fix: Kuma import tokens/paused, Docker hardening, migrate-secrets idempotency
1. Kuma import now maps push monitor tokens (generates crypto/rand token) and paused state (Active=false → Paused=true). Previously push monitors imported with empty token sat DOWN forever, and paused Kuma monitors came in unpaused and started alerting. 2. Dockerfile adds HEALTHCHECK against /api/health on port 8080. Container orchestrators can now detect unhealthy instances. 3. migrate-secrets sets the encryptor before loading alerts, so already-encrypted settings are decrypted correctly on second run instead of failing with a JSON unmarshal error. 4. docker-compose.yml adds container hardening: read_only filesystem, cap_drop ALL, no-new-privileges, tmpfs for /tmp.
This commit was merged in pull request #116.
This commit is contained in:
@@ -5,6 +5,13 @@ services:
|
||||
dockerfile: Dockerfile
|
||||
container_name: uptop
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
cap_drop:
|
||||
- ALL
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
tmpfs:
|
||||
- /tmp
|
||||
ports:
|
||||
- "23234:23234"
|
||||
- "8080:8080"
|
||||
|
||||
Reference in New Issue
Block a user