Restrict publishing worker (metrics) ports to localhost
This commit is contained in:
parent
183adec3d8
commit
edc21f15e5
@ -47,14 +47,15 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% for worker in matrix_synapse_workers_enabled_list %}
|
{% for worker in matrix_synapse_workers_enabled_list %}
|
||||||
{% if matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled|default(False) %}
|
{% if matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled|default(False) %}
|
||||||
{# Expose worker ports (by default 18xxx range) on host if not using internal nginx proxy #}
|
{# Expose worker ports (by default in 18xxx range) on localhost, f.e. when using
|
||||||
|
an external reverse proxy outside the matrix docker network #}
|
||||||
{% if worker.port != 0 %}
|
{% if worker.port != 0 %}
|
||||||
-p {{ worker.port }}:{{ worker.port }} \
|
-p 127.0.0.1:{{ worker.port }}:{{ worker.port }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{# Expose worker metrics ports on host if defined #}
|
{# Expose worker metrics ports on localhost #}
|
||||||
{% if worker.metrics_port != 0 %}
|
{% if worker.metrics_port != 0 %}
|
||||||
-p {{ worker.metrics_port }}:{{ worker.metrics_port }} \
|
-p 127.0.0.1:{{ worker.metrics_port }}:{{ worker.metrics_port }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data,ro \
|
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data,ro \
|
||||||
|
Loading…
Reference in New Issue
Block a user