ce4fced380
CRITICAL SECURITY FIXES: - Bind all Docker services to localhost only (127.0.0.1) - Prevents external access to Liquidsoap telnet (port 1234) - Prevents direct Icecast access without HAproxy (port 8000) - Secures PostgreSQL port (5432) DOCKER CHANGES (docker-compose.yml): - Icecast: 127.0.0.1:8000:8000 (was 8000:8000) - Liquidsoap: 127.0.0.1🔢1234 (was 1234:1234) - PostgreSQL: 127.0.0.1:5432:5432 (was 5432:5432) - All passwords now use environment variables CONFIG TEMPLATE: - Added ICECAST_SOURCE_PASSWORD - Added ICECAST_RELAY_PASSWORD - Documented all Docker password variables Addresses TODO items from b612.asteroid.radio deployment: - Problem 1: Liquidsoap telnet exposed ✅ FIXED - Problem 2: Icecast binding to 0.0.0.0 ✅ FIXED This prevents the security issues that forced Fade to shut down the production server. Services are now only accessible via HAproxy on the host machine. Ref: TODO.org lines 25-27 |
||
|---|---|---|
| .. | ||
| Dockerfile.liquidsoap | ||
| asteroid-radio-docker.liq | ||
| docker-compose.asteroid.yml | ||
| docker-compose.yml | ||
| docker-compose.yml.remote-backup | ||
| docker-streaming.org | ||
| icecast.xml | ||
| init-db.sql | ||
| radiance-default.conf.lisp | ||
| setup-complete.org | ||
| start.sh | ||
| stop.sh | ||