Self hosting port exposure #300
Description
I've made the following modifications to decrease the potential exposure of services during self hosting.
I'd like to know if there's any reason not to apply them (side effects I didn't realize), and whether we should PR them in.
In .env, I do not want the 3001 and 3002 exposed to any interface except for my reverse proxy on the host:
# Before:
HOST_BACKEND_PORT="3001:3001"
HOST_CLIENT_PORT="3002:3002"
# After:
HOST_BACKEND_PORT="127.0.0.1:3001:3001"
HOST_CLIENT_PORT="127.0.0.1:3002:3002"Likewise, I do not want clickhouse exposed outside of the private/internal docker network, so I've removed their exposed ports.
$ git diff docker-compose.yml
diff --git a/docker-compose.yml b/docker-compose.yml
index d1d4029..963043b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -22,9 +22,9 @@ services:
clickhouse:
container_name: clickhouse
image: clickhouse/clickhouse-server:25.4.2
- ports:
- - "8123:8123"
- - "9000:9000"
+# ports:
+# - "8123:8123"
+# - "9000:9000"
volumes:
- clickhouse-data:/var/lib/clickhouse
- ./clickhouse_config:/etc/clickhouse-server/config.d