[SECURITY] Stop publishing ports #116

gander · 2023-12-06T13:18:45Z

Use the --publish or -p flag to make a port available to services outside of Docker. This creates a firewall rule in the host, mapping a container port to a port on the Docker host to the outside world.
Publishing container ports is insecure by default. Meaning, when you publish a container's ports it becomes available not only to the Docker host, but to the outside world as well.
If you include the localhost IP address (127.0.0.1) with the publish flag, only the Docker host can access the published container port.

services:
  # ...

  buggregator:
    image: ghcr.io/buggregator/server:dev
    ports:
      - 127.0.0.1:8000:8000
      - 127.0.0.1:1025:1025
      - 127.0.0.1:9912:9912
      - 127.0.0.1:9913:9913

The text was updated successfully, but these errors were encountered:

butschster · 2023-12-08T06:33:25Z

Thx for advice!

butschster self-assigned this Dec 8, 2023

butschster added the documentation Improvements or additions to documentation label Dec 8, 2023

butschster added this to the 1.0 milestone Dec 8, 2023

butschster mentioned this issue Dec 8, 2023

Updated docs buggregator/docs#5

Merged

butschster closed this as completed Dec 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SECURITY] Stop publishing ports #116

[SECURITY] Stop publishing ports #116

gander commented Dec 6, 2023

butschster commented Dec 8, 2023

[SECURITY] Stop publishing ports #116

[SECURITY] Stop publishing ports #116

Comments

gander commented Dec 6, 2023

butschster commented Dec 8, 2023