github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-29 04:59:26 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(security): remove MySQL and Redis port exposure to host

Browse Source 
MySQL (3306) and Redis (6379) were published to all host interfaces
despite only being accessed by the admin container via Docker's internal
network. Redis has no authentication, so anyone on the LAN could connect.

Removes the port mappings — containers still communicate internally via
Docker service names.

Closes #279

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Sherwood 2026-03-13 20:09:44 -07:00 committed by Jake Turner
parent 42880ac9aa
commit 55a5ab1a64
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/management_compose.yaml
View File

@ -57,8 +57,6 @@ services:
image: mysql:8.0
container_name: nomad_mysql
restart: unless-stopped
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=replaceme
- MYSQL_DATABASE=nomad
@ -75,8 +73,6 @@ services:
image: redis:7-alpine
container_name: nomad_redis
restart: unless-stopped
ports:
- "6379:6379"
volumes:
- /opt/project-nomad/redis:/data
healthcheck: