Security

Security is always important! Please keep in mind, that dockware is primary made for local development! This does not mean you cannot use it for a server that is available on the internet. But please consider a few security related things.

Don't expose ports like you would do locally

In our docker-compose.yaml samples, you see all kinds of ports being exposed. This is great for local development - but not for a server - even it's "just" a staging system. Our recommendation is to only expose ports that are really necessary to use your app. And this should only be done through 1 single docker container, probably a proxy like NGINX. This helps you to avoid losing control over what is exposed throughout your (bigger) yaml file. If you expose a port, make sure to add an additional restriction if possible. This sample would only expose the port 3306 MySQL for connections from the localhost (host system). So you can do a default SSH connection to your host, and then a connection from there to your MySQL container. This is pretty much the basic workflow of such a scenario - only with Docker ;).

docker-compose.yaml (partial)

127.0.0.1:3306:3306

Attention

Please do never expose port 22 from dockware on an online server if you do not know what you are doing! Pay attention to the weak default credentials - and consider using a firewall.

PreviousPerformance on Mac NextSequel Pro

Last updated 4 years ago

Was this helpful?