stevewm
Auth bypass
Hi,
I noticed that your service definition includes an auth bypass vulnerability. By exposing the backend service ports in your compose file it is possible to bypass the reverse proxy which in turn allows anyone to bypass the authentication layer you've set up. For example I assume you meant for radarr to only be available via radarr.example.org. However by default the service is also available via example.org:7878 without any authentication.
In this PR I've removed most of the port exposures except for tcp/32400 since plex uses their own authentication layer. While it can be routed through traefik it is not necessary. I'm not sure about the other ports but in my experience tcp/32400 is the only one needed for it to work. As far as my tests go this doesn't break any functionality of the app but I'm not running all of the services myself, so feel free to dive a little deeper :)
Cheers
