Hide the REST API port
dmgeurts opened this issue · 1 comments
Thank you for a great piece of software.
Revisiting the IOC2RPZ server I built last year I'm now wondering if port 8443 can be bound to localhost or a specific IP address instead of binding to any available IP addresses. I'm running IOC2RPZ.gui on the same server so have no need to expose the REST API interface outside of the server.
I think the docker run command can be changed to add an IP address like so: -p 172.17.0.1:8443:8443 when creating the image. Not wanting to recreate the image I tried editing the hostconfig.json but the IP address is removed from there when the image is restarted after the edit. This link mentions that config.v2.json should also be modified but there are no mappings listed under Ports.
config.v2.json:
[...]
"Ports":null,
[...]
Any suggestions?
In fact, I'd like to hide the GUI (TCP:443) behind a reverse proxy too so I can enable LDAP auth for the interface. Thus I need to stop IOC2RPZ.gui from listening on all interfaces. And I have the same issue there.
Ah, found the solution:
docker stop ioc2rpx.gui- edit the
hostconfig.jsonfile for this image - restart docker:
systemctl restart docker.service
The point is NOT to start the image after editing the hostconfig.json file, but to restart docker instead.