You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,11 +36,12 @@ Now you are ready to go with a little CI/CD Environment:
36
36
#### Security
37
37
... not really, its all http .. don't worry about it! It's only local communication
38
38
39
-
WARNING
40
-
All the services are reachable from outer world because docker creates and deletes dynamically FORWARD Rules with ACCEPT on startup / shutdown containers with exported ports.
39
+
##### security paranoia
40
+
All the exposed ports are reachable from outer world because docker creates and deletes dynamically FORWARD rules with default policy ACCEPT on startup / shutdown containers witch have exported ports.
41
41
42
-
To deny acccess froum outer world the DOCKER-USER Chain (since docker 17.06) ist the medium of choice.
43
-
A little Script to deny all access from outer world to your local build environment could be
42
+
To deny acccess from outer world the DOCKER-USER Chain (since docker 17.06) ist the medium of choice for your own rules (this is the first target in the FORWARD-Chain and never touched by docker).
43
+
44
+
A little Script to deny all access from outer world to your local build environment could be the following (exposed port from nginx are 80,5555,2222)
0 commit comments