rengine icon indicating copy to clipboard operation
rengine copied to clipboard

Published 20 hours ago verified publisher icon yogeshojha

not exposing unecessary containers publicly

Open noraj opened this issue 4 years ago • 1 comments

postgres and the internal container shouldn't be exposed publicly, only the reverse proxy should.

noraj avatar Oct 03 '21 21:10 noraj

I can still see the ports being exposed. I think it is better to remove ports at all for db right?

Yes you can on 127.0.0.1:8000 but it will not be exposed on all interfaces (0.0.0.0) as by default, this is especially important on VPS.

With reNgine being exposed only on localhost, it doesn't change anything for people having it installed on their machine, and for people installing it on a VPS they can expose it via a SSH tunnel or setup a reverse-proxy with client certificate authentication rather than having it exposed directly over internet.

noraj avatar May 30 '22 21:05 noraj

What do we do with this PR?

AnonymousWP avatar Nov 21 '23 14:11 AnonymousWP

We could restrict port to 127.0.0.1 only

psyray avatar Nov 23 '23 20:11 psyray

We could restrict port to 127.0.0.1 only

What do you mean? That's happening with this PR.

AnonymousWP avatar Nov 23 '23 21:11 AnonymousWP

We could restrict port to 127.0.0.1 only

What do you mean? That's happening with this PR.

I mean, go merging this one

psyray avatar Nov 24 '23 00:11 psyray

This needs 2 more approvals before I can merge though. :)

AnonymousWP avatar Nov 24 '23 00:11 AnonymousWP

What about https://github.com/yogeshojha/rengine/blob/master/docker-compose.dev.yml btw? Doesn't it need to be applied there?

AnonymousWP avatar Dec 17 '23 14:12 AnonymousWP