From f352126e568552e078cce007513596d63648d977 Mon Sep 17 00:00:00 2001 From: elAgala Date: Sun, 26 Jan 2025 00:55:05 -0300 Subject: [PATCH] Modified docker definitions to use internal caddy_net Exposing ports on docker-compose bypasses UFW definitions, which is a high risk, so we use internal networks only to connect between containers --- templates/caddy/simple/docker-compose.yml | 2 +- templates/monitoring/docker-compose.yml | 6 ++---- templates/monitoring/prometheus.yml | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/templates/caddy/simple/docker-compose.yml b/templates/caddy/simple/docker-compose.yml index e4d131a..a268339 100644 --- a/templates/caddy/simple/docker-compose.yml +++ b/templates/caddy/simple/docker-compose.yml @@ -16,4 +16,4 @@ services: networks: caddy_net: # Crete VPN internal - Need to bind running containers to this network as well - driver: bridge + external: true # caddy_net must be created before spinning up containers diff --git a/templates/monitoring/docker-compose.yml b/templates/monitoring/docker-compose.yml index 8a4702b..86acf7f 100644 --- a/templates/monitoring/docker-compose.yml +++ b/templates/monitoring/docker-compose.yml @@ -3,8 +3,6 @@ services: image: prom/prometheus:latest container_name: prometheus restart: always - ports: - - "9090:9090" volumes: - ./prometheus.yml:/etc/prometheus/prometheus.yml networks: @@ -15,12 +13,12 @@ services: image: prom/node-exporter:latest container_name: node-exporter restart: always - ports: - - "9100:9100" networks: - monitoring_net networks: monitoring_net: driver: bridge + caddy_net: + external: true diff --git a/templates/monitoring/prometheus.yml b/templates/monitoring/prometheus.yml index 03c9fc5..c49cb8c 100644 --- a/templates/monitoring/prometheus.yml +++ b/templates/monitoring/prometheus.yml @@ -5,7 +5,7 @@ scrape_configs: - job_name: 'prometheus' static_configs: - - targets: ['localhost:9090'] + - targets: ['prometheus:9090'] - job_name: 'node' static_configs: