Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@rooter yeah, I ended up doing the same thing. Just spent an hour or two searching for solutions before finding that one. The most common solution seems to involve manually configuring iptables which is a headache I want to avoid.
Hmm, I bet fail2ban isn't working either. Damn. Nobody's attempted to brute force my Bitwarden login yet but I should probably make sure. -
Swarms and rafts
https://docs.docker.com/engine/...
Rootless docker
https://docs.docker.com/engine/... -
Related Rants
Job interview
Oh, Elon.
I deployed docker on a VPS a few weeks ago as a sort of learning experience since I haven't really worked with containers much before. Today I learned that docker doesn't like firewalls.
Or, to be more specific, it adds rules to iptables that are applied prior to ufw rules, allowing external connections that I really didn't want to allow. If I don't explicitly specify that a port is to be published only to localhost, then it punches a hole through my firewall without telling me.
Which means that all of my containers running behind an nginx reverse proxy that auto-redirects to HTTPS... were also accessible directly via HTTP.
I'm... trying to think of a reason why this kind of default behavior was a good idea, but I'm drawing a blank.
Fucking Docker.
rant
iptables
ufw
docker