-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change Docker quickstart to only bind to localhost #80812
Conversation
Under the [wrong circumstances](https://twitter.com/gnyman/status/1441073513457233928) our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups. [Discussed](https://twitter.com/gnyman/status/1441119091645812742) [multiple](https://twitter.com/xeraa/status/1441164987049803787) [times](https://twitter.com/hmoffatt/status/1461067219647885315), we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this. Since this has changed in 8.0, but we'll have 7.16 around for a long time, I've only committed the change to the 7.16 branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @xeraa.
I also pushed 7149ba7 to update the run command in Stating a single node cluster with Docker. While this is also intended largely for test purposes, it can expose ES publicly.
I'll open a separate PR to update the Kibana instructions.
This LGTM.
Pinging @elastic/es-delivery (Team:Delivery) |
Pinging @elastic/es-docs (Team:Docs) |
…80833) Under the [wrong circumstances](https://twitter.com/gnyman/status/1441073513457233928) our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups. [Discussed](https://twitter.com/gnyman/status/1441119091645812742) [multiple](https://twitter.com/xeraa/status/1441164987049803787) [times](https://twitter.com/hmoffatt/status/1461067219647885315), we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Philipp Krenn <xeraa@users.noreply.github.com>
…80834) Under the [wrong circumstances](https://twitter.com/gnyman/status/1441073513457233928) our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups. [Discussed](https://twitter.com/gnyman/status/1441119091645812742) [multiple](https://twitter.com/xeraa/status/1441164987049803787) [times](https://twitter.com/hmoffatt/status/1461067219647885315), we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Philipp Krenn <xeraa@users.noreply.github.com>
…80835) Under the [wrong circumstances](https://twitter.com/gnyman/status/1441073513457233928) our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups. [Discussed](https://twitter.com/gnyman/status/1441119091645812742) [multiple](https://twitter.com/xeraa/status/1441164987049803787) [times](https://twitter.com/hmoffatt/status/1461067219647885315), we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Philipp Krenn <xeraa@users.noreply.github.com>
…80836) Under the [wrong circumstances](https://twitter.com/gnyman/status/1441073513457233928) our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups. [Discussed](https://twitter.com/gnyman/status/1441119091645812742) [multiple](https://twitter.com/xeraa/status/1441164987049803787) [times](https://twitter.com/hmoffatt/status/1461067219647885315), we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this. Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com> Co-authored-by: Philipp Krenn <xeraa@users.noreply.github.com>
The current Docker run instructions can expose Kibana and Elasticsearch publicly to the internet. This updates the instructions to bind to localhost to avoid this. Relates to elastic/elasticsearch#80812
) The current Docker run instructions can expose Kibana and Elasticsearch publicly to the internet. This updates the instructions to bind to localhost to avoid this. Relates to elastic/elasticsearch#80812
) The current Docker run instructions can expose Kibana and Elasticsearch publicly to the internet. This updates the instructions to bind to localhost to avoid this. Relates to elastic/elasticsearch#80812
Under the wrong circumstances our quickstart will expose Elasticsearch and Kibana to the internet, which is rather surprising and what we avoid with our other defaults / setups.
Discussed multiple times, we should explicitly bind to localhost to avoid such surprises. Those who know Docker reasonably well will be able to change it without problems and those who don't know Docker are probably better off like this.
Since this has changed in 8.0, but we'll have 7.16 around for a long time, I've only committed the change to the 7.16 branch.