Basically, I have this doubt, I have some self hosted services in docker where I add the ports like this:
host_port:container_port, so I don’t specify the interface, so by default, it is 0.0.0.0.

Somebody recently told me that this is dangerous and that I expose my services to the public internet by doing this. I don’t want to do that since I am the only one accessing them so I just use a vpn to access them. So, to try this out, I typed in my browser my public ip alongside the host port I used for one of my services but I cannot access it. This has me puzzled. How’s the deal? Am I exposing it? Should I change it?

What are your thoughts? Thanks!

  • bloopernova@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    You’re not exposing anything unless your router/firewall explicitly allows it.

    0.0.0.0 just means “all addresses on this host”. So binding to 0.0.0.0:80 means “listen on every IP address, TCP port 80”

    So say you have a Linux box, and it has 4 network interfaces: 127.0.0.1 (localhost), 192.168.1.101 (main local network), 192.168.1.201 (second local network), and 172.16.10.1 (docker network).

    If you run a service on the Linux box, and specify that it listens on 0.0.0.0:80, that service will bind to all of those addresses, and be accessible via 127.0.0.1:80, both 192 addresses, and the docker network address.

    Now, if you run that same configuration in a docker container without the “-p host:container”, it will bind to the address given it in the docker network and only that address.

    If you run that same container with the -p host:container, it will bind to and listen on all network addresses.

    I hope that’s understandable, I’m kinda out of it today so I hope I’m not too incoherent!