Comment on Got any security advice for setting up a locally hosted website/external service?
monogram@feddit.nl 3 days ago
Fail2ban ufw
port forward only the bare minimum (80 443)
Expose docker ports with 127.0.0.1:8000:8000 then port forward with caddy server on the host
dgdft@lemmy.world 3 days ago
This is dangerous advice because docker is well-known for undoing UFW’s iptable rules.
monogram@feddit.nl 3 days ago
Docker is going to undo your port iptable rules with or without ufw
Running
rm -rf ~isn’t that hard to do either just don’t do it.Your router’s NAT should save you if that happens on the wrong port anyway.
dgdft@lemmy.world 3 days ago
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
monogram@feddit.nl 2 days ago
Please tell me more, which firewall would you recommend that plays nice with Docker?
No NAT? Hahaha that’s a big if, and why would you copy paste a docker compose without reading it?
NastyNative@mander.xyz 2 days ago
Do not open those ports hosting is way to cheap now to take that risk!