Conversation
Explicitly state the dangers if a port mapping binds to all interfaces
github-actions
bot
added
the
area/compose
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Thanks for the pull request. We'd like to make our product docs better, but haven’t been able to review all the suggestions. If the updates are still relevant, review our contribution guidelines and rebase your pull request against the latest version of the docs, then mark it as fresh with a Prevent pull requests from auto-closing with a /lifecycle stale |
|
/remove-lifecycle stale |
aevesdocker
left a comment
aevesdocker
left a comment
There was a problem hiding this comment.
Thank you @chubi-x for the PR. This is documented elsewhere, but good idea to add at this point in the Compose docs too. I've made some style guide corrections and links to other useful information
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
❌ Deploy Preview for docsdocker failed. Why did it fail? →
|
|
@chubi-x could you rebase and then I can get this merged |
2 participants
Explicitly state the dangers if a port mapping binds to all interfaces
Description
We recently discovered that docker was bypassing our firewall rules when forwarding ports from a container using the standard
<host port>:<container port>syntax. What this meant was that the container was effectively visible to the entire internet. It was only after some digging did we discover that it is possible and even recommended to explicitly bind the host port to localhost so it doesn't accept connections from everywhere. This PR updates the docs to explicitly state the potential dangers of not specifying a localhost when exposing docker container ports.Reviews