archive/bramw_baserow
1
0
Fork 0
mirror of https://gitlab.com/bramw/baserow.git synced 2025-04-07 14:25:37 +00:00
Code Issues Projects Releases Wiki Activity

Resolve "Don't expose ports for debugging purposes by default in docker-compose.yml"

Browse source
This commit is contained in:
Nigel Gott 2021-07-15 09:15:44 +00:00
parent 36fa7c8bb5
commit 9103f8e81d
7 changed files with 106 additions and 80 deletions

5
changelog.md
View file

@ -1,6 +1,11 @@
# Changelog
## Unreleased
* **Breaking Change**: Baserow's `docker-compose.yml` no longer exposes ports for
the `db`, `mjml` and `redis` containers for security reasons.
* **Breaking Change**: `docker-compose.yml` will by default only expose Baserow on
`localhost` and not `0.0.0.0`, meaning it will not be accessible remotely unless
manually configured.
## Released (2021-07-13)

4
docker-compose.dev.yml
View file

@ -2,6 +2,10 @@ version: "3"
services:
db:
ports:
- "${HOST_PUBLISH_IP:-127.0.0.1}:${POSTGRES_PORT:-5432}:5432"
backend:
build:
context: .

12
docker-compose.yml
View file

@ -8,8 +8,6 @@ services:
- POSTGRES_USER=${DATABASE_USER:-baserow}
- POSTGRES_PASSWORD=${DATABASE_PASSWORD:-baserow}
- POSTGRES_DB=${DATABASE_NAME:-baserow}
ports:
- "${POSTGRES_PORT:-5432}:5432"
networks:
local:
volumes:
@ -18,8 +16,6 @@ services:
redis:
container_name: redis
image: redis:6.0
ports:
- "${REDIS_PORT:-6379}:6379"
networks:
local:
@ -28,8 +24,6 @@ services:
image: liminspace/mjml-tcpserver:0.10
# mjml is based off the node image which creates a non root node user we can run as
user: "1000:1000"
ports:
- "${MJML_PORT:-28101}:28101"
networks:
local:
@ -57,7 +51,7 @@ services:
- EMAIL_SMTP_PASSWORD
- FROM_EMAIL
ports:
- "${BACKEND_PORT:-8000}:8000"
- "${HOST_PUBLISH_IP:-127.0.0.1}:${BACKEND_PORT:-8000}:8000"
depends_on:
- db
- redis
@ -148,7 +142,7 @@ services:
- PUBLIC_WEB_FRONTEND_URL=${PUBLIC_BACKEND_URL:-http://localhost:3000}
- ADDITIONAL_MODULES
ports:
- "${WEB_FRONTEND_PORT:-3000}:3000"
- "${HOST_PUBLISH_IP:-127.0.0.1}:${WEB_FRONTEND_PORT:-3000}:3000"
depends_on:
- backend
networks:
@ -159,7 +153,7 @@ services:
container_name: media
build: media
ports:
- "${MEDIA_PORT:-4000}:80"
- "${HOST_PUBLISH_IP:-127.0.0.1}:${MEDIA_PORT:-4000}:80"
depends_on:
- media-volume-fixer
volumes:

