mirror of
https://github.com/multica-ai/multica.git
synced 2026-06-16 19:29:26 +02:00
d04b00b32e
The base docker-compose.yml bound postgres to 0.0.0.0:5432 and docker-compose.selfhost.yml bound postgres/backend/frontend without a host_ip prefix — defaulting to 0.0.0.0 on all interfaces. On any VPS with a public IP, these services were reachable from the internet. Docker bypasses UFW iptables chains by default, so host- level firewall rules on these ports had no effect. Fix: prefix every port binding with 127.0.0.1 so services are only reachable from the host itself. This matches the documented DATABASE_URL (which uses localhost) and does not break any legitimate local dev or self-host workflow — connections from the host shell, migration scripts, and the backend container (via Docker internal network) all continue to work unchanged.
17 lines
331 B
YAML
17 lines
331 B
YAML
name: multica
|
|
|
|
services:
|
|
postgres:
|
|
image: pgvector/pgvector:pg17
|
|
environment:
|
|
POSTGRES_DB: multica
|
|
POSTGRES_USER: ${POSTGRES_USER:-multica}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-multica}
|
|
ports:
|
|
- "127.0.0.1:5432:5432"
|
|
volumes:
|
|
- pgdata:/var/lib/postgresql/data
|
|
|
|
volumes:
|
|
pgdata:
|