From 0a2ac0c409cc1cfbf8877ee801f998a7c9492d95 Mon Sep 17 00:00:00 2001 From: Brian O'Reilly Date: Fri, 13 Mar 2026 17:21:22 -0400 Subject: [PATCH] docker port maps leak to external interface... Unless they are explicitly bound to loopback, which I thought was the default, but it is not. likely related to the interface between bridges and ip tables in the Linux kernel, but anyhow, get literal about the portmap interface address to prevent exposing the database to the entire internet. With thanks to the friendly heads up email from the German Federal Republic via Hetzner. --- docker/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index b4b80f5..6c62995 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -43,7 +43,7 @@ services: - POSTGRES_USER=${ASTEROID_DB_USER:-asteroid} - POSTGRES_PASSWORD=${ASTEROID_DB_PASSWORD:-asteroid_db_2025} ports: - - "5432:5432" + - "127.0.0.1:5432:5432" volumes: - postgres-data:/var/lib/postgresql/data - ./init-db.sql:/docker-entrypoint-initdb.d/init-db.sql:ro