2
docs/development/dev_sh.md
View file

@ -58,7 +58,7 @@ $ ./dev.sh restart {EXTRA_COMMANDS_PASSED_TO_UP}
$ ./dev.sh down # downs the env
$ ./dev.sh kill # kills (the old stop_dev.sh)
# Bind to different ports on the host manage incase you are already running them and they clash! (also works with just docker-compose up)
$ POSTGRES_PORT=5555 REDIS_PORT=6666 MJML_PORT=7777 ./dev.sh
$ POSTGRES_PORT=5555 ./dev.sh
```
### Why ./dev.sh ensures the containers run as you

68
docs/guides/baserow-docker-how-to.md
View file

@ -21,30 +21,13 @@ $ docker-compose logs
### Run Baserow alongside existing services
Baserow's docker-compose files will automatically bind to various ports on your
machine's network. If you already have applications or services using those ports the
Baserow service which uses that port will crash:
```bash
Creating network "baserow_local" with driver "bridge"
Creating db ...
Creating db ... error
Creating redis ...
WARNING: Host is already in use by another container
Creating mjml ... done
Creating redis ... done
ERROR: for db Cannot start service db: driver failed programming external connectivity on endpoint db (...): Error starting userland proxy: listen tcp4 0.0.0.0:5432: bind: address already in use
ERROR: Encountered errors while bringing up the project.
```
Baserow's docker-compose files will automatically expose the `backend`, `web-frontend`
and `media` containers to your machine's network. If you already have applications or
services using those ports the Baserow service which uses that port will crash.
To fix this you can change which ports Baserow will use by setting the corresponding
environment variable:
- For `postgres` set `POSTGRES_PORT` which defaults to `5432`
- For `redis` set `REDIS_PORT` which defaults to `6379`
- For `mjml` set `MJML_PORT` which defaults to `28101`
- For `backend` set `BACKEND_PORT` which defaults to `8000`
- For `web-frontend` set `WEB_FRONTEND_PORT` which defaults to `3000`
- For `media` set `MEDIA_PORT` which defaults to `4000`
@ -52,9 +35,42 @@ environment variable:
This is how to set these variables in bash:
```bash
$ POSTGRES_PORT=5555 REDIS_PORT=6666 MJML_PORT=7777 docker-compose up
$ BACKEND_PORT=8001 docker-compose up
$ # or using dev.sh
$ POSTGRES_PORT=5555 REDIS_PORT=6666 MJML_PORT=7777 ./dev.sh
$ BACKEND_PORT=8001 ./dev.sh
```
### Make Baserow publicly accessible
By default when you run `docker-compose up` you can only access Baserow from the same
machine by visiting `localhost:3000` or `127.0.0.1:3000`. If you are running the Baserow
docker containers on a remote server which you want to access over a network or the
public internet you need to set some environment variables to expose Baserow.
> Please be warned that there is a security flaw with docker and the ufw firewall.
> By default docker when exposing ports on 0.0.0.0 will bypass any ufw firewall rules
> and expose the above containers publicly from your machine on the network. Please see
> https://github.com/chaifeng/ufw-docker for more information and how to setup ufw to
> work securely with docker.
You will need to set the following three environment variables to successfully expose
Baserow on your network.
1. `HOST_PUBLISH_IP=0.0.0.0` - This will configure `docker-compose.yml` to expose
Baserow's containers on all IP addresses on the host machine, instead of just
localhost. Warning: if you are using UFW please see the warning above.
2. `PUBLIC_BACKEND_URL={REPLACE_WITH_YOUR_DOMAIN_NAME_OR_HOST_IP}:8000` - This will
ensure that Baserow clients will be able to successfully connect to the backend,
if you can visit Baserow at port `3000` but you are getting API errors please ensure
this variable is set correctly.
3. `PUBLIC_WEB_FRONTEND_URL={REPLACE_WITH_YOUR_DOMAIN_NAME_OR_HOST_IP}:3000` - The same
variable as above but the URL for the web-frontend container instead.
For example you could run the command below after replacing `REPLACE_ME` with the
IP address or domain name of the server where Baserow is running:
```bash
$ HOST_PUBLISH_IP=0.0.0.0 PUBLIC_BACKEND_URL=REPLACE_ME:8000 PUBLIC_WEB_FRONTEND_URL=REPLACE_ME:3000 docker-compose up
```
### Configure an external email server
@ -133,10 +149,10 @@ $ ./dev.sh run backend manage sync_templates
### Build Error - Service 'backend' failed to build: unable to convert uid/gid chown
This error occurs when attempting to build Baserow's docker images with a version of
Docker earlier than 19.03. It can also occur when you are attempting to build
Baserow version 1.3 or earlier using a version of Docker less than 20.10. You can check
your local docker version by running `docker -v` and fix the error by installing the
latest version of Docker from https://docs.docker.com/get-docker/.
Docker earlier than 19.03. It can also occur when you are attempting to build Baserow
version 1.3 or earlier using a version of Docker less than 20.10. You can check your
local docker version by running `docker -v` and fix the error by installing the latest
version of Docker from https://docs.docker.com/get-docker/.
### Permission denied errors

63
docs/guides/running-baserow-locally.md
View file

@ -1,14 +1,15 @@
