Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docker_server__tcp should default to False #871

htgoebel opened this issue Jul 6, 2019 · 3 comments · Fixed by #950


Copy link

commented Jul 6, 2019

debops.docker_server/getting-started.html says:

If debops.pki was configured on the host, Docker will automatically listen on its TCP port for incoming TLS connections, which is by default blocked by the ferm firewall. If you don't use a firewall or have it disabled, you might want to set docker_server__tcp to False to disable this behavior.

For "security by default" I suggest docker_server__tcp to default to False, even if debops.pki was configured. Otherwise the docker server might e accessible from remote without the admin wittingly enabling this.


This comment has been minimized.

Copy link

commented Jul 6, 2019

Sure, sounds good. The documentation would also have to be updated to reflect the default state. Want to work on the PR?


This comment has been minimized.

Copy link

commented Jul 28, 2019

I'll pick this up.

imrejonk added a commit to imrejonk/debops that referenced this issue Jul 29, 2019
This change turns listening on a TCP port off by default, even if
`debops.pki` is enabled. This is a security measure, it should prevent
administrators from unknowingly leaving the Docker TCP port open.

Closes debops#871
@drybjed drybjed closed this in #950 Jul 29, 2019

This comment has been minimized.

Copy link
Contributor Author

commented Jul 29, 2019


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.