PostgreSQL should not be exposed externally by default

[kurokobo]

Self Checks

• This is only for bug report, if you would like to ask a question, please head to Discussions.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• Please do not modify this template :) and fill in all the required fields.

Dify version

1.0.0

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

1. Deploy 1.0.0 on Docker
2. Check the exposed ports

✔️ Expected Behavior

Only required ports (HTTP or HTTPS) are exposed.

❌ Actual Behavior

The port 5432 of the db container has been exposed externally (listening on 0.0.0.0) by default.

[dosubot]

The PostgreSQL port 5432 is exposed externally by default in Dify version 1.0.0 due to the configuration in the docker-compose.yaml file, which specifies the port mapping as ${EXPOSE_DB_PORT:-5432}:5432. This means that unless the EXPOSE_DB_PORT environment variable is set to a different value, it defaults to exposing port 5432 externally ^[1].

To prevent this, you can configure or override the EXPOSE_DB_PORT environment variable by setting it in a .env file or directly in the command line. For example, to avoid exposing the port externally, you can remove the port mapping or set it to a different port that is not exposed externally. Here’s how you can do it:

1. Using a .env file: Add or modify the following line in your .env file:

   EXPOSE_DB_PORT=5433
   

2. Using the command line: Run the docker-compose command with the environment variable set:

   EXPOSE_DB_PORT=5433 docker-compose up

This will change the external port mapping for the database service, helping to secure your deployment.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}