the Database repository! This repository was generated from a template to get you started quickly.
To get started with this project:
- Clone the repository:
git clone https://github.com/TheMaxiMousse/Database.git cd Database - Install any dependencies (if applicable).
- Follow the instructions in the relevant documentation or project files to start working.
The repository contains the following directories and files:
.devcontainer/- Development container configuration for VS Codedevcontainer.json- Dev container settingsDockerfile- Container image definition
.github/- GitHub-specific configurationsISSUE_TEMPLATE/- Issue templates (bug reports, feature requests)pull_request_template.md- Pull request templateworkflows/- GitHub Actions workflow files
.vscode/- VS Code workspace settings and tasks.dockerignore- Docker build exclusions.gitattributes- Git attributes configuration.gitignore- Git ignore patternsREADME.md- This file
- Initialized from a reusable template for quick setup.
- Pre-configured workflows for automation and CI/CD.
- Placeholder sections for documentation, testing, and development.
Check the project files and comments for guidance. You can expand this section as your project grows.
docker build -t my-database:latest .For maximum security in production, use the following Docker run flags:
docker run -d \
--name my-database \
-p 5432:5432 \
-e POSTGRES_PASSWORD=your_secure_password \
-e POSTGRES_DB=your_database \
-v /path/to/data:/var/lib/postgresql/data \
--cap-drop=ALL \
--cap-add=CHOWN \
--cap-add=SETUID \
--cap-add=SETGID \
--cap-add=DAC_OVERRIDE \
--security-opt no-new-privileges:true \
--read-only \
--tmpfs /tmp:rw,noexec,nosuid,size=100m \
--tmpfs /run:rw,noexec,nosuid,size=100m \
--tmpfs /run/postgresql:rw,noexec,nosuid,size=10m \
--memory=2g \
--cpus=2 \
--restart=unless-stopped \
my-database:latest--cap-drop=ALL --cap-add=...: Drop all capabilities, only add essential ones for PostgreSQL--security-opt no-new-privileges:true: Prevent privilege escalation--read-only: Make container filesystem read-only--tmpfs: Provide writable temporary filesystems for required directories--memory/--cpus: Resource limits to prevent DoS--restart=unless-stopped: Auto-restart on failure
POSTGRES_PASSWORD: Required - database superuser passwordPOSTGRES_USER: Optional - default ispostgresPOSTGRES_DB: Optional - default database namePOSTGRES_INITDB_ARGS: Optional - additional initdb arguments
version: "3.8"
services:
database:
build: .
image: my-database:latest
container_name: my-database
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- db-data:/var/lib/postgresql/data
ports:
- "5432:5432"
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp:rw,noexec,nosuid,size=100m
- /run:rw,noexec,nosuid,size=100m
- /run/postgresql:rw,noexec,nosuid,size=10m
deploy:
resources:
limits:
cpus: "2"
memory: 2G
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
volumes:
db-data:Contributions are welcome! Feel free to open issues, submit pull requests, or suggest improvements.
Specify your license here (if any). For example: MIT, Apache 2.0, etc.
Happy coding! 🎉