Comments (10)
Vanuan
commented on June 26, 2024
Well, even if you're running this locally on a computer connected directly to the internet (e.g. ipv6) and using the mapping suggested in readme: 8080:8080 you're under threat.
from docker-swarm-visualizer.
justintime4tea
commented on June 26, 2024
If you're running locally wouldn't a remote client need to traverse NAT to reach your local machine? If you're running local and don't have your "public facing" router forwarding traffic internally I think you'd be ok... Though I may be misunderstanding something. If you're running it remotely you could bind the visualizers port 8080 to the IP of a tun adapter and VPN to the remote machine to ensure the visualizer access is restricted to clients connected via the VPN network.
from docker-swarm-visualizer.
Vanuan
commented on June 26, 2024
traverse NAT
Some internet providers don't use NAT and provide a real IP address.
This is especially true if ipv6 is used where each device is directly exposed to the internet.
So TL;DR: never run this on a computer exposed to the internet. Is that correct?
from docker-swarm-visualizer.
Vanuan
commented on June 26, 2024
Well, even when you're in company's VPN network, coworker can own your computer which might be a bad joke.
from docker-swarm-visualizer.
nsmag
commented on June 26, 2024
what If we just expose the endpoint that trigger all Docker Remote API queries on server-side instead of directly expose the Docker Remote API endpoint?
from docker-swarm-visualizer.
oppianmatt
commented on June 26, 2024
yep running this on production isn't good since by default docker will expose the port bypassing any firewall rules
from docker-swarm-visualizer.
knutole
commented on June 26, 2024
How can this be run safely in production? What should be changed?
from docker-swarm-visualizer.
ManoMarks
commented on June 26, 2024
Let's keep in mind this is meant to be a sample app, not an app you would run in production. It initially was devised for visualization demos at DockerCon EU in 2015, and used again at DockerCon Seattle in 2016. So yes, it is not meant to be run in production.
If you wanted to run it in production you can Protect the Docker daemon socket. It's much more cumbersome to do so.
from docker-swarm-visualizer.
ManoMarks
commented on June 26, 2024
Warning added in #67
from docker-swarm-visualizer.
oppianmatt
commented on June 26, 2024
Protecting the socket guide doesn't help. Thats already protected. This app
bypasses that and expose a the docker socket to all.
…On 15 Aug 2017 22:45, "Mano Marks" ***@***.***> wrote:
Warning added in #67
<#67>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#66 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAC91N1kwOM5G6HJUnO-sk97oFQAA07qks5sYhF7gaJpZM4NTFwR>
.
from docker-swarm-visualizer.
Related Issues (20)
- alexellis2/visualizer-arm tag 0.4 missing on Docker Hub HOT 4
- Unable to display content while containers are preparing HOT 5
- Hosting container of this image in AWS ECS cluster HOT 1
- Visualizer displays wrong info if previous tasks failed HOT 6
- Vsualizer for Arm HOT 1
- Docker service creation taking more time HOT 1
- blue screen but showing nothing HOT 8
- Show engine labels on nodes. HOT 1
- docker pull manomarks/visualizer Using default tag: latest Error response from daemon: manifest for manomarks/visualizer:latest not found HOT 1
- Can we have a tag for 1809 please so I can run in-process on win server 2019. HOT 2
- Scaling visualizer HOT 2
- Invalid format conversion
- Not showing anything HOT 4
- running on ARM Raspberry 3B HOT 3
- Showing red but no details are there, how to trace that? HOT 2
- Node is continuosly removed HOT 1
- cmd gets truncated HOT 1
- Update node.png HOT 1
- Make it possible use socket-proxy HOT 1
- h.default.findWhere is not a function HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-swarm-visualizer.