Yeah, true, but I have set it up in such a way that such network is an exposed b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Fnoord 7 months ago \| parent \| context \| favorite \| on: A story on home server security Yeah, true, but I have set it up in such a way that such network is an exposed bridge whereas the other networks created by docker-compose are not. It isn't even possible to reach these from outside. They're not routed, each of these backends uses standard Postgres port so with 1:1 NAT it'd give errors. Even on 127.0.0.1 it does not work: $ nc 127.0.0.1 5432 && echo success \|\| echo no success no success Example snippet from docker-compose: DB/cache (e.g. Postgres & Redis, in this example Postgres): `[..] ports: - "5432:5432" networks: - backend [..]` App: `[..] networks: - backend - frontend [..]` networks: frontend: external: true backend: internal: true

akerl_ 7 months ago [–]

Nobody is disputing that it is possible to set up a secure container network. But this post is about the fact that the default docker behavior is an insecure footgun for users who don’t realize what it’s doing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact