Promiscuous port config

savoirfairelinux / sous-chef

Sous-Chef is a web application to help organizations to plan and deliver meals, and to manage clients files.

GNU Affero General Public License v3.0

67 stars 45 forks source link

Promiscuous port config #761

Open kousu opened 7 years ago

kousu commented 7 years ago

The port config syntax in docker-compose.yml defaults to opening on 0.0.0.0, i.e. any host can contact it directly, which is really really really silly considering how people think of docker as a protective environment.

I suggest this patch:

  ports:
-   - "8000:8000"
+   - "127.0.0.1:8000:8000"

then you can stick a proper frontend with SSL like nginx or apache securely.

lingxiaoyang commented 7 years ago

Agreed!

erozqba commented 7 years ago

We should not have this type of configuration in the canonical docker-compose.yml configuration file. We only use this port binding for development, so we should add it in the docker-compose.override.yml file. For the development environment, I think that security is not a priority, we are using the development web server anyway, so we could use "8000:8000".