# Running Baserow locally
# Running Baserow locally
If you just want to try out Baserow on your local computer, it is best to use
`docker-compose`. The provided `docker-compose.yml` file will launch a production
version of Baserow and can be used to run Baserow locally or as a starting point for
If you just want to try out Baserow on your local computer, it is best to use
`docker-compose`. The provided `docker-compose.yml` file will launch a production
version of Baserow and can be used to run Baserow locally or as a starting point for
building your own production Baserow setup.
### Quickstart
### Quickstart
If you are familiar with git and docker-compose run these commands to launch baserow
If you are familiar with git and docker-compose run these commands to launch baserow
locally, otherwise please start from the Installing Requirements section below.
```bash
$ git clone --branch master https://gitlab.com/bramw/baserow.git
$ cd baserow
@ -18,18 +19,19 @@ $ docker-compose up
## Installing requirements
If you haven't already installed docker and docker-compose on your computer you can do
so by following the instructions on https://docs.docker.com/desktop/ and
so by following the instructions on https://docs.docker.com/desktop/ and
https://docs.docker.com/compose/install/.
> Docker version 19.03 is the minimum required to build Baserow. It is strongly
> advised however that you install the latest version of Docker available: 20.10.
> Please check that your docker is up to date by running `docker -v`.
You will also need git installed which you can do by following the instructions on
https://www.linode.com/docs/development/version-control/how-to-install-git-on-linux-mac-and-windows/.
You will also need git installed which you can do by following the instructions on
https://www.linode.com/docs/development/version-control/how-to-install-git-on-linux-mac-and-windows/
.
After installing all the required software you should be able to run the
following commands in your terminal.
After installing all the required software you should be able to run the following
commands in your terminal.
```
$ docker -v
@ -40,21 +42,21 @@ $ git --version
git version 2.24.3 (Apple Git-128)
```
If all commands return something similar as described in the example, then you are
ready to proceed!
If all commands return something similar as described in the example, then you are ready
to proceed!
## Starting baserow using docker-compose
## Starting baserow using docker-compose
> Note that this has only been tested on MacOS Catalina and Ubuntu 20.04. If you run
> Note that this has only been tested on MacOS Catalina and Ubuntu 20.04. If you run
> into any issues with other operating systems, feel free to contact us via the form on
> https://baserow.io/contact.
For example purposes I have created a directory in my home folder named `baserow`.
You can of course follow the steps in any directory, but in this tutorial I will assume
the working directory is `~/baserow`.
For example purposes I have created a directory in my home folder named `baserow`. You
can of course follow the steps in any directory, but in this tutorial I will assume the
working directory is `~/baserow`.
First we have to clone the repository. Execute the following commands to clone the
master branch. If you are not familiar with git clone, this will download a copy
First we have to clone the repository. Execute the following commands to clone the
master branch. If you are not familiar with git clone, this will download a copy
Baserow's code to your computer.
```
@ -65,9 +67,9 @@ Cloning into 'baserow'...
$ cd baserow
```
Now that we have our copy of the repo and have changed directories to the newly
created `baserow`, we can bring up the containers. You just have to execute the
`docker-compose up` command. It might take a while for the command to finish, this is
Now that we have our copy of the repo and have changed directories to the newly
created `baserow`, we can bring up the containers. You just have to execute the
`docker-compose up` command. It might take a while for the command to finish, this is
because the image has to be built from scratch.
```
@ -81,12 +83,17 @@ Starting celery ... done
Starting web-frontend ... done
```
Once everything has finished, you can visit http://localhost:3000 in your browser
and you should be redirected to the login screen. From here you can create a new account
and start using the software.
Once everything has finished, you can visit http://localhost:3000 in your browser and
you should be redirected to the login screen. From here you can create a new account and
start using the software.
> Baserow will not be accessible by default from machines other than the one it is
> running on. Please see the [docker how to](baserow-docker-how-to.md)
> on how to configure Baserow so you can access it over a network or the internet.
## Further Reading
- See [docker how to guide](baserow-docker-how-to.md) for a larger collection of
useful operations and commands.
- See [docker how to guide](baserow-docker-how-to.md) for a larger collection of useful
operations and commands.
- See [docker usage](../reference/baserow-docker-api.md) for more detail on how
Baserow's docker setup can be used and configured.

