memes

16705 readers

2629 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads/AI Slop

No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website

430

When webdevs choosing port for their app (infosec.pub)

submitted 2 weeks ago by oplkill@lemmy.world to c/memes@lemmy.world

50 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Mora@pawb.social 1 points 2 weeks ago (2 children)

Welcome to the community then :) For rootful Docker you are correct - the inside port can be 80 and you can expose it on whatever port you want (ideally you expose it only via reverse proxy and not by port - I can recommend Caddy-Docker-Proxy for that)

[–] Jakeroxs@sh.itjust.works 1 points 2 weeks ago (1 children)

I use Traefik already, but thank you! :)

[–] Mora@pawb.social 1 points 2 weeks ago (1 children)

Also a great choice :)

[–] Jakeroxs@sh.itjust.works 1 points 2 weeks ago (1 children)

Got me curious on rootless vs root docker, there's so much.

[–] Mora@pawb.social 2 points 2 weeks ago

Since rootless docker is (mostly) a security improvement, here is a interesting list of other Docker realted security tips I like to consult: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

[–] null@slrpnk.net 1 points 2 weeks ago (1 children)

If you're using a reverse-proxy, why bother mapping ports at all?

[–] Mora@pawb.social 2 points 2 weeks ago* (last edited 2 weeks ago)

Absolutely, it is not necessary if the proxy can reach the service in other ways (e.g. a shared network). Some non-http services don't like to be proxied though. Some constellations where the proxy is not on the same host as the containers may also make it necessary. My answer was based on the possibility to not have the same inside/outside port, not necessarily the need though😉