• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Security valnerability when managing Docker through Plesk

D

Domm

New Pleskian
Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server.

This can be mitigated when creating a container from the command line, by specifying the local IP for the port mapping eg
Code: 
-p 127.0.0.1:32768:3360
This will ensure the the MySQL server can only be accessed from the host and not externally. This mitigation cannot be used when creating a container via Plesk, as the port mapping option does not accept the <IP address>:<port> format.

The core issue with Docker is discussed at length here: DOCKER-USER iptables chain missing in 19.03.3 · Issue #810 · docker/for-linux

As a simple fix I'd suggest that Plesk not only allows the <IP address>:<port> format for port mapping, but makes it the default when creating containers.

I lack the reputation to post this in the 'Reports' forum, but I believe that this is where is should be raised.
 
Thank you for the hint.
I tried to use "SSH local port forwaring" to access a app on local port 9000

Bash: 
ssh -N [email protected] -L 9000:server.com:9000

Part of the docker-compose.yml
YAML: 
    ports:
      - 127.0.0.1:9000:9000

Tried to open server.com:9000 in my browser, but could not access the app.

Any idea?
 
bendim said:
Thank you for the hint.
I tried to use "SSH local port forwaring" to access a app on local port 9000

Bash: 
ssh -N [email protected] -L 9000:server.com:9000

Part of the docker-compose.yml
YAML: 
    ports:
      - 127.0.0.1:9000:9000

Tried to open server.com:9000 in my browser, but could not access the app.

Any idea?
Click to expand...

I found the solution. Hope it helps.

Bash: 
ssh -N [email protected] -L 9000:localhost:9000

Open browser localhost:9000
 
You must log in or register to reply here.

Similar threads

L
Resolved Plesk Docker extension Stacks not picking local .env
Replies
2
Views
687
LytraX
L
G
Issue restore database to mariadb 11.7.2 (Docker) create 500 exception
Replies
1
Views
357
gbailey123
G
B
Question Can Mailcow Dockerized be made the main Mailserver on Plesk Obsidian + Debian 12 platform
Replies
0
Views
621
bosse1
B
B
Question Can I make Mailcow Dockerized the main Mailserver on Plesk Obsidian + Debian 12 platform
Replies
1
Views
645
bosse1
B
P
Resolved How to expose a Docker port to the public?
Replies
1
Views
3K
philippL
P
Back
Top