Hello everybody,
recently, we started using the Docker extension of Plesk.
Personally, I think that this extension is - in theory - a brilliant idea.
However, when it comes to the details of implementation, I think that some things have not really been thought through to the end.
This is because of the way Docker interacts with iptables:
By default, it exposes ports to the whole world, not just to localhost!
Even worse, the nat entries used for that seem to "bypass" the protection...
Exposing Docker container ports for localhost only
recently, we started using the Docker extension of Plesk.
Personally, I think that this extension is - in theory - a brilliant idea.
However, when it comes to the details of implementation, I think that some things have not really been thought through to the end.
This is because of the way Docker interacts with iptables:
By default, it exposes ports to the whole world, not just to localhost!
Even worse, the nat entries used for that seem to "bypass" the protection...
Exposing Docker container ports for localhost only