search

inveniosoftware / cookiecutter-invenio-rdm

Cookiecutter template for a new InvenioRDM instance.
MIT License
4 stars 33 forks source link

Restricting open ports in docker-services.yml only to localhost #254

Open mesemus opened 1 year ago

mesemus commented 1 year ago

Is your feature request related to a problem? Please describe.

In repository development I use the provided docker-services.yml to start up support services. These by default bridge service ports to all interfaces which is a security risk.

Describe the solution you'd like

Prefix all bound ports with '127.0.0.1:' to bind them to localhost only. To disable this (if there is a use case for this), add an option to the cookiecutter (with the default set to localhost only).

Describe alternatives you've considered

Two service configs could be provided - one for secured development and one for the scenario in which the ports have to be exposed to the external world - but this would bring complexity to invenio-cli services (selector which one to use).

chriz-uniba commented 1 year ago

I agree - I already got warnings from our university-service that I exposed ports to the world while I was testing invenio...