Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Others should not access my containers and imges #2

Closed
tobegit3hub opened this issue Oct 15, 2014 · 8 comments
Closed

Others should not access my containers and imges #2

tobegit3hub opened this issue Oct 15, 2014 · 8 comments
Assignees
@tobegit3hub
Labels
enhancement
Milestone
1.0

Comments

@tobegit3hub
Copy link
Owner

Now the server is running on localhost and others could access its containers and images. It's not safe for others to start, stop or delete our containers.
@larrycai
Copy link
Collaborator

this part mostly is done in nginx web layer seems in front of real WEB GUI

@tobegit3hub
Copy link
Owner Author

Yes, @larrycai . I would like to write some rules of iptable for normal users. Just let others know the risk of exposing the IP and port.

@tobegit3hub
Copy link
Owner Author

These commands work like a charm in my localhost.

  • sudo iptables -A INPUT -p tcp --dport 10086 -s 127.0.0.1 -j ACCEPT
  • sudo iptables -A INPUT -p tcp --dport 10086 -j DROP

If I want to revert it, just run the following commands.

  • sudo iptables -D INPUT -p tcp --dport 10086 -s 127.0.0.1 -j ACCEPT
  • sudo iptables -D INPUT -p tcp --dport 10086 -j DROP

I will update the readme.md for everyone to notice about this 😄

@tobegit3hub tobegit3hub self-assigned this Oct 20, 2014
@larrycai
Copy link
Collaborator

Looks quite simple.

But I don't fully understand the purpose, do you mean to remove web access
from other server ? This is not what I want ;-)

probably it is relate to the issues #7 for readonly mode in another machine

On Mon, Oct 20, 2014 at 3:40 PM, tobe notifications@github.com wrote:

Closed #2 #2.


Reply to this email directly or view it on GitHub
#2 (comment).

True software development embraces consistent inconsistency.
blog: http://larrycaiyu.com/blog (en), http://larrycaiyu.com (chinese)

@tobegit3hub
Copy link
Owner Author

Currently seagull is designed to monitor docker deamon on arbitrary servers, not just for read-only registry. So if I'm using seagull to monitor my containers, I have to make sure only the authorized IPs can view, start, stop or delete my containers. It can be done by nginx as well and iptables is just a simple option for normal users.

#7 is under consideration. Thanks @larrycai for your suggestion 😺

@larrycai
Copy link
Collaborator

Then why not docker run -d -p 127.0.0.1:10086:10086 -v /var/run/docker.sock:/va r/run/docker.sock tobegit3hub/seagull , should be good enough for this case.

@tobegit3hub
Copy link
Owner Author

Thanks @larrycai and that's really better. You can send the pull-request to update the notice part in readme.md and readme-zh.md. I will re-open this issue and wait for your contribution 🎉

@tobegit3hub tobegit3hub reopened this Oct 27, 2014
@tobegit3hub tobegit3hub removed their assignment Oct 27, 2014
larrycai added a commit to larrycai/seagull that referenced this issue Oct 28, 2014
@larrycai
new solution for issue tobegit3hub#2, add description to use -p param…
2f37bb9 
…eter in docker run command to control localhost access
@tobegit3hub tobegit3hub mentioned this issue Oct 28, 2014
Merged
@tobegit3hub
Copy link
Owner Author

Fixed by @larrycai 's pull-request 👍

@tobegit3hub tobegit3hub modified the milestone: 1.0 Oct 28, 2014
@tobegit3hub tobegit3hub self-assigned this Oct 28, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tobegit3hub tobegit3hub

Labels
enhancement
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
2 participants
@larrycai @tobegit3hub