dockware
dockware
dockware doc's
News
Setup
Docker Setup
Performance Tweaks
Use Dockware
First Run
Update Dockware
Advanced Run
Default Credentials
Symfony or Shopware 5
Changelog
Features
Intro
Adminer
Mailcatcher
Pimp my Log
Switch PHP Version
Tideways Profiling
Filebeat
SSH Users
MySQL Users
Shopware Currency
Development
Intro
Start Developing
Switch Branches
Debugging
Watchers
Environment Variables
Update Shopware
Dockware Essentials
Custom Domains
Custom Images
Code Coverage
Contribute
Intro
Setup Github Version
Create Feature
Code Styles
Testing
Create Pull Requests
Tips & Tricks
Performance on Mac
Persisting Data
Housekeeping
How to use Bind-Mounting
Security
FAQ
Sequel Pro
Dockware and other images
Scripts (PSH?)
Redis
Error Port not available
MySQL failed
Elasticsearch
Windows Problems
Chrome Problems
Shopware 5 Support
Additional Links
Imprint
Founders
Dockware website
Dockware in Shopware Slack
Powered by GitBook

Security

Security is always important! Please keep in mind, that dockware is primary made for local development! This does not mean you cannot use it for a server that is available on the internet. But please consider a few security related things.

Don't expose ports like you would do locally

In our docker-compose.yaml samples, you see all kinds of ports being exposed. This is great for local development - but not for a server - even it's "just" a staging system. Our recommendation is to only expose ports that are really necessary to use your app. And this should only be done through 1 single docker container, probably a proxy like NGINX. This helps you to avoid losing control over what is exposed throughout your (bigger) yaml file. If you expose a port, make sure to add an additional restriction if possible. This sample would only expose the port 3306 MySQL for connections from the localhost (host system). So you can do a default SSH connection to your host, and then a connection from there to your MySQL container. This is pretty much the basic workflow of such a scenario - only with Docker ;).

docker-compose.yaml (partial)
127.0.0.1:3306:3306

Attention

Please do never expose port 22 from dockware on an online server if you do not know what you are doing! Pay attention to the weak default credentials - and consider using a firewall.

Tips & Tricks - Previous
How to use Bind-Mounting
Next - FAQ
Sequel Pro
Last updated 2 months ago