Skip to content

Commit

Permalink
Do not expose generated dev docker site to the internet
Browse files Browse the repository at this point in the history 
By default, published docker ports "bind" to all inbound addresses. We
restrict to localhost to avoid exposing the site to the internet.

Note that malicious same L2 participants can still reach the container
due to:
moby/moby#45610
  • Loading branch information
@gzm0
gzm0 committed Sep 23, 2023
1 parent 272eaba commit 2fd22e9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ services:
jekyll:
build: .
ports:
- '4000:4000'
- '127.0.0.1:4000:4000'
volumes:
- .:/srv/jekyll:ro

0 comments on commit 2fd22e9

Please sign in to comment.