Comment on Got any security advice for setting up a locally hosted website/external service?
monogram@feddit.nl 5 weeks ago
Fail2ban ufw
port forward only the bare minimum (80 443)
Expose docker ports with 127.0.0.1:8000:8000 then port forward with caddy server on the host
dgdft@lemmy.world 5 weeks ago
This is dangerous advice because docker is well-known for undoing UFW’s iptable rules.
monogram@feddit.nl 5 weeks ago
Docker is going to undo your port iptable rules with or without ufw
Running
rm -rf ~isn’t that hard to do either just don’t do it.Your router’s NAT should save you if that happens on the wrong port anyway.
dgdft@lemmy.world 5 weeks ago
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
monogram@feddit.nl 5 weeks ago
Please tell me more, which firewall would you recommend that plays nice with Docker?
No NAT? Hahaha that’s a big if, and why would you copy paste a docker compose without reading it?
NastyNative@mander.xyz 5 weeks ago
Do not open those ports hosting is way to cheap now to take that risk!