fix: Limit rails, postgres and redis container access to localhost (#3354)
This change limits the rails, redis and postgres container on `docker-compose.production.yaml` file to localhost only. The default docker-compose configuration will expose redis, postgres and rails directly to the internet when the service is started on a virtual machine. In most cases that is not what you want, and especially for redis and postgres exposing the services could be a potential security risk. By adding 127.0.0.1 access is limited to localhost and access is only possible after nginx oder another web server is configured as reverse proxy. Note: Moving forward, anyone using docker-compose.production.yaml need to have something like Nginxto proxy the requests to the container. If you want to verify whether the installation is working, try curl -I localhost:3000 to see if it returns 200. Also, you could temporarily drop the 127:0.0.1:3000:3000 for rails to 3000:3000 to access your instance at http://:3000. It's recommended to revert this change back and use Nginx in front. Approved-by: Vishnu Narayanan <vishnu@chatwoot.com>
This commit is contained in:
Jakob
GitHub
parent
a4c87f2052
commit
1dfa173b3a
|
|
@ -13,7 +13,7 @@ services:
|
|||
- postgres
|
||||
- redis
|
||||
ports:
|
||||
- 3000:3000
|
||||
- '127.0.0.1:3000:3000'
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- RAILS_ENV=production
|
||||
|
|
@ -36,7 +36,7 @@ services:
|
|||
image: postgres:12
|
||||
restart: always
|
||||
ports:
|
||||
- '5432:5432'
|
||||
- '127.0.0.1:5432:5432'
|
||||
volumes:
|
||||
- /data/postgres:/var/lib/postgresql/data
|
||||
environment:
|
||||
|
|
@ -53,4 +53,4 @@ services:
|
|||
volumes:
|
||||
- /data/redis:/data
|
||||
ports:
|
||||
- '6379:6379'
|
||||
- '127.0.0.1:6379:6379'
|
||||
|
|
|
|||
Loading…
Reference in a new issue