Merge pull request 'Security hardening: Don't expose unnecessary ports to the public' (#106) from samsapti/ansible:main into main

Reviewed-on: #106
This commit is contained in:
valberg 2022-11-10 19:19:00 +00:00
commit 57f05d7d81
6 changed files with 6 additions and 19 deletions

View file

@ -42,4 +42,4 @@
postfix: postfix:
external: true external: true
external_services: external_services:
external: true external: true

View file

@ -62,8 +62,6 @@
healthcheck: healthcheck:
# prettier-ignore # prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- '127.0.0.1:3000:3000'
depends_on: depends_on:
- db - db
- redis - redis
@ -115,4 +113,4 @@
postfix: postfix:
external: true external: true
internal_network: internal_network:
internal: true internal: true

View file

@ -87,8 +87,6 @@
networks: networks:
- matrix - matrix
- external_services - external_services
ports:
- 8008
volumes: volumes:
- "{{ matrix.volume_folder }}/data:/data" - "{{ matrix.volume_folder }}/data:/data"
environment: environment:
@ -107,8 +105,6 @@
networks: networks:
- matrix - matrix
- external_services - external_services
ports:
- 8080
volumes: volumes:
- "{{ riot.volume_folder }}/data:/data" - "{{ riot.volume_folder }}/data:/data"
environment: environment:

View file

@ -12,8 +12,6 @@
restart: unless-stopped restart: unless-stopped
user: $UID:$GID user: $UID:$GID
tty: true tty: true
ports:
- "8000:8000"
depends_on: depends_on:
- postgres - postgres
networks: networks:
@ -28,10 +26,11 @@
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend" EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}" EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
VIRTUAL_HOST: "{{ membersystem.domain }}" VIRTUAL_HOST: "{{ membersystem.domain }}"
VIRTUAL_PORT: "8000"
LETSENCRYPT_HOST: "{{ membersystem.domain }}" LETSENCRYPT_HOST: "{{ membersystem.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
ALLOWED_HOSTS: "member.data.coop" ALLOWED_HOSTS: "{{ membersystem.domain }}"
CSRF_TRUSTED_ORIGINS: "https://member.data.coop" CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
DJANGO_ADMINS: "{{ membersystem.django_admins }}" DJANGO_ADMINS: "{{ membersystem.django_admins }}"
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}" DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
labels: labels:
@ -41,8 +40,6 @@
image: postgres:13-alpine image: postgres:13-alpine
volumes: volumes:
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data" - "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
ports:
- 5432:5432
networks: networks:
- membersystem - membersystem
environment: environment:

View file

@ -15,8 +15,6 @@
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- "{{ portainer.volume_folder }}:/data" - "{{ portainer.volume_folder }}:/data"
published_ports:
- 9001:9000
env: env:
VIRTUAL_HOST: "{{ portainer.domain }}" VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_PORT: "9000" VIRTUAL_PORT: "9000"

View file

@ -41,8 +41,6 @@
rallly_internal: rallly_internal:
external_services: external_services:
postfix: postfix:
ports:
- "3001:3000"
depends_on: depends_on:
rallly_db: rallly_db:
condition: "service_healthy" condition: "service_healthy"
@ -50,7 +48,7 @@
- "{{ rallly.volume_folder }}/env_file" - "{{ rallly.volume_folder }}/env_file"
environment: environment:
VIRTUAL_HOST: "{{ rallly.domain }}" VIRTUAL_HOST: "{{ rallly.domain }}"
VIRTUAL_PORT: "3001" VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ rallly.domain }}" LETSENCRYPT_HOST: "{{ rallly.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels: