If the value is still passed as an environment variable in the end, it can be read via /proc/:pid/environ from another container or from the host if they are both using the same UID (or has --cap-add SYS_PTRACE)

If lenny-ui is already using a JSX based library (InfernoJS), why not use it? I can’t believe they construct HTML manually like that without a hint of escaping or stripping. Sure, many markdown renderers tell you to just slap it in __html or dangerouslySetInnerHtml but there are many that just parse the MD and let you render it with JSX!

I also can’t believe there’s no CSP that stopped this. Sure, it’s a pain in the ass to configure with a nonce but this is literally the kind of thing it’s made to block!

Thanks, good to know! I had no idea about the tags. Looks like there’s a lot more variables available.

I just reread the docs on the log drivers - they mentioned that as of docker 20.x local logs now work with all drivers as it buffers the logs locally as well. I think this is probably why I hadn’t explored the other drivers before - couldn’t use docker-compose logs.

The biggest footgun I encounter every time I set up a raspberry pi or other linux host for a side project is forgetting that Docker doesn’t do log rotation for containers’ logs by default, which results in the service going down and seeing a sweat inducing ENOSPC error when you ssh in to check it out.

You can configure this by creating /etc/docker/daemon.json and either setting up log rotation with log-opts or using the local logging driver (it defaults to json) if you’re not shipping container logs anywhere and just read the logs locally. The local driver compresses the logs and automatically does log rotation:

{
  "log-driver": "local",
  "log-opts": {
     "max-size": "10m",
     "max-file": "3"
  }
}

Protip: you can configure the default host bind IP via /etc/docker/daemon.json. You could for example set:

{
  "ip": "127.0.0.1"
}

which would result in -p "8080:8080" being equivalent to -p "127.0.0.1:8080:8080"