fic/server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

fickit: Allow connections to admin only from local (through ssh)

Browse Source
This commit is contained in:
nemunaire 2022-06-06 11:27:24 +02:00
parent cf7482a14a
commit cf502bd9d5
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fickit-backend.yml
View File

@ -162,7 +162,7 @@ services:
- /var/lib/fic/backups - /var/lib/fic/backups
- name: fic-admin - name: fic-admin
image: nemunaire/fic-admin:latest image: nemunaire/fic-admin:latest
command: ["/srv/admin", "-4real", "-bind=:8081", "-baseurl=/admin/", "-localimport=/mnt/fic", "-timestampCheck=/srv/submissions"] command: ["/srv/admin", "-4real", "-bind=127.0.0.1:8081", "-baseurl=/admin/", "-localimport=/mnt/fic", "-timestampCheck=/srv/submissions"]
env: env:
- MYSQL_HOST=db - MYSQL_HOST=db
- FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K - FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K
@ -360,7 +360,6 @@ files:
[0:0] -A INPUT -p icmp -j ACCEPT [0:0] -A INPUT -p icmp -j ACCEPT
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8081 -j ACCEPT
[0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8082 -j ACCEPT [0:0] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 8082 -j ACCEPT
[0:0] -A INPUT -i vethin-admin -s 172.17.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT [0:0] -A INPUT -i vethin-admin -s 172.17.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A INPUT -j LOG [0:0] -A INPUT -j LOG