heartwood every commit a ring
repos / blog.bythewood.me / log / 907a4bed

Bind docker port to localhost only

907a4bed by Isaac Bythewood · 1 month ago 

Bind docker port to localhost only

Prevents Docker from exposing the app port publicly, bypassing Caddy
and the firewall. Only Caddy can reach the container now.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
modified docker-compose.yml 
@@ -12,7 +12,7 @@ services:    volumes:      - /srv/data/blog/:/data/    ports:      - "${PORT}:${PORT}"      - "127.0.0.1:${PORT}:${PORT}"    command: >      gunicorn blog.asgi:application --preload --workers 2 --max-requests 256      --timeout 30 --bind :${PORT} --worker-class uvicorn.workers.UvicornWorker
© 2026 Isaac Bythewood · Some rights reserved