Security hardening: Don't expose unnecessary ports to the public #106

Merged
valberg merged 1 commit from :main into main 2022-11-10 19:19:00 +00:00
6 changed files with 6 additions and 19 deletions

View file

@ -42,4 +42,4 @@
postfix:
external: true
external_services:
external: true
external: true

View file

@ -62,8 +62,6 @@
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- '127.0.0.1:3000:3000'
depends_on:
- db
- redis
@ -115,4 +113,4 @@
postfix:
external: true
internal_network:
internal: true
internal: true

View file

@ -87,8 +87,6 @@
networks:
- matrix
- external_services
ports:
- 8008
volumes:
- "{{ matrix.volume_folder }}/data:/data"
environment:
@ -107,8 +105,6 @@
networks:
- matrix
- external_services
ports:
- 8080
volumes:
- "{{ riot.volume_folder }}/data:/data"
environment:

View file

@ -12,8 +12,6 @@
restart: unless-stopped
user: $UID:$GID
tty: true
ports:
- "8000:8000"
depends_on:
- postgres
networks:
@ -28,10 +26,11 @@
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
VIRTUAL_HOST: "{{ membersystem.domain }}"
VIRTUAL_PORT: "8000"
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
ALLOWED_HOSTS: "member.data.coop"
CSRF_TRUSTED_ORIGINS: "https://member.data.coop"
ALLOWED_HOSTS: "{{ membersystem.domain }}"
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
labels:
@ -41,8 +40,6 @@
image: postgres:13-alpine
volumes:
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
ports:
- 5432:5432
networks:
- membersystem
environment:

View file

@ -15,8 +15,6 @@
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{ portainer.volume_folder }}:/data"
published_ports:
- 9001:9000
env:
VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_PORT: "9000"

View file

@ -41,8 +41,6 @@
rallly_internal:
external_services:
postfix:
ports:
- "3001:3000"
depends_on:
rallly_db:
condition: "service_healthy"
@ -50,7 +48,7 @@
- "{{ rallly.volume_folder }}/env_file"
environment:
VIRTUAL_HOST: "{{ rallly.domain }}"
VIRTUAL_PORT: "3001"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ rallly.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: