From b5adf9dff58e19d8626b1342dc28bbd15d4546d5 Mon Sep 17 00:00:00 2001
From: Jose Carlos Luna <Jose.Carlos.Luna@cern.ch>
Date: Fri, 10 May 2024 19:10:48 +0200
Subject: [PATCH] Simplified example for docker compose inline

---
 docker-compose-inline.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/docker-compose-inline.yml b/docker-compose-inline.yml
index 92795a4..bb055f0 100644
--- a/docker-compose-inline.yml
+++ b/docker-compose-inline.yml
@@ -12,22 +12,22 @@ services:
           EXPOSE 80
           EXPOSE 53/tcp
           EXPOSE 53/udp
-          ENTRYPOINT ["./gocanary", "--enable-hardening=false", "--enable-https=true", "--autocert-domain=REPLACE_DOMAIN"]
-        #Or for cert.key and cert.pem
-        #ENTRYPOINT ["./gocanary", "--enable-hardening=false", "--enable-https=true"]
-      ports:
-        - "REPLACE_PUBLIC_IP:53:53/udp"
-        - "REPLACE_PUBLIC_IP:53:53/tcp"
-        - "REPLACE_PUBLIC_IP:443:443"
-        - "REPLACE_PUBLIC_IP:80:80"
+          ENTRYPOINT ["./gocanary", "--enable-hardening=false" ]
+      network_mode: "host" #no need to map ports, and bypass default docker firewall
       volumes:
         - ./canary.yaml:/canary/canary.yaml
         - ./config.yaml:/canary/config.yaml
+
         #For let's encrypt certificates
-        - ./cache:/canary/cache
+        #- ./cache:/canary/cache
         #Or use generated certs
         #- ./cert.key:/canary/cert.key
         #- ./cert.pem:/canary/cert.pem
+
+        #Map known certificates
+        #- /etc/ssl:/etc/ssl
+        #Or for redhat derivatives:
+        # - /etc/pki:/etc/pki
       container_name: gocanary
       restart: always
       logging:
-- 
GitLab