fix: restrict Docker default network exposure

[study8677]

Motivation

• Prevent insecure default Docker behavior that made the unauthenticated OpenCMO API reachable on all host interfaces by removing image-level all-interface binding and making compose defaults localhost-only.

Description

• Remove the image-level ENV OPENCMO_WEB_HOST=0.0.0.0 from Dockerfile so the container image no longer forces binding to all interfaces.
• Change docker-compose.yml to publish the port on the loopback interface with 127.0.0.1:8080:8080 so the service is not exposed to the LAN by default.
• Add OPENCMO_WEB_HOST=0.0.0.0 to the compose service environment so container-side binding still allows host access for local development without exposing the host to other networks.

Testing

• Attempted to validate the compose configuration with docker compose config, but the environment lacks Docker so that check failed.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 81ee932fbe

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve container-wide bind default in image

Removing OPENCMO_WEB_HOST=0.0.0.0 from the image makes opencmo-web fall back to 127.0.0.1 (src/opencmo/web/app.py), so containers started from this image outside this specific compose file (for example docker run -p 8080:8080 ... or Kubernetes) will listen only on loopback inside the container and become unreachable via published ports/Services. The compose override fixes one path, but the base image now regresses as a generally runnable artifact.

Useful? React with 👍 / 👎.

[study8677]

Code Review — fix: restrict Docker default network exposure

总体评价

PR 识别了一个真实的安全隐患（Docker 默认将服务暴露在所有宿主机网络接口），方向正确。但移除 Dockerfile 中的 ENV OPENCMO_WEB_HOST=0.0.0.0 引入了一个隐蔽的破坏性变更，建议修复后再合并。

---

🔴 阻断：移除 Dockerfile ENV 会使独立 docker run 用户的端口转发静默失败

根因：src/opencmo/web/app.py:225

host = os.environ.get("OPENCMO_WEB_HOST", "127.0.0.1")

应用程序的默认值是 127.0.0.1。移除 ENV OPENCMO_WEB_HOST=0.0.0.0 后，容器内的应用只监听本地回环接口。Docker 的端口转发机制（-p 8080:8080）要求应用在容器内监听 0.0.0.0，否则转发无效。

受影响场景：

# 这条命令在修改后将静默失败——端口转发无响应，且没有任何报错
docker run -p 8080:8080 opencmo

compose 用户不受影响（因为 docker-compose.yml 的 environment 中补回了该变量），但独立运行容器的用户会遇到无法访问的问题。

推荐修复（最小改动）：

将 ENV OPENCMO_WEB_HOST=0.0.0.0 保留在 Dockerfile，删除 compose 中的重复配置。安全目标（LAN 隔离）完全由 127.0.0.1:8080:8080 的宿主机绑定来保证，不需要在镜像层移除该变量。

# Dockerfile — 恢复此行
ENV OPENCMO_DB_PATH=/data/data.db
ENV OPENCMO_WEB_HOST=0.0.0.0   # Required: container must bind 0.0.0.0 for Docker port-forwarding to work
EXPOSE 8080
CMD ["opencmo-web"]

# docker-compose.yml — 可删除重复的 environment 块
services:
  opencmo:
    build: .
    ports:
      # Bind to loopback only; use a reverse proxy or change to 0.0.0.0:8080:8080 for LAN access
      - "127.0.0.1:8080:8080"
    volumes:
      - opencmo_data:/data
    env_file:
      - .env
    restart: unless-stopped

---

🟡 建议：docker-compose.yml 缺少注释说明安全意图

127.0.0.1:8080:8080 是有意为之的安全决策，但没有任何注释。用户遇到"无法从其他机器访问"时会感到困惑，可能直接改回 8080:8080。建议在 ports: 行上方添加注释：

# Bind to loopback only; change to "0.0.0.0:8080:8080" for LAN/external access
- "127.0.0.1:8080:8080"

---

🟡 建议：未更新文档

此次变更改变了默认可访问性（全网络 → 仅宿主机 localhost），但 README.md 未做对应更新。建议在 Docker 使用章节补充：

1. 默认只可从宿主机 localhost 访问
2. 如需局域网访问：docker run -p 0.0.0.0:8080:8080 -e OPENCMO_WEB_HOST=0.0.0.0 ...
3. 生产环境建议通过反向代理（nginx）暴露

---

亮点

• 127.0.0.1:8080:8080 的绑定改法本身是正确的安全实践，仅改动宿主机侧绑定而不触碰容器内部监听是标准模式。
• PR 描述清晰地区分了"宿主机侧绑定"与"容器侧监听"两个层面，说明作者理解问题本质。

---

Generated by Claude Code

[study8677]

Superseded by #25, which was incorporated via #27 → main. The image-level ENV is left in place for plain docker run usability; compose binds the host port to 127.0.0.1 only.