From 4f7b63e1b98c3260e87a3c8542750cbdb4cae75b Mon Sep 17 00:00:00 2001 From: Brian O'Reilly Date: Fri, 13 Mar 2026 17:21:22 -0400 Subject: [PATCH] docker port maps leak to external interface... Unless they are explicitly bound to loopback, which I thought was the default, but it is not. likely related to the interface between bridges and ip tables in the Linux kernel, but anyhow, get literal about the portmap interface address to prevent exposing the database to the entire internet. With thanks to the friendly heads up email from the German Federal Republic via Hetzner. --- docker/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 1b17bfa..7b8301c 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -7,7 +7,7 @@ services: - POSTGRES_USER=${ASTEROID_DB_USER:-asteroid} - POSTGRES_PASSWORD=${ASTEROID_DB_PASSWORD:-asteroid_db_2025} ports: - - "5432:5432" + - "127.0.0.1:5432:5432" volumes: - postgres-data:/var/lib/postgresql/data - ./init-db.sql:/docker-entrypoint-initdb.d/init-db.sql:ro