You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
check if git hooks can run arbitrary code on push, in the way they're configured by dokku; in other words, can you inject code via git hooks
dokku allows nginx config to be customized; while we don't use that config as we just auto-configure nginx on the swarm, can the nginx config customization feature be used to attack the deployer? perhaps by hijacking port 5000
in any case, better to disallow it
customize the default dokku CHECK so that it ensures what you're pushing is an addon
limit size of docker images and containers
harder than it initially looks cause this is no longe rsupported on the default storage driver (overlayfs) unless you're running xfs underneath
nginx: short timeouts, 5-10 seconds
firewall: only expose 80 (or 443) from the swarm, only 22 from the deployer
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: