Comment on Got any security advice for setting up a locally hosted website/external service?
monogram@feddit.nl 2 months ago
Fail2ban ufw
port forward only the bare minimum (80 443)
Expose docker ports with 127.0.0.1:8000:8000 then port forward with caddy server on the host
dgdft@lemmy.world 2 months ago
This is dangerous advice because docker is well-known for undoing UFW’s iptable rules.
monogram@feddit.nl 2 months ago
Docker is going to undo your port iptable rules with or without ufw
Running
rm -rf ~isn’t that hard to do either just don’t do it.Your router’s NAT should save you if that happens on the wrong port anyway.
dgdft@lemmy.world 2 months ago
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
monogram@feddit.nl 2 months ago
Please tell me more, which firewall would you recommend that plays nice with Docker?
No NAT? Hahaha that’s a big if, and why would you copy paste a docker compose without reading it?
NastyNative@mander.xyz 2 months ago
Do not open those ports hosting is way to cheap now to take that risk!