OrbStack
-
|
By default if a docker container has an exposed port it listens on 0.0.0.0:port. Is there an easy way to block remote access and limit to listen only on localhost / 127.0.0.1? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
Standard Docker way: |
Beta Was this translation helpful? Give feedback.
-
|
Yes, that's fine, tnx. However I was looking for a global setting (in orb or docker daemon) for default bind/listen ip to block remote access to containers. If you have a lot of projects with various docker-compose.yamls it would be nice to have a workaround insetad of changing each, one by one. |
Beta Was this translation helpful? Give feedback.
-
|
Why not use the macOS firewall? |
Beta Was this translation helpful? Give feedback.
-
|
Good hint, I had a try but did not work as expected. At first when I enabled the firewall it seemed to work perfectly, remote access just timed out. Later on without changing any firewall settings the container was accessible. The firewall with docker is somewhat inconsistent. Then I just stumbled upon a still open issue from 2016 docker/for-mac#729 reporting that the firewall does not work with docker on mac. |
Beta Was this translation helpful? Give feedback.
-
|
It works fine with OrbStack from my experience. Make sure you've disabled "Automatically allow downloaded signed software to receive incoming connections' and blocked "OrbStack Helper" in the firewall settings. |
Beta Was this translation helpful? Give feedback.
Standard Docker way:
❯ docker run -it --rm -p 127.0.0.1:8080:80 nginx