github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(security): remove MySQL and Redis port exposure to host

Browse Source 
MySQL (3306) and Redis (6379) were published to all host interfaces
despite only being accessed by the admin container via Docker's internal
network. Redis has no authentication, so anyone on the LAN could connect.

Removes the port mappings — containers still communicate internally via
Docker service names.

Closes #279

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Sherwood 2026-03-13 20:09:44 -07:00 committed by Jake Turner
parent 9220b4b83d
commit fe0c2afe60
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/management_compose.yaml
View File

@ -57,8 +57,6 @@ services:
image: mysql:8.0 image: mysql:8.0
container_name: nomad_mysql container_name: nomad_mysql
restart: unless-stopped restart: unless-stopped
ports:
- "3306:3306"
environment: environment:
- MYSQL_ROOT_PASSWORD=replaceme - MYSQL_ROOT_PASSWORD=replaceme
- MYSQL_DATABASE=nomad - MYSQL_DATABASE=nomad
@ -75,8 +73,6 @@ services:
image: redis:7-alpine image: redis:7-alpine
container_name: nomad_redis container_name: nomad_redis
restart: unless-stopped restart: unless-stopped
ports:
- "6379:6379"
volumes: volumes:
- /opt/project-nomad/redis:/data - /opt/project-nomad/redis:/data
healthcheck: healthcheck: