From b0d7709a6c64e0117dec5470938f55ce917df331 Mon Sep 17 00:00:00 2001 From: Chris Sherwood Date: Fri, 13 Mar 2026 20:09:44 -0700 Subject: [PATCH] fix(security): remove MySQL and Redis port exposure to host MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MySQL (3306) and Redis (6379) were published to all host interfaces despite only being accessed by the admin container via Docker's internal network. Redis has no authentication, so anyone on the LAN could connect. Removes the port mappings — containers still communicate internally via Docker service names. Closes #279 Co-Authored-By: Claude Opus 4.6 --- install/management_compose.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/install/management_compose.yaml b/install/management_compose.yaml index f3dc199..f81c324 100644 --- a/install/management_compose.yaml +++ b/install/management_compose.yaml @@ -58,8 +58,6 @@ services: image: mysql:8.0 container_name: nomad_mysql restart: unless-stopped - ports: - - "3306:3306" environment: - MYSQL_ROOT_PASSWORD=replaceme - MYSQL_DATABASE=nomad @@ -76,8 +74,6 @@ services: image: redis:7-alpine container_name: nomad_redis restart: unless-stopped - ports: - - "6379:6379" volumes: - /opt/project-nomad/redis:/data healthcheck: