dockware
  • dockware doc's
  • News
  • Setup
    • Docker Setup
    • What Image should you use?
    • Performance Tweaks
  • Use Dockware
    • First Run
    • Update Dockware
    • Advanced Run
    • Default Credentials
    • Symfony or Shopware 5
    • Changelog
  • Features
    • Intro
    • Environment Variables
    • Adminer
    • Mailcatcher
    • Switch PHP Version
    • Switch Node Version
    • Tideways Profiling
    • Pimp my Log
    • Filebeat
    • SSH Users
    • MySQL Users
    • Shopware Currency
  • Development
    • Intro
    • Start Developing
    • Switch Branches
    • Debugging
    • Watchers
    • App Development
    • Update Shopware
    • Dockware Essentials
    • Custom Domains
    • Custom Images
    • Code Coverage
    • CLI Build Shopware 6 Plugin
    • Multi-Environment Setups
  • Contribute
    • Intro
    • Setup Github Version
    • Create Feature
    • Code Styles
    • Testing
    • Create Pull Requests
  • CI/CD
    • Github
    • Gitlab
    • Bitbucket
    • Buddy
  • Tips & Tricks
    • Create a new Project
    • Bind-Mounting
    • Persisting Data
    • Housekeeping
    • Online Servers
    • Performance on Mac
    • Security
  • FAQ
    • Sequel Pro
    • Dockware and other images
    • Scripts (PSH?)
    • Redis
    • Error Port not available
    • MySQL failed
    • Elasticsearch
    • Windows Problems
    • Chrome Problems
    • Import MySQL Dump
    • Shopware 5 Support
    • Use Https/SSL
    • Container hangs in Pipeline
    • Disable the admin worker
  • Additional Links
    • Imprint
    • Founders
    • Dockware website
    • Dockware in Shopware Slack
Powered by GitBook
On this page

Was this helpful?

  1. Tips & Tricks

Security

Security is always important! Please keep in mind, that dockware is primary made for local development! This does not mean you cannot use it for a server that is available on the internet. But please consider a few security related things.

Don't expose ports like you would do locally

In our docker-compose.yaml samples, you see all kinds of ports being exposed. This is great for local development - but not for a server - even it's "just" a staging system. Our recommendation is to only expose ports that are really necessary to use your app. And this should only be done through 1 single docker container, probably a proxy like NGINX. This helps you to avoid losing control over what is exposed throughout your (bigger) yaml file. If you expose a port, make sure to add an additional restriction if possible. This sample would only expose the port 3306 MySQL for connections from the localhost (host system). So you can do a default SSH connection to your host, and then a connection from there to your MySQL container. This is pretty much the basic workflow of such a scenario - only with Docker ;).

docker-compose.yaml (partial)
127.0.0.1:3306:3306

Attention

Please do never expose port 22 from dockware on an online server if you do not know what you are doing! Pay attention to the weak default credentials - and consider using a firewall.

PreviousPerformance on MacNextSequel Pro

Last updated 4 years ago

Was this helpful?