data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

Security hardening: Don't expose unnecessary ports to the public #106

Merged
valberg merged 1 commit from :main into main 2022-11-10 19:19:00 +00:00
Conversation 0 Commits 1 Files changed 6 +6 -19
samsapti commented 2022-11-10 18:36:34 +00:00
Owner
Copy link

Fixed the following:

  • Containers that have VIRTUAL_PORT=x don't need to publish port x, since they're on the same Docker-network external_services as nginx
  • Corrected some VIRTUAL_PORT values
  • Membersystem now uses {{ membersystem.domain }} for some env vars instead of hard coded domain name
  • Membersystem's Postgres doesn't need to expose its port since both it and the Membersystem container are on network membersystem
Fixed the following: - Containers that have `VIRTUAL_PORT=x` don't need to publish port `x`, since they're on the same Docker-network `external_services` as nginx - Corrected some `VIRTUAL_PORT` values - Membersystem now uses `{{ membersystem.domain }}` for some env vars instead of hard coded domain name - Membersystem's Postgres doesn't need to expose its port since both it and the Membersystem container are on network `membersystem`
❤️ 1
samsapti added 1 commit 2022-11-10 18:36:34 +00:00
valberg merged commit 57f05d7d81 into main 2022-11-10 19:19:00 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
Blocked

Something is blocking progress

  
Existing Service

Issues/improvements regarding existing services

  
Infrastructure Issue

Infrastructure issue that needs investigation or time to fix

  
Refactor

Refactoring of files / file structure or other improvements

  
Security Hardening

Non-verified / non-critical security improvements

  
Security Issue

Urgent security issue that needs to be fixed ASAP

  
Service Idea

Ideas for new services

  
Service Removal

Removal of services for one reason or another

  
Upgrade service
No labels
Blocked
Existing Service
Infrastructure Issue
Refactor
Security Hardening
Security Issue
Service Idea
Service Removal
Upgrade service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: data.coop/ansible#106
No description provided.
Delete branch ":main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?