Facebook
Twitter
Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server.
This can be mitigated when creating a container from the command line, by specifying the local IP for the port mapping eg
This will ensure the the MySQL server can only be accessed from the host and not externally. This mitigation cannot be used when creating a container via Plesk, as the port mapping option does not accept the <IP address>:<port> format.
The core issue with Docker is discussed at length here: DOCKER-USER iptables chain missing in 19.03.3 · Issue #810 · docker/for-linux
As a simple fix I'd suggest that Plesk not only allows the <IP address>:<port> format for port mapping, but makes it the default when creating containers.
I lack the reputation to post this in the 'Reports' forum, but I believe that this is where is should be raised.
This can be mitigated when creating a container from the command line, by specifying the local IP for the port mapping eg
Code:
-p 127.0.0.1:32768:3360The core issue with Docker is discussed at length here: DOCKER-USER iptables chain missing in 19.03.3 · Issue #810 · docker/for-linux
As a simple fix I'd suggest that Plesk not only allows the <IP address>:<port> format for port mapping, but makes it the default when creating containers.
I lack the reputation to post this in the 'Reports' forum, but I believe that this is where is should be raised.