44 lines
1012 B
Markdown
44 lines
1012 B
Markdown
---
|
|
title: "[bojemoi_boot] fix(security): remove dnsmasq webproc port 8080 from public ingress"
|
|
date: 2026-04-09T22:29:01+02:00
|
|
draft: false
|
|
tags: ["commit", "bojemoi_boot", "main"]
|
|
categories: ["Git Activity"]
|
|
summary: "Commit e2761e1 par Betty dans bojemoi_boot"
|
|
author: "Betty"
|
|
---
|
|
|
|
## Commit `e2761e1`
|
|
|
|
| | |
|
|
|---|---|
|
|
| **Repository** | bojemoi_boot |
|
|
| **Branch** | `main` |
|
|
| **Author** | Betty |
|
|
| **Hash** | `e2761e17dbeb6ea4e6344ca349d4c3fd4fde1b0b` |
|
|
|
|
|
|
### Description
|
|
|
|
Port 8080 (webproc admin UI) was published directly, accessible from any
|
|
container on the backend/overlay networks. A compromised container could
|
|
rewrite dnsmasq config to redirect internal domains.
|
|
|
|
Admin UI remains accessible via Traefik at dnsmasq.bojemoi.lab (HTTPS).
|
|
Port 53 (DNS resolution) unchanged.
|
|
|
|
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
|
|
### Files Changed
|
|
|
|
```
|
|
M stack/01-boot-service.yml
|
|
```
|
|
|
|
### Diff Summary
|
|
|
|
```
|
|
stack/01-boot-service.yml | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
```
|