yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: bind redis and postgres ports to localhost only

Browse Source 
Prevents external access to Redis (6379) and Postgres (5432).
Both services are internal-only - containers communicate via
Docker network, host port binding only needed for local debugging.

Flagged by DigitalOcean security scan 2026-02-22.
This commit is contained in:
Aaron Aronchick
2026-02-22 03:53:28 +00:00
parent 1c8a531f6a
commit 79120681de
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
compose.yml
View File

@@ -10,7 +10,7 @@ services:
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
ports: ports:
- "${POSTGRES_PORT:-5432}:5432" - "127.0.0.1:${POSTGRES_PORT:-5432}:5432"
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 5s interval: 5s
@@ -20,7 +20,7 @@ services:
redis: redis:
image: redis:7-alpine image: redis:7-alpine
ports: ports:
- "${REDIS_PORT:-6379}:6379" - "127.0.0.1:${REDIS_PORT:-6379}:6379"
backend: backend:
build: build: