From cb7b97b11d69a06309373d05600aff779287c484 Mon Sep 17 00:00:00 2001
From: Betty <betty.bombers@proyon.me>
Date: Thu, 9 Apr 2026 22:29:01 +0200
Subject: [PATCH] post: commit e2761e1 in bojemoi_boot

---
 .../commits/2026-04-09-commit-e2761e1.md      | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 content/posts/commits/2026-04-09-commit-e2761e1.md

diff --git a/content/posts/commits/2026-04-09-commit-e2761e1.md b/content/posts/commits/2026-04-09-commit-e2761e1.md
new file mode 100644
index 0000000..8390693
--- /dev/null
+++ b/content/posts/commits/2026-04-09-commit-e2761e1.md
@@ -0,0 +1,43 @@
+---
+title: "[bojemoi_boot] fix(security): remove dnsmasq webproc port 8080 from public ingress"
+date: 2026-04-09T22:29:01+02:00
+draft: false
+tags: ["commit", "bojemoi_boot", "main"]
+categories: ["Git Activity"]
+summary: "Commit e2761e1 par Betty dans bojemoi_boot"
+author: "Betty"
+---
+
+## Commit `e2761e1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi_boot |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `e2761e17dbeb6ea4e6344ca349d4c3fd4fde1b0b` |
+
+
+### Description
+
+Port 8080 (webproc admin UI) was published directly, accessible from any
+container on the backend/overlay networks. A compromised container could
+rewrite dnsmasq config to redirect internal domains.
+
+Admin UI remains accessible via Traefik at dnsmasq.bojemoi.lab (HTTPS).
+Port 53 (DNS resolution) unchanged.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-boot-service.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-boot-service.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+```