Merge pull request #55 from Gabisonfire/critical-security-enhancements

Critical security enhancements
2024-02-04 16:04:42 +00:00
parent 875d79b44d 2b715b90a7
commit eef3265850
2 changed files with 20 additions and 16 deletions
--- a/docker-compose-metrics.yml
+++ b/docker-compose-metrics.yml
@@ -29,8 +29,6 @@ services:

  postgres-exporter:
    image: prometheuscommunity/postgres-exporter
-    ports:
-      - "9187:9187"
    environment:
      DATA_SOURCE_NAME: "postgresql://postgres:postgres@postgres:5432/knightcrawler?sslmode=disable"
    networks:
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,8 +1,7 @@
-version: '3.8'
+version: "3.8"
 name: knightcrawler

-x-restart: &restart-policy
-  "unless-stopped"
+x-restart: &restart-policy "unless-stopped"

 x-basehealth: &base-health
  interval: 10s
@@ -13,9 +12,9 @@ x-basehealth: &base-health
 x-rabbithealth: &rabbitmq-health
  test: rabbitmq-diagnostics -q ping
  <<: *base-health
-  
+
 x-mongohealth: &mongodb-health
-  test: ["CMD","mongosh", "--eval", "db.adminCommand('ping')"]
+  test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
  <<: *base-health

 x-postgreshealth: &postgresdb-health
@@ -39,8 +38,11 @@ services:
      - .env
    environment:
      PGUSER: postgres # needed for healthcheck.
-    ports:
-      - "5432:5432"
+    # # If you need the database to be accessible from outside, please open the below port.
+    # # Furthermore, please, please, please, change the username and password in the .env file.
+    # # If you want to enhance your security even more, create a new user for the database with a strong password.
+    # ports:
+    #   - "5432:5432"
    volumes:
      - postgres:/var/lib/postgresql/data
    healthcheck: *postgresdb-health
@@ -52,8 +54,10 @@ services:
    image: mongo:latest
    env_file:
      - .env
-    ports:
-      - "27017:27017"
+    # # If you need the database to be accessible from outside, please open the below port.
+    # # Furthermore, please, please, please, change the username and password in the .env file.
+    # ports:
+    #   - "27017:27017"
    volumes:
      - mongo:/data/db
    restart: *restart-policy
@@ -63,10 +67,12 @@ services:

  rabbitmq:
    image: rabbitmq:3-management
-    ports:
-      - "5672:5672"
-      - "15672:15672"
-      - "15692:15692"
+    # # If you need the database to be accessible from outside, please open the below port.
+    # # Furthermore, please, please, please, look at the documentation for rabbit on how to secure the service.
+    # ports:
+    #   - "5672:5672"
+    #   - "15672:15672"
+    #   - "15692:15692"
    volumes:
      - rabbitmq:/var/lib/rabbitmq
    restart: *restart-policy
@@ -116,4 +122,4 @@ networks:
 volumes:
  postgres:
  mongo:
-  rabbitmq:
+  rabbitmq: