Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Port Mapping maps to 0.0.0.0 and not localhost making it accessible from the internet #4749

Open
knurzl opened this issue Jan 6, 2025 · 3 comments
Labels
🐛 Bug Reported issues that need to be reproduced by the team. 🔍 Triage Issues that need assessment and prioritization.

Comments

@knurzl
Copy link

knurzl commented Jan 6, 2025

Error Message and Logs

When i activate Port Mapping on my postgresql instance (6543:5432) it maps not only to localhost but all interfaces (0.0.0.0:6543->5432/tcp, [::]:6543->5432/tcp) and makes the instance publicly available. When i then try to make it publicly available on the same port it obviously cant and gives an error:

 l484ccc-proxy Pulling 
 l484ccc-proxy Pulled 
 Service l484ccc-proxy  Building
 Service l484ccc-proxy  Built
time="2025-01-06T13:33:19+01:00" level=warning msg="Found orphan containers ([cw40k40csgkkso48oc44wogs-proxy coolify-proxy]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up."
 Container l484ccc-proxy  Creating
 Container l484ccc-proxy  Created
 Container l484ccc-proxy  Starting
Error response from daemon: driver failed programming external connectivity on endpoint l484ccc-proxy (492c29bf16ce762ddeb8361102cc12bfb3b6b46a1f698508281b715f1f3c6590): Bind for 0.0.0.0:6543 failed: port is already allocated

Steps to Reproduce

  1. Start PostgreSQL
  2. Use Port Mapping

Example Repository URL

No response

Coolify Version

v4.0.0-beta.380

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

No response

Additional Information

No response

@knurzl knurzl added 🐛 Bug Reported issues that need to be reproduced by the team. 🔍 Triage Issues that need assessment and prioritization. labels Jan 6, 2025
@knurzl knurzl changed the title [Bug]: Port Mapping maps to 0.0.0.0 and not localhost making accessible from the internet [Bug]: Port Mapping maps to 0.0.0.0 and not localhost making it accessible from the internet Jan 6, 2025
@moerv9
Copy link

moerv9 commented Jan 7, 2025

I have found myself struggling with Port Mappings in Coolify too... Why you wanna not use default port mappings?
Coolify uses their own way of finding the correct instances by name and that generally works.

@knurzl
Copy link
Author

knurzl commented Jan 7, 2025

I have found myself struggling with Port Mappings in Coolify too... Why you wanna not use default port mappings? Coolify uses their own way of finding the correct instances by name and that generally works.

I don't struggle with it. It does not what it should. 🙈
Aside from that it's a security risk as it exposes a service to the internet, when not having a firewall. It should only map like
(6543->5432/tcp) and not like (0.0.0.0:6543->5432/tcp, [::]:6543->5432/tcp).

And yes know that i don't need it, but it's a nice feature and i would like to use it appropriately.

@limwa
Copy link

limwa commented Jan 14, 2025

Yes, exposing the Coolify (and other authorization-dependent endpoints) through HTTP instead of HTTPS is a security risk. You can either stop using the ports, or just disable their forwarding.

I disabled the forwarding by adding this docker-compose.custom.yml, under /data/coolify/source/docker-compose.custom.yml:

services:
  coolify:
    ports: !override
      - "127.0.0.1:${APP_PORT:-8000}:8080"

  soketi:
    ports: !override
      - "127.0.0.1:${SOKETI_PORT:-6001}:6001"
      - "127.0.0.1:6002:6002"

After creating the file, you need to execute ./upgrade.sh in the same folder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐛 Bug Reported issues that need to be reproduced by the team. 🔍 Triage Issues that need assessment and prioritization.
Projects
None yet
Development

No branches or pull requests

3 participants