fix: Limit rails, postgres and redis container access to localhost (#3354)

This change limits the rails, redis and postgres container on `docker-compose.production.yaml` file to localhost only. The default docker-compose configuration will expose redis, postgres and rails directly to the internet when the service is started on a virtual machine. In most cases that is not what you want, and especially for redis and postgres exposing the services could be a potential security risk. By adding 127.0.0.1 access is limited to localhost and access is only possible after nginx oder another web server is configured as reverse proxy. Note: Moving forward, anyone using docker-compose.production.yaml need to have something like Nginxto proxy the requests to the container. If you want to verify whether the installation is working, try curl -I localhost:3000 to see if it returns 200. Also, you could temporarily drop the 127:0.0.1:3000:3000 for rails to 3000:3000 to access your instance at http://:3000. It's recommended to revert this change back and use Nginx in front. Approved-by: Vishnu Narayanan <vishnu@chatwoot.com>
2021-11-11 10:13:25 +01:00 · 2021-11-11 10:13:25 +01:00 · 1dfa173b3a
commit 1dfa173b3a
parent a4c87f2052
1 changed files with 3 additions and 3 deletions
--- a/docker-compose.production.yaml
+++ b/docker-compose.production.yaml
@ -13,7 +13,7 @@ services:
      - postgres
      - redis
    ports:
-      - 3000:3000
+      - '127.0.0.1:3000:3000'
    environment:
      - NODE_ENV=production
      - RAILS_ENV=production
@ -36,7 +36,7 @@ services:
    image: postgres:12
    restart: always
    ports:
-      - '5432:5432'
+      - '127.0.0.1:5432:5432'
    volumes:
      - /data/postgres:/var/lib/postgresql/data
    environment:
@ -53,4 +53,4 @@ services:
    volumes:
      - /data/redis:/data
    ports:
-      - '6379:6379'
+      - '127.0.0.1:6379:6379'