diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile index 1393d07cf..8593264be 100644 --- a/compose/local/django/Dockerfile +++ b/compose/local/django/Dockerfile @@ -21,6 +21,8 @@ RUN apk --no-cache add build-base curl \ # Rust and Cargo required by the ``cryptography`` Python package && apk --no-cache add rust \ && apk --no-cache add cargo \ + # Nmap required by the ``python-nmap`` Python package. + && apk --no-cache add nmap \ && pip install --no-cache-dir -U setuptools pip COPY ./requirements /requirements diff --git a/compose/production/django/Dockerfile b/compose/production/django/Dockerfile index 1d3411b4a..bb06adbed 100644 --- a/compose/production/django/Dockerfile +++ b/compose/production/django/Dockerfile @@ -17,6 +17,8 @@ RUN apk --no-cache add build-base curl \ # Rust and Cargo required by the ``cryptography`` Python package && apk --no-cache add rust \ && apk --no-cache add cargo \ + # Nmap required by the ``python-nmap`` Python package. libcap used to set the capabilities of nmap so root is not required + && apk --no-cache add nmap libcap \ && addgroup -S django \ && adduser -S -G django django \ && pip install --no-cache-dir -U setuptools pip @@ -46,6 +48,11 @@ RUN sed -i 's/\r//' /start-queue \ && chmod +x /start-queue \ && chown django /start-queue +RUN chown django:django /usr/bin/nmap \ + && chmod 750 /usr/bin/nmap + +RUN setcap cap_net_raw,cap_net_bind_service+eip /usr/bin/nmap + COPY ./compose/production/django/seed_data /seed_data RUN sed -i 's/\r$//g' /seed_data \ diff --git a/production.yml b/production.yml index fb2a8e1d6..3d22459b3 100644 --- a/production.yml +++ b/production.yml @@ -53,6 +53,7 @@ services: - POSTGRES_USER=${POSTGRES_USER} - REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}/0 - WEB_CONCURRENCY=${DJANGO_WEB_CONCURRENCY} + - NMAP_PRIVILEGED="" healthcheck: test: curl --insecure --fail https://nginx/status/simple/ || exit 1 interval: ${HEALTHCHECK_INTERVAL}