version: '2.3' volumes: data: key: services: onion: build: . image: fphammerle/onion-service volumes: - type: volume source: data target: /var/lib/tor - type: volume source: key target: /onion-service - type: tmpfs target: /tmp # torrc # nosuid,nodev,noexec added by default tmpfs: {size: 4k} read_only: yes environment: VIRTUAL_PORT: 80 TARGET: 1.1.1.1:80 #NON_ANONYMOUS_SINGLE_HOP_MODE: 1 cap_drop: [ALL] security_opt: [no-new-privileges] cpus: 0.5 mem_limit: 128m restart: unless-stopped # https://docs.docker.com/compose/compose-file/compose-file-v2/