From e021a7bd2084ffdb6fb41906055fa2160856a33c Mon Sep 17 00:00:00 2001 From: Homer Quan Date: Mon, 18 May 2026 13:40:20 -0400 Subject: [PATCH] Harden Docker distributed Erlang startup --- Dockerfile | 4 ++-- README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a050d12..4f154e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,7 +44,7 @@ COPY . . # Compile the application RUN mix compile -EXPOSE 50051 4369 9000-9010 +EXPOSE 50051 # Set the default command -CMD ["sh", "-c", "if [ -n \"$MN_NODE_NAME\" ]; then elixir --name $MN_NODE_NAME --cookie ${MN_COOKIE:-mirrorneuron} --erl \"-kernel inet_dist_listen_min 9000 inet_dist_listen_max 9010\" -S mix run --no-halt; else mix run --no-halt; fi"] +CMD ["sh", "-c", "if [ -n \"$MN_NODE_NAME\" ]; then if [ -z \"$MN_COOKIE\" ] || [ \"$MN_COOKIE\" = \"mirrorneuron\" ]; then echo \"MN_COOKIE must be set to a non-default secret when MN_NODE_NAME enables distributed Erlang\" >&2; exit 1; fi; exec elixir --name \"$MN_NODE_NAME\" --cookie \"$MN_COOKIE\" --erl \"-kernel inet_dist_listen_min 9000 inet_dist_listen_max 9010\" -S mix run --no-halt; else exec mix run --no-halt; fi"] diff --git a/README.md b/README.md index 2569174..ebf4605 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ Runtime configuration is read from environment variables in `config/runtime.exs` | Variable | Default | Description | |---|---|---| | `MN_ENV` | `dev` | Runtime environment. Must be `dev`, `test`, or `prod`. | -| `MN_COOKIE` | `mirrorneuron` | Erlang distribution cookie. | +| `MN_COOKIE` | `mirrorneuron` in local development | Erlang distribution cookie. Set a strong, non-default value before enabling distributed Erlang with `MN_NODE_NAME` or running in production. | | `MN_NODE_NAME` | Not set by config | Erlang node name used by release/cluster scripts. | | `MN_CLUSTER_NODES` | Empty | Comma-separated Erlang node names for cluster discovery. | | `MN_RELIABILITY_STRATEGY` | `auto` | Conservative runtime strategy resolver for new jobs. |