about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAkihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>2018-02-04 02:44:22 +0900
committerEugen Rochko <eugen@zeonfederated.com>2018-02-03 18:44:22 +0100
commit9da81a16391edfcbda9c748dcd519fb3ebd765e5 (patch)
treeac000b94a6f37c243ddcfcc4843967b02270d825
parentd75d2a9f9960f08bbcacd4f5acb86243dbdb3179 (diff)
Isolate internal services from external networks in Docker configuration (#6369)
The database and Redis do not need external connections, so isolate them
and prevent unauthorized access.
-rw-r--r--docker-compose.yml18
1 files changed, 18 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml
index cfe70c5e8..aaa3a4478 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,6 +4,8 @@ services:
   db:
     restart: always
     image: postgres:9.6-alpine
+    networks:
+      - internal_network
 ### Uncomment to enable DB persistance
 #    volumes:
 #      - ./postgres:/var/lib/postgresql/data
@@ -11,6 +13,8 @@ services:
   redis:
     restart: always
     image: redis:4.0-alpine
+    networks:
+      - internal_network
 ### Uncomment to enable REDIS persistance
 #    volumes:
 #      - ./redis:/data
@@ -21,6 +25,9 @@ services:
     restart: always
     env_file: .env.production
     command: bundle exec rails s -p 3000 -b '0.0.0.0'
+    networks:
+      - external_network
+      - internal_network
     ports:
       - "3000:3000"
     depends_on:
@@ -37,6 +44,9 @@ services:
     restart: always
     env_file: .env.production
     command: npm run start
+    networks:
+      - external_network
+      - internal_network
     ports:
       - "4000:4000"
     depends_on:
@@ -52,6 +62,14 @@ services:
     depends_on:
       - db
       - redis
+    networks:
+      - external_network
+      - internal_network
     volumes:
       - ./public/packs:/mastodon/public/packs
       - ./public/system:/mastodon/public/system
+
+networks:
+  external_network:
+  internal_network:
+    internal: true