Merge pull request 'Security hardening: Don't expose unnecessary ports to the public' (#106) from samsapti/ansible:main into main
Reviewed-on: #106
This commit is contained in:
commit
57f05d7d81
|
@ -42,4 +42,4 @@
|
|||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
||||
external: true
|
||||
|
|
|
@ -62,8 +62,6 @@
|
|||
healthcheck:
|
||||
# prettier-ignore
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||
ports:
|
||||
- '127.0.0.1:3000:3000'
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
|
@ -115,4 +113,4 @@
|
|||
postfix:
|
||||
external: true
|
||||
internal_network:
|
||||
internal: true
|
||||
internal: true
|
||||
|
|
|
@ -87,8 +87,6 @@
|
|||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
ports:
|
||||
- 8008
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/data:/data"
|
||||
environment:
|
||||
|
@ -107,8 +105,6 @@
|
|||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
ports:
|
||||
- 8080
|
||||
volumes:
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
environment:
|
||||
|
|
|
@ -12,8 +12,6 @@
|
|||
restart: unless-stopped
|
||||
user: $UID:$GID
|
||||
tty: true
|
||||
ports:
|
||||
- "8000:8000"
|
||||
depends_on:
|
||||
- postgres
|
||||
networks:
|
||||
|
@ -28,10 +26,11 @@
|
|||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
||||
VIRTUAL_PORT: "8000"
|
||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
ALLOWED_HOSTS: "member.data.coop"
|
||||
CSRF_TRUSTED_ORIGINS: "https://member.data.coop"
|
||||
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
||||
labels:
|
||||
|
@ -41,8 +40,6 @@
|
|||
image: postgres:13-alpine
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
|
||||
ports:
|
||||
- 5432:5432
|
||||
networks:
|
||||
- membersystem
|
||||
environment:
|
||||
|
|
|
@ -15,8 +15,6 @@
|
|||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ portainer.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- 9001:9000
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
|
|
|
@ -41,8 +41,6 @@
|
|||
rallly_internal:
|
||||
external_services:
|
||||
postfix:
|
||||
ports:
|
||||
- "3001:3000"
|
||||
depends_on:
|
||||
rallly_db:
|
||||
condition: "service_healthy"
|
||||
|
@ -50,7 +48,7 @@
|
|||
- "{{ rallly.volume_folder }}/env_file"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ rallly.domain }}"
|
||||
VIRTUAL_PORT: "3001"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
|
|
Loading…
Reference in a new issue