diff options
| author | Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> | 2018-02-04 02:44:22 +0900 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-02-03 18:44:22 +0100 |
| commit | 9da81a16391edfcbda9c748dcd519fb3ebd765e5 (patch) | |
| tree | ac000b94a6f37c243ddcfcc4843967b02270d825 | |
| parent | d75d2a9f9960f08bbcacd4f5acb86243dbdb3179 (diff) | |
Isolate internal services from external networks in Docker configuration (#6369)
The database and Redis do not need external connections, so isolate them and prevent unauthorized access.
| -rw-r--r-- | docker-compose.yml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index cfe70c5e8..aaa3a4478 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,8 @@ services: db: restart: always image: postgres:9.6-alpine + networks: + - internal_network ### Uncomment to enable DB persistance # volumes: # - ./postgres:/var/lib/postgresql/data @@ -11,6 +13,8 @@ services: redis: restart: always image: redis:4.0-alpine + networks: + - internal_network ### Uncomment to enable REDIS persistance # volumes: # - ./redis:/data @@ -21,6 +25,9 @@ services: restart: always env_file: .env.production command: bundle exec rails s -p 3000 -b '0.0.0.0' + networks: + - external_network + - internal_network ports: - "3000:3000" depends_on: @@ -37,6 +44,9 @@ services: restart: always env_file: .env.production command: npm run start + networks: + - external_network + - internal_network ports: - "4000:4000" depends_on: @@ -52,6 +62,14 @@ services: depends_on: - db - redis + networks: + - external_network + - internal_network volumes: - ./public/packs:/mastodon/public/packs - ./public/system:/mastodon/public/system + +networks: + external_network: + internal_network: + internal: true |