Security
Vanuan opened this issue · 10 comments
How secure is this for running in production?
It looks like it exposes the Docker Remote API to the world. Is it correct?
Well, even if you're running this locally on a computer connected directly to the internet (e.g. ipv6) and using the mapping suggested in readme: 8080:8080 you're under threat.
If you're running locally wouldn't a remote client need to traverse NAT to reach your local machine? If you're running local and don't have your "public facing" router forwarding traffic internally I think you'd be ok... Though I may be misunderstanding something. If you're running it remotely you could bind the visualizers port 8080 to the IP of a tun adapter and VPN to the remote machine to ensure the visualizer access is restricted to clients connected via the VPN network.
traverse NAT
Some internet providers don't use NAT and provide a real IP address.
This is especially true if ipv6 is used where each device is directly exposed to the internet.
So TL;DR: never run this on a computer exposed to the internet. Is that correct?
Well, even when you're in company's VPN network, coworker can own your computer which might be a bad joke.
what If we just expose the endpoint that trigger all Docker Remote API queries on server-side instead of directly expose the Docker Remote API endpoint?
yep running this on production isn't good since by default docker will expose the port bypassing any firewall rules
How can this be run safely in production? What should be changed?
Let's keep in mind this is meant to be a sample app, not an app you would run in production. It initially was devised for visualization demos at DockerCon EU in 2015, and used again at DockerCon Seattle in 2016. So yes, it is not meant to be run in production.
If you wanted to run it in production you can Protect the Docker daemon socket. It's much more cumbersome to do so.