which ports in docker-compose.yml can be changed to expose?
I changed port 4500:80 to expose and 8082:80 too as expose is referred to in the comment. For all other ports no comment refers to expose to block public access. Which ports have to be publicly accessible?
Actually we have these open ports on the server:
80/tcp open (is redirected by nginx to 443)
443/tcp open https
1883/tcp open
3000/tcp open
4200/tcp open
5672/tcp open
8004/tcp open
8081/tcp open
15672/tcp open
15675/tcp open
With Docker Compose Tiledesk has a reverse proxy that work on 8081 port. So this is the public port to access to all the Tiledesk components (Dashboard, Widget, Web Chat).
So if you want you had to change 8081 port to YOUR port.
For example docker container webwidget has port 4200 configured in yml-file:
webwidget:
image: chat21/chat21-web-widget:5.0.38
container_name: chat21-web-widget
ports:
- “4200:80” # specify port forewarding
As this is configured as ports: and not expose:, port 4200 is open to public on the host.
If I set all container ports to expose, they are no more publicly accessible, but chat stops working. Therefore I need to know which ports have to be publicly accessible.
I changed now all ports: definitions in docker-compose.yml to expose: except for the proxy container. The proxy container is limited to localhost:
proxy:
image: tiledesk/tiledesk-docker-proxy:v1.1.0
container_name: tiledesk-docker-proxy
ports:
- “127.0.0.1:8081:80” # specify port forewarding
depends_on:
- server
- dashboard
- webwidget
- chat21httpserver
- rabbitmq
command: [nginx-debug, ‘-g’, ‘daemon off;’]
With this configuration tiledesk seems to run fine and no container ports are any more publicly accessible:
nmap shows:
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Andrea, is there anything against this configuration from your side?