35
What's the biggest docker footgun you've experienced?
(programming.dev)
DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle.
Rules:
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
A lot of people don't don't realize that the port configuration of
127.0.0.1:8080
/localhost:8080
is different than just8080
. One binds to localhost, meaning remote machines can't access it and the other does not.Combine this with the fact that people don't realize docker bypasses firewalls like ufw or firewalld, editing ip/nftables rules directly...If you use an ip/port search engine like shodan or zoomeye, you can find loads of docker containers that probably weren't supposed to be on the net.
Protip: you can configure the default host bind IP via
/etc/docker/daemon.json
. You could for example set:which would result in
-p "8080:8080"
being equivalent to-p "127.0.0.1:8080:8080"