Open kousu opened 7 years ago
Agreed!
We should not have this type of configuration in the canonical docker-compose.yml configuration file. We only use this port binding for development, so we should add it in the docker-compose.override.yml file. For the development environment, I think that security is not a priority, we are using the development web server anyway, so we could use "8000:8000".
The port config syntax in docker-compose.yml defaults to opening on 0.0.0.0, i.e. any host can contact it directly, which is really really really silly considering how people think of docker as a protective environment.
I suggest this patch:
then you can stick a proper frontend with SSL like nginx or apache securely.