search

buggregator / server

Buggregator is a lightweight, standalone server that offers a range of debugging features for PHP applications.
https://buggregator.dev/
Other
648 stars 23 forks source link

[SECURITY] Stop publishing ports #116

Closed gander closed 9 months ago

gander commented 9 months ago

Use the --publish or -p flag to make a port available to services outside of Docker. This creates a firewall rule in the host, mapping a container port to a port on the Docker host to the outside world. Publishing container ports is insecure by default. Meaning, when you publish a container's ports it becomes available not only to the Docker host, but to the outside world as well. If you include the localhost IP address (127.0.0.1) with the publish flag, only the Docker host can access the published container port.

services:
  # ...

  buggregator:
    image: ghcr.io/buggregator/server:dev
    ports:
      - 127.0.0.1:8000:8000
      - 127.0.0.1:1025:1025
      - 127.0.0.1:9912:9912
      - 127.0.0.1:9913:9913
butschster commented 9 months ago

Thx for advice!