all-in-one icon indicating copy to clipboard operation
all-in-one copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

Implement internal mode

Open docjyJ opened this issue 7 months ago • 5 comments

It allows you not to expose AIO servers when you use reverse proxy attach in the docker aio network.

It is useful for filtered all AIO services access (with Forward Auth and Community Container). And it prevents the proxy from bypass.

Sample compose.yaml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 127.0.0.1:8080:8080
    environment:
      - APACHE_IP_BINDING=@INTERNAL
      - APACHE_PORT=80
    networks:
      - nextcloud-aio

  caddy:
    image: caddy:alpine
    restart: always
    container_name: caddy
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
    ports:
      - 80:80
      - 433:433
    networks:
      - nextcloud-aio

volumes:
 nextcloud_aio_mastercontainer:
   name: nextcloud_aio_mastercontainer

networks:
  nextcloud-aio:
    name: nextcloud-aio

I do not think that services exposed on the host is a real issue, but in terms of security and isolation it is an appropriate improvement.

docjyJ avatar Jun 29 '24 17:06 docjyJ