From 1434c371bd4c699783a21a2e321f2d8afce2e9f1 Mon Sep 17 00:00:00 2001 From: Marc Leuser Date: Mon, 15 Feb 2021 10:46:23 +0100 Subject: [PATCH] safer port binding of etherpad docker container don't bind to any host port if nginx_proxy is used only bind to localhost if it's not used --- group_vars/matrix_servers | 2 ++ roles/matrix-etherpad/defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 11d6e7150..843dfb20d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -765,6 +765,8 @@ matrix_dimension_database_password: "{{ matrix_synapse_macaroon_secret_key | pas matrix_etherpad_enabled: false +matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}" + matrix_etherpad_systemd_required_services_list: | {{ ['docker.service'] diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 28bb0c8d3..d5cac2f3b 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -19,7 +19,7 @@ matrix_etherpad_user_gid: '5001' # Controls whether the matrix-etherpad container exposes its HTTP port (tcp/9001 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9001"), or empty string to not expose. -matrix_etherpad_container_http_host_bind_port: '9001' +matrix_etherpad_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_etherpad_container_extra_arguments: []