Question regarding Docker container compatibility with read_only: true
I am in the process of deploying the Immich container and am looking to enhance security by running the container with a read-only root filesystem, using the read_only: true Docker option.
Before implementing this, I wanted to ask if this configuration is officially supported or tested. Specifically, I'm curious about:
1. Whether the core application can run correctly in this mode.
2. If there are specific paths that require write access (e.g., for temporary files, cache, or logs) that would need to be mounted as volumes or tmpfs when using read_only: true.
Any guidance or insights you could provide would be greatly appreciated!
This is a security feature and spell should be supported and documented
Thank you.
Before implementing this, I wanted to ask if this configuration is officially supported or tested. Specifically, I'm curious about:
1. Whether the core application can run correctly in this mode.
2. If there are specific paths that require write access (e.g., for temporary files, cache, or logs) that would need to be mounted as volumes or tmpfs when using read_only: true.
Any guidance or insights you could provide would be greatly appreciated!
This is a security feature and spell should be supported and documented
Thank you.
