From 2fd22e9b4b0ad3ff948cefa4f10e933a8ff0fa5f Mon Sep 17 00:00:00 2001
From: Tobias Schlatter <tobias@meisch.ch>
Date: Sat, 23 Sep 2023 13:05:55 +0200
Subject: [PATCH] Do not expose generated dev docker site to the internet

By default, published docker ports "bind" to all inbound addresses. We
restrict to localhost to avoid exposing the site to the internet.

Note that malicious same L2 participants can still reach the container
due to:
https://github.com/moby/moby/issues/45610
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1511258..cd8a44c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,6 +4,6 @@ services:
   jekyll:
     build: .
     ports:
-      - '4000:4000'
+      - '127.0.0.1:4000:4000'
     volumes:
       - .:/srv/jekyll:ro