pycm1k/vm-mts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
vm-mts/telemt/old.yaml
pycm1k 7386f677f4 commit 20260430
2026-04-30 23:30:50 +04:00

89 lines
2.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

services:
telemt:
image: whn0thacked/telemt-docker:latest
container_name: telemt
restart: unless-stopped
# ---------------------------------------------------------------
# Root user requirement for binding privileged ports (<1024)
# The default image runs as 'nonroot' to minimize attack vectors.
# Uncomment the line below to run as root ONLY if you need to bind
# to port 443 and encounter 'os error 13'.
# ---------------------------------------------------------------
# user: "root"
# Telemt uses RUST_LOG for verbosity (optional)
environment:
RUST_LOG: "info"
# ---------------------------------------------------------------
# API Configuration writes (Atomic Config Save)
# The API performs atomic writes (creates a .tmp file and renames it).
# To allow the API to save changes to the config, we MUST mount the
# ENTIRE directory (not just the file) and ensure it is writable.
# We override the default command to point to the mounted file.
# ---------------------------------------------------------------
command: ["/etc/telemt/telemt.toml"]
volumes:
- ./telemt-config:/etc/telemt
# ---------------------------------------------------------------
# Host network mode: the container uses the host's network stack
# directly. The "ports" section is IGNORED in this mode — Telemt
# binds to host ports as specified in telemt.toml.
#
# To use Docker-managed port mapping instead, comment out
# "network_mode: host" and uncomment the "ports" section below.
# ---------------------------------------------------------------
#network_mode: host
ports:
- "9443:443/tcp"
# # If you enable metrics_port=9090 in config:
- "127.0.0.1:9090:9090/tcp"
# Hardening
# ---------------------------------------------------------------
# ⚠️ If you uncommented `user: "root"` above to bind to port 443,
# you MUST comment out the two lines below, as they prevent
# gaining the necessary privileges for binding restricted ports.
# ---------------------------------------------------------------
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
read_only: true
tmpfs:
- /tmp:rw,nosuid,nodev,noexec,size=16m
# Resource limits (optional)
deploy:
resources:
limits:
cpus: "0.50"
memory: 256M
reservations:
cpus: "0.25"
memory: 128M
# File descriptor limits (critical for a high-load server!)
ulimits:
nofile:
soft: 65536
hard: 65536
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
overlay_net: # Изменено: в старой версии используется дефис, а не прямой ключ
networks:
overlay_net:
external: true
Reference in New Issue View Git Blame Copy Permalink