-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use --internal with sane defaults in scaffoldings #98
Labels
Comments
IMO we should replace fakesmtp for providing a mail catcher like odoo.sh does. |
Yes, also. I opened #101 for that. |
yajo
added a commit
that referenced
this issue
Jan 25, 2018
The inbox proxies were a trick to isolate POP3/IMAP (or any other TCP) connections when a database got restored into a non-production environment. Since Docker 1.10, internal networks are natively supported, which means that any in/out communication outside the container stack gets automatically blocked. From now on, you can just configure incoming mail as usual in your Odoo instances with the safety that those incoming mails will not be read outside the production environment. If you still need outside world communication for devel or test environments, you can enable it by switching the internal boolean, or by adding a public network with public access and attaching it to the containers that need it (usually just Odoo). Note that for this to have a real effect, the `inverseproxy_shared` network must be internal too in test environments. Fixes #98
yajo
added a commit
that referenced
this issue
Jan 29, 2018
The inbox proxies were a trick to isolate POP3/IMAP (or any other TCP) connections when a database got restored into a non-production environment. Since Docker 1.10, internal networks are natively supported, which means that any in/out communication outside the container stack gets automatically blocked. From now on, you can just configure incoming mail as usual in your Odoo instances with the safety that those incoming mails will not be read outside the production environment. If you still need outside world communication for devel or test environments, you can enable it by switching the internal boolean, or by adding a public network with public access and attaching it to the containers that need it (usually just Odoo). Note that for this to have a real effect, the `inverseproxy_shared` network must be internal too in test environments. Fixes #98
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's interesting that in the scaffolding there has been the
fakeinbox
andfakesmtp
containers made to isolate restored backups in devel/test environments from making requests to the outside world, specifically when attempting to contact servers.However, it turns out that since Docker 1.10, we can create networks with the
--internal
flag, which restricts access to the outside world perfectly fine (see moby/moby#19276).We can use that instead of using some of the proxies. It should be easier to understand for newcomers, and easier to maintain for oldcomers.
The text was updated successfully, but these errors were encountered: