From 55a5ab1a64c39d68366ab0c3246f026ece7d918a Mon Sep 17 00:00:00 2001 From: Chris Sherwood Date: Fri, 13 Mar 2026 20:09:44 -0700 Subject: [PATCH] fix(security): remove MySQL and Redis port exposure to host MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MySQL (3306) and Redis (6379) were published to all host interfaces despite only being accessed by the admin container via Docker's internal network. Redis has no authentication, so anyone on the LAN could connect. Removes the port mappings — containers still communicate internally via Docker service names. Closes #279 Co-Authored-By: Claude Opus 4.6 --- install/management_compose.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/install/management_compose.yaml b/install/management_compose.yaml index 43b8bf7..3bf5060 100644 --- a/install/management_compose.yaml +++ b/install/management_compose.yaml @@ -57,8 +57,6 @@ services: image: mysql:8.0 container_name: nomad_mysql restart: unless-stopped - ports: - - "3306:3306" environment: - MYSQL_ROOT_PASSWORD=replaceme - MYSQL_DATABASE=nomad @@ -75,8 +73,6 @@ services: image: redis:7-alpine container_name: nomad_redis restart: unless-stopped - ports: - - "6379:6379" volumes: - /opt/project-nomad/redis:/data healthcheck: