Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Network issues. #429

Open
infosecconsultant opened this issue Jul 11, 2023 · 2 comments
Open

Network issues. #429

infosecconsultant opened this issue Jul 11, 2023 · 2 comments

Comments

@infosecconsultant
Copy link

Since docker forces exposure of port 5000 to all network interfaces, what is the suggested way to limit this access to specific allowed IP's?
As there is no authentication on the software, running this software in a VPS exposes it (and it's results/capabilities) to the internet.

I tried using UFW to set firewall rules, but that does not work.

I am also unable to access the 'Task queue' at externalIP:5000/queue as the iFrame included is for 127.0.0.1.

Any help would be appreciated. Thanks!

@kazet
Copy link
Member

kazet commented Jul 13, 2023

Hello, the task queue iframe bug has been fixed - please clone the latest version of the repository and check whether it works.

Regarding limitting access, I would recommend using the cloud provider security settings, as making Docker work with ufw is non-trivial.

@matpanel
Copy link

I am no docker expert, but I managed to do it like this:
edit the following line inside the docker-compose.yaml file

web:
<<: *artemis-build-or-image
depends_on: [karton-system, karton-logger]
env_file: .env
ports: ["127.0.0.1:5000:5000"]
restart: always

This way port 5000 won't be exposed.

Also something that gave me a lot of headaches (off topic but I feel like I should tell the world :P)
when you run sudo ./scripts/run-docker-compose down to shutdown Artemis, one or more docker containers might stay at the Exited status state and doesn't really terminate.
So this "hanging" docker container creates an error when you sudo ./scripts/start Artemis again.
Error response from daemon: network be6e2d1754bef2ae7fb6027e79940d22e336270a64fbd00633a4a3a108894bb7 not found
So the solution is to find the docker container still running and remove it. And you do that like this:

/opt/Artemis$ sudo docker container ls -a
CONTAINER ID   IMAGE                       COMMAND                  CREATED        STATUS                    PORTS     NAMES
e959c32598c0   artemis-karton-ssl_checks   "python3 -m artemis.…"   19 hours ago   Exited (1) 19 hours ago             artemis-karton-ssl_checks-1
/opt/Artemis$ sudo docker rm e959c32598c0
e959c32598c0
/opt/Artemis$ sudo docker container ls -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Then if you run ./scripts/start again, everything will work just fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants