Remove unnecessary published ports #38
Comments
|
caddy is bound to the host network: searx-docker/docker-compose.yaml Line 11 in 92cdb70 The reason: filtron needs the orginal IP address, and Docker won't send the original IPv6 address if caddy is not bound to the host network (it works with IPv4 addresses). See moby/moby#17666 You can have a look to this PR #26 (and for a workaround https://github.com/robbertkl/docker-ipv6nat ). So in this configuration, the filtron and morty ports are exposed. |
|
Just disable dockers userland proxy which will become a default in the future.
Which I think is a really bad default because docker bypasses ufw by default. |
dalf
added a commit
that referenced
this issue
Jul 13, 2020
* Use docker image caddy:2-alpine * Caddyfile: remove "limits 10KB" * Caddyfile: URL /filtron/rules removes (filtron API still availabled on http://localhost:4041/rules ) * caddy storage are docker volumes (caddy-data and caddy-config). start.sh and stop.sh have been modified to keep these volumes. * .env: Remove SEARX_PROTOCOL, SEARX_TLS, FILTRON_USER and FILTRON_PASSWORD variables. * docker-compose.yml: filtron and morty listen on 127.0.0.1 (related to #38) * Fix #37: settings ```SEARX_HOSTNAME=localhost:8888``` works as expected (https connection)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why are the ports of some services published to the host despite not needing them? Caddy needs them for sure but why do filtron or morty need them?
The text was updated successfully, but these errors were encountered: