• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Security valnerability when managing Docker through Plesk

D

Domm

New Pleskian
Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server.

This can be mitigated when creating a container from the command line, by specifying the local IP for the port mapping eg
Code: 
-p 127.0.0.1:32768:3360
This will ensure the the MySQL server can only be accessed from the host and not externally. This mitigation cannot be used when creating a container via Plesk, as the port mapping option does not accept the <IP address>:<port> format.

The core issue with Docker is discussed at length here: DOCKER-USER iptables chain missing in 19.03.3 · Issue #810 · docker/for-linux

As a simple fix I'd suggest that Plesk not only allows the <IP address>:<port> format for port mapping, but makes it the default when creating containers.

I lack the reputation to post this in the 'Reports' forum, but I believe that this is where is should be raised.
 
Thank you for the hint.
I tried to use "SSH local port forwaring" to access a app on local port 9000

Bash: 
ssh -N [email protected] -L 9000:server.com:9000

Part of the docker-compose.yml
YAML: 
    ports:
      - 127.0.0.1:9000:9000

Tried to open server.com:9000 in my browser, but could not access the app.

Any idea?
 
bendim said:
Thank you for the hint.
I tried to use "SSH local port forwaring" to access a app on local port 9000

Bash: 
ssh -N [email protected] -L 9000:server.com:9000

Part of the docker-compose.yml
YAML: 
    ports:
      - 127.0.0.1:9000:9000

Tried to open server.com:9000 in my browser, but could not access the app.

Any idea?
Click to expand...

I found the solution. Hope it helps.

Bash: 
ssh -N [email protected] -L 9000:localhost:9000

Open browser localhost:9000
 
You must log in or register to reply here.

Similar threads

P
Resolved How to expose a Docker port to the public?
Replies
1
Views
2K
philippL
P
A
Issue Docker Problems in Plesk Obsidian 18.0.60
Replies
1
Views
703
Kaspar
K
K
Resolved Grafana + MariaDB installed via docker extension -> networking issue
Replies
1
Views
944
ksau
K
B
Question How to get Docker Host IP - Password Pusher
Replies
3
Views
3K
BNO
B
C
Question Securing Docker ports to local access only with firewalld
Replies
8
Views
7K
captainhook
C
Back
Top