msftclas
commented
6 years ago
All CLA requirements met.
Closed grooverdan closed 6 years ago
msftclas
commented
6 years ago
All CLA requirements met.
jeffmcaffer
commented
6 years ago Thanks @grooverdan . I'm not at all a Docker expert. I do wonder about hiding the rabbit and dashboard ports. For the dashboard, how would a user connect their browser? For rabbit, it is often convenient to connect directly to the service for monitoring and admin.
grooverdan
commented
6 years ago I agree they are useful. A person installing it should know they are there before exposing them however. By default Docker goes as far as to manipulate the iptables rules to the world (which I didn't have enough docker knowledge of) with default credentials.
I access them using ssh port forwarding. For the dashboard I might put it behind a reverse proxy with authentication eventually.
Alternately for rabbitmq, embed some non-default credentials in the docker-compose.yml file. https://github.com/docker-library/docs/tree/master/rabbitmq#setting-default-user-and-password
jeffmcaffer
commented
6 years ago @iamwillbar any thoughts on this?
iamwillbar
commented
6 years ago Seems reasonable these configs were meant as a "quick start" for development so erring towards secure by default is a good idea.
jeffmcaffer
commented
6 years ago @geneh can you merge this one and #136 at your earliest convenience? I saw you doing some other things in this space and did not want to disrupt.
this is on top of the volumes commit as there's a lot of fuzz otherwise.
Basicly using expose as a directive to share ports in the same docker-compose grou.
127.0.0.1 for other service. I included mongo db here as the data is being gathered for another service (Measure).