Merge pull request 'Security hardening: Don't expose unnecessary ports to the public' (#106) from samsapti/ansible:main into main
Reviewed-on: #106
This commit is contained in:
commit
57f05d7d81
|
@ -42,4 +42,4 @@
|
||||||
postfix:
|
postfix:
|
||||||
external: true
|
external: true
|
||||||
external_services:
|
external_services:
|
||||||
external: true
|
external: true
|
||||||
|
|
|
@ -62,8 +62,6 @@
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# prettier-ignore
|
# prettier-ignore
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
ports:
|
|
||||||
- '127.0.0.1:3000:3000'
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
|
@ -115,4 +113,4 @@
|
||||||
postfix:
|
postfix:
|
||||||
external: true
|
external: true
|
||||||
internal_network:
|
internal_network:
|
||||||
internal: true
|
internal: true
|
||||||
|
|
|
@ -87,8 +87,6 @@
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
- external_services
|
- external_services
|
||||||
ports:
|
|
||||||
- 8008
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ matrix.volume_folder }}/data:/data"
|
- "{{ matrix.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
|
@ -107,8 +105,6 @@
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
- external_services
|
- external_services
|
||||||
ports:
|
|
||||||
- 8080
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ riot.volume_folder }}/data:/data"
|
- "{{ riot.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -12,8 +12,6 @@
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
user: $UID:$GID
|
user: $UID:$GID
|
||||||
tty: true
|
tty: true
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
networks:
|
networks:
|
||||||
|
@ -28,10 +26,11 @@
|
||||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
||||||
|
VIRTUAL_PORT: "8000"
|
||||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
ALLOWED_HOSTS: "member.data.coop"
|
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
||||||
CSRF_TRUSTED_ORIGINS: "https://member.data.coop"
|
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
||||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
||||||
labels:
|
labels:
|
||||||
|
@ -41,8 +40,6 @@
|
||||||
image: postgres:13-alpine
|
image: postgres:13-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
|
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
|
||||||
ports:
|
|
||||||
- 5432:5432
|
|
||||||
networks:
|
networks:
|
||||||
- membersystem
|
- membersystem
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- "{{ portainer.volume_folder }}:/data"
|
- "{{ portainer.volume_folder }}:/data"
|
||||||
published_ports:
|
|
||||||
- 9001:9000
|
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||||
VIRTUAL_PORT: "9000"
|
VIRTUAL_PORT: "9000"
|
||||||
|
|
|
@ -41,8 +41,6 @@
|
||||||
rallly_internal:
|
rallly_internal:
|
||||||
external_services:
|
external_services:
|
||||||
postfix:
|
postfix:
|
||||||
ports:
|
|
||||||
- "3001:3000"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
rallly_db:
|
rallly_db:
|
||||||
condition: "service_healthy"
|
condition: "service_healthy"
|
||||||
|
@ -50,7 +48,7 @@
|
||||||
- "{{ rallly.volume_folder }}/env_file"
|
- "{{ rallly.volume_folder }}/env_file"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ rallly.domain }}"
|
VIRTUAL_HOST: "{{ rallly.domain }}"
|
||||||
VIRTUAL_PORT: "3001"
|
VIRTUAL_PORT: "3000"
|
||||||
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
|
|
Loading…
Reference in a new issue