Fonts, Docker fixes
This commit is contained in:
+4
-2
@@ -7,7 +7,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN cargo build --release
|
RUN cargo build --release && \
|
||||||
|
cp target/release/rss-reader /usr/local/bin/rss-reader && \
|
||||||
|
rm -rf target
|
||||||
|
|
||||||
# --- runtime ---
|
# --- runtime ---
|
||||||
FROM debian:bookworm-slim
|
FROM debian:bookworm-slim
|
||||||
@@ -16,7 +18,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|||||||
libpq5 ca-certificates \
|
libpq5 ca-certificates \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
COPY --from=builder /app/target/release/rss-reader /usr/local/bin/rss-reader
|
COPY --from=builder /usr/local/bin/rss-reader /usr/local/bin/rss-reader
|
||||||
|
|
||||||
EXPOSE 8001
|
EXPOSE 8001
|
||||||
CMD ["rss-reader"]
|
CMD ["rss-reader"]
|
||||||
|
|||||||
@@ -169,8 +169,13 @@ docker compose logs -f backend # follow backend logs
|
|||||||
docker compose down # stop everything (keeps the postgres_data volume)
|
docker compose down # stop everything (keeps the postgres_data volume)
|
||||||
docker compose down -v # stop and wipe all data — careful!
|
docker compose down -v # stop and wipe all data — careful!
|
||||||
docker compose up --build -d # rebuild after pulling code changes
|
docker compose up --build -d # rebuild after pulling code changes
|
||||||
|
docker builder prune -af && docker image prune -af # reclaim disk used by old build layers/images
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> Each `docker compose up --build` leaves the previous build's cache layers and images
|
||||||
|
> behind, which adds up quickly given how much disk `cargo build` needs. Run the prune
|
||||||
|
> command above after each rebuild (or on a cron job) to reclaim that space.
|
||||||
|
|
||||||
### Optional: hardened deployment — isolated user + rootless Docker
|
### Optional: hardened deployment — isolated user + rootless Docker
|
||||||
|
|
||||||
Anyone who can run `docker` commands effectively has root on the host (container volume mounts can reach the whole filesystem) — being in the `docker` group is root-equivalent. For a production server, it's worth confining this stack to a dedicated, unprivileged system user running its own **rootless Docker** daemon, instead of using a system-wide install or adding the user to the `docker` group.
|
Anyone who can run `docker` commands effectively has root on the host (container volume mounts can reach the whole filesystem) — being in the `docker` group is root-equivalent. For a production server, it's worth confining this stack to a dedicated, unprivileged system user running its own **rootless Docker** daemon, instead of using a system-wide install or adding the user to the `docker` group.
|
||||||
@@ -292,6 +297,7 @@ Fill in `.env` with strong, unique secrets — `openssl rand -hex 32` is a conve
|
|||||||
|
|
||||||
```sh
|
```sh
|
||||||
docker compose up --build -d
|
docker compose up --build -d
|
||||||
|
docker builder prune -af && docker image prune -af # reclaim disk used by old build layers/images
|
||||||
```
|
```
|
||||||
|
|
||||||
**6. Firewall** (run as your normal sudo-capable user — not `rss-svc`):
|
**6. Firewall** (run as your normal sudo-capable user — not `rss-svc`):
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ a,
|
|||||||
|
|
||||||
.feed-title {
|
.feed-title {
|
||||||
cursor: pointer;
|
cursor: pointer;
|
||||||
font-family: 'Courier New';
|
font-family: Glook, 'Courier New';
|
||||||
font-size: clamp(1.25rem, 4.5vw, 1.6rem);
|
font-size: clamp(1.25rem, 4.5vw, 1.6rem);
|
||||||
font-weight: bold;
|
font-weight: bold;
|
||||||
color: var(--color-accent-2);
|
color: var(--color-accent-2);
|
||||||
@@ -83,7 +83,7 @@ a,
|
|||||||
}
|
}
|
||||||
|
|
||||||
.feed-content {
|
.feed-content {
|
||||||
font-family: Georgia, 'Times New Roman', Times, serif;
|
font-family: Merriweather, Georgia, 'Times New Roman', Times, serif;
|
||||||
font-size: clamp(1rem, 3.5vw, 1.25rem);
|
font-size: clamp(1rem, 3.5vw, 1.25rem);
|
||||||
padding: 0 1em 1em;
|
padding: 0 1em 1em;
|
||||||
overflow-wrap: break-word;
|
overflow-wrap: break-word;
|
||||||
|
|||||||
Reference in New Issue
Block a user