Chatwoot/docker-compose.production.yaml
Jakob 1dfa173b3a
fix: Limit rails, postgres and redis container access to localhost (#3354)
This change limits the rails, redis and postgres container on `docker-compose.production.yaml` file to localhost only. 

The default docker-compose configuration will expose redis, postgres and rails directly to the internet when the service is started on a virtual machine.

In most cases that is not what you want, and especially for redis and postgres exposing the services could be a potential security risk. By adding 127.0.0.1 access is limited to localhost and access is only possible after nginx oder another web server is configured as reverse proxy.

Note: Moving forward, anyone using docker-compose.production.yaml need to have something like Nginxto proxy the requests to the container.

If you want to verify whether the installation is working, try curl -I localhost:3000 to see if it returns 200. Also, you could temporarily drop the 127:0.0.1:3000:3000 for rails to 3000:3000 to access your instance at http://:3000. It's recommended to revert this change back and use Nginx in front.

Approved-by: Vishnu Narayanan <vishnu@chatwoot.com>
2021-11-11 14:43:25 +05:30

56 lines
1.3 KiB
YAML

version: '3'
services:
base: &base
image: chatwoot/chatwoot:latest
env_file: .env ## Change this file for customized env variables
volumes:
- /data/storage:/app/storage
rails:
<<: *base
depends_on:
- postgres
- redis
ports:
- '127.0.0.1:3000:3000'
environment:
- NODE_ENV=production
- RAILS_ENV=production
- INSTALLATION_ENV=docker
entrypoint: docker/entrypoints/rails.sh
command: ['bundle', 'exec', 'rails', 's', '-p', '3000', '-b', '0.0.0.0']
sidekiq:
<<: *base
depends_on:
- postgres
- redis
environment:
- NODE_ENV=production
- RAILS_ENV=production
- INSTALLATION_ENV=docker
command: ['bundle', 'exec', 'sidekiq', '-C', 'config/sidekiq.yml']
postgres:
image: postgres:12
restart: always
ports:
- '127.0.0.1:5432:5432'
volumes:
- /data/postgres:/var/lib/postgresql/data
environment:
- POSTGRES_DB=chatwoot
- POSTGRES_USER=postgres
# Please provide your own password.
- POSTGRES_PASSWORD=
redis:
image: redis:alpine
restart: always
command: ["sh", "-c", "redis-server --requirepass \"$REDIS_PASSWORD\""]
env_file: .env
volumes:
- /data/redis:/data
ports:
- '127.0.0.1:6379:6379'