search

spurin / diveintoansible-lab

Dive Into Ansible Lab
850 stars 531 forks source link

Ports too exposed #134

Closed mvtab closed 1 month ago

mvtab commented 1 month ago

Hello,

I noticed you are exposing all ports on 0.0.0.0, by not mentioning an IP address. Would it not make more sense exposing all the services only on localhost?

/.env

# sshd ports
UBUNTUC_PORT_SSHD='127.0.0.1:2221'
UBUNTU1_PORT_SSHD='127.0.0.1:2222'
UBUNTU2_PORT_SSHD='127.0.0.1:2223'
UBUNTU3_PORT_SSHD='127.0.0.1:2224'
CENTOS1_PORT_SSHD='127.0.0.1:2225'
CENTOS2_PORT_SSHD='127.0.0.1:2226'
CENTOS3_PORT_SSHD='127.0.0.1:2227'

# ttyd (web terminal) ports
UBUNTUC_PORT_TTYD='127.0.0.1:7681'
UBUNTU1_PORT_TTYD='127.0.0.1:7682'
UBUNTU2_PORT_TTYD='127.0.0.1:7683'
UBUNTU3_PORT_TTYD='127.0.0.1:7684'
CENTOS1_PORT_TTYD='127.0.0.1:7685'
CENTOS2_PORT_TTYD='127.0.0.1:7686'
CENTOS3_PORT_TTYD='127.0.0.1:7687'

/docker-compose.yaml line 147

      - "127.0.0.1:1000:80"

I tested the setup with these values and it seems to be working.

spurin commented 1 month ago

Hi @mvtab

Thanks for your feedback on this.

Whilst the intention is to run the lab as you've done yourself, many opt to use the lab environment outside of their own systems.

The use of AWS or local lab environments are very common.

In these cases, the catch all address works well and for these reasons, I'll leave this as it is on the main repo 👍

mvtab commented 1 month ago

Ah, I did not consider that. Great courses, btw!

spurin commented 1 month ago

Thank you so much @mvtab and appreciate your understanding on this!

If it wasn't for this use case (and approx 25% of students doing as I mentioned), I'd have implemented this fix in a flash!

I may still use it for the Docker desktop extension version. I've not put that in the course yet as I'm trialing it but, if you wanted to try that out I think you'd enjoy it.

Essentially you'd need to remove the current lab, docker compose rm, then from docker desktop, in the extensions pane search for dive into ansible.

It's a really nice experience!

mvtab commented 1 month ago

Ah, let's say I'm not a big fan of docker. I was provisioning some on prem Kubernetes clusters with Ansible and your course on the subject really helped me get some progress in those small details that mean a lot in Ansible.