32
docs/reference/baserow-docker-api.md
View file

@ -63,8 +63,8 @@ $ ./dev.sh run backend COMMAND
## Web Frontend CLI
The `baserow_web-frontend` and `baserow_web-frontend_dev` images provide various commands
used to change what process is started inside the container.
The `baserow_web-frontend` and `baserow_web-frontend_dev` images provide various
commands used to change what process is started inside the container.
```bash
Usage: docker run <imagename> COMMAND
@ -95,26 +95,25 @@ variables available for configuring baserow's docker setup.
All of these variables can be set like so:
```bash
$ POSTGRES_PORT=5555 REDIS_PORT=6666 MJML_PORT=7777 docker-compose up
$ BACKEND_PORT=8001 docker-compose up
$ # or using dev.sh
$ POSTGRES_PORT=5555 MIGRATE_ON_STARTUP=false ./dev.sh
$ BACKEND_PORT=8001 MIGRATE_ON_STARTUP=false ./dev.sh
```
### Local and Dev Variables
Port configuration (these only work when used with the docker-compose files):
- `POSTGRES_PORT` (default `5432`) : The port the `db` container will bind to on your
local network.
- `REDIS_PORT` (default `6379`) : The port the `redis` container will bind to on your
local network.
- `MJML_PORT` (default `28101`) : The port the `mjml` container will bind to on your
local network.
- `HOST_PUBLISH_IP` (default `127.0.0.1`) : The IP address on the docker host Baserow's
containers will bind exposed ports to. By default Baserow only exposes it's containers
ports on localhost, please see
the [Baserow Docker How To](../guides/baserow-docker-how-to.md)
on how to expose Baserow over a network or the internet.
- `BACKEND_PORT` (default `8000`) : The port the `backend` container will bind to on
your local network.
- `WEB_FRONTEND_PORT` (default `3000`) : The port the `web-frontend` container will bind
to on your local network.
- `MEDIA_PORT` (default `4000`) : The port the `media` nginx container will bind to on
- `WEB_FRONTEND_PORT` (default `3000`) : The port the `web-frontend`
container will bind to on your local network.
- `MEDIA_PORT` (default `4000`) : The port the `media` nginx container will bind to on
your local network.
Backend configuration:
@ -124,11 +123,11 @@ Backend configuration:
- `SYNC_TEMPLATES_ON_STARTUP` (default `true`) : When `true` on backend server startup
it will run the baserow management command `sync_templates` which loads any templates
found in `./backend/templates` into Baserow.
Pass through variables:
These environment variables when provided to the docker-compose files are passed through
to the correct containers. See [the introduction](../getting-started/introduction.md)
to the correct containers. See [the introduction](../getting-started/introduction.md)
for what these variables do.
- `PUBLIC_BACKEND_URL`
@ -142,7 +141,6 @@ for what these variables do.
- `EMAIL_SMTP_PASSWORD`
- `FROM_EMAIL`
### Dev Only Variables
- `UID` (default `1000` or your user id when using `./dev.sh`) : Sets which user id will
@ -151,3 +149,5 @@ for what these variables do.
- `GID` (default `1000` or your group id when using `./dev.sh`) : Sets which group id
will be used to build Baserow's images with and the group id which will be used to run
the processes inside Baserow containers.
- `POSTGRES_PORT` (default `5432`) : The port the `db` container will bind to on your
local network.