Remove unnecessary published ports
SuperSandro2000 opened this issue · 2 comments
Why are the ports of some services published to the host despite not needing them? Caddy needs them for sure but why do filtron or morty need them?
caddy is bound to the host network:
searx-docker/docker-compose.yaml
Line 11 in 92cdb70
The reason: filtron needs the orginal IP address, and Docker won't send the original IPv6 address if caddy is not bound to the host network (it works with IPv4 addresses). See moby/moby#17666
You can have a look to this PR #26 (and for a workaround https://github.com/robbertkl/docker-ipv6nat ).
So in this configuration, the filtron and morty ports are exposed.
Just disable dockers userland proxy which will become a default in the future.
So in this configuration, the filtron and morty ports are exposed.
Which I think is a really bad default because docker bypasses ufw by default.