Homas / ioc2rpz

ioc2rpz is a place where threat intelligence meets DNS.
Apache License 2.0
106 stars 17 forks source link

Hide the REST API port #43

Closed dmgeurts closed 2 years ago

dmgeurts commented 2 years ago

Thank you for a great piece of software.

Revisiting the IOC2RPZ server I built last year I'm now wondering if port 8443 can be bound to localhost or a specific IP address instead of binding to any available IP addresses. I'm running IOC2RPZ.gui on the same server so have no need to expose the REST API interface outside of the server.

I think the docker run command can be changed to add an IP address like so: -p 172.17.0.1:8443:8443 when creating the image. Not wanting to recreate the image I tried editing the hostconfig.json but the IP address is removed from there when the image is restarted after the edit. This link mentions that config.v2.json should also be modified but there are no mappings listed under Ports.

config.v2.json:

[...]
"Ports":null,
[...]

Any suggestions?

In fact, I'd like to hide the GUI (TCP:443) behind a reverse proxy too so I can enable LDAP auth for the interface. Thus I need to stop IOC2RPZ.gui from listening on all interfaces. And I have the same issue there.

dmgeurts commented 2 years ago

Ah, found the solution:

  1. docker stop ioc2rpx.gui
  2. edit the hostconfig.json file for this image
  3. restart docker: systemctl restart docker.service

The point is NOT to start the image after editing the hostconfig.json file, but to restart docker instead.