Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use --internal with sane defaults in scaffoldings #98

Closed
yajo opened this issue Nov 11, 2017 · 2 comments · Fixed by #118
Closed

Use --internal with sane defaults in scaffoldings #98

yajo opened this issue Nov 11, 2017 · 2 comments · Fixed by #118
Labels
enhancement help wanted scaffolding

Comments

@yajo
Copy link
Contributor

yajo commented Nov 11, 2017

It's interesting that in the scaffolding there has been the fakeinbox and fakesmtp containers made to isolate restored backups in devel/test environments from making requests to the outside world, specifically when attempting to contact servers.

However, it turns out that since Docker 1.10, we can create networks with the --internal flag, which restricts access to the outside world perfectly fine (see moby/moby#19276).

We can use that instead of using some of the proxies. It should be easier to understand for newcomers, and easier to maintain for oldcomers.
@pedrobaeza
Copy link
Member

IMO we should replace fakesmtp for providing a mail catcher like odoo.sh does.

@yajo yajo mentioned this issue Nov 30, 2017
Closed
@yajo
Copy link
Contributor Author

yajo commented Nov 30, 2017
edited
Loading

Yes, also. I opened #101 for that.

yajo added a commit that referenced this issue Jan 25, 2018
@yajo
[DCK] Remove inbox containers, use internal networks
d8e8a70 
The inbox proxies were a trick to isolate POP3/IMAP (or any other TCP) connections when a database got restored into a non-production environment.

Since Docker 1.10, internal networks are natively supported, which means that any in/out communication outside the container stack gets automatically blocked.

From now on, you can just configure incoming mail as usual in your Odoo instances with the safety that those incoming mails will not be read outside the production environment.

If you still need outside world communication for devel or test environments, you can enable it by switching the internal boolean, or by adding a public network with public access and attaching it to the containers that need it (usually just Odoo).

Note that for this to have a real effect, the `inverseproxy_shared` network must be internal too in test environments.

Fixes #98
@yajo yajo mentioned this issue Jan 25, 2018
Merged
yajo added a commit that referenced this issue Jan 26, 2018
@yajo
Document network isolation
b42e825 
Document new features from #177, fixes #98.
@yajo yajo mentioned this issue Jan 26, 2018
Merged
1 task
yajo added a commit that referenced this issue Jan 26, 2018
@yajo
Document network isolation
f481fb6 
Document new features from #117, fixes #98.
yajo added a commit that referenced this issue Jan 29, 2018
@yajo
[DCK] Remove inbox containers, use internal networks
d4fa6e6 
The inbox proxies were a trick to isolate POP3/IMAP (or any other TCP) connections when a database got restored into a non-production environment.

Since Docker 1.10, internal networks are natively supported, which means that any in/out communication outside the container stack gets automatically blocked.

From now on, you can just configure incoming mail as usual in your Odoo instances with the safety that those incoming mails will not be read outside the production environment.

If you still need outside world communication for devel or test environments, you can enable it by switching the internal boolean, or by adding a public network with public access and attaching it to the containers that need it (usually just Odoo).

Note that for this to have a real effect, the `inverseproxy_shared` network must be internal too in test environments.

Fixes #98
@yajo yajo closed this as completed in #118 Jan 29, 2018
yajo added a commit that referenced this issue Jan 29, 2018
@yajo
Document network isolation
dc224cb 
Document new features from #117, fixes #98.
@yajo yajo mentioned this issue Jan 30, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted scaffolding
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Document network isolation Tecnativa/doodba
2 participants
@yajo @pedrobaeza