From cea4cf93b985ef5f38516d374c9b0ce15bf84c14 Mon Sep 17 00:00:00 2001 From: Jeremy Stein Date: Wed, 1 May 2024 18:11:59 +0100 Subject: [PATCH 1/4] Listen only on localhost for services that the CLI needs to talk to but where no external access (eg from the DSD) is required. --- docker-compose.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4125666b2..1fdc2b6ec 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,7 +94,7 @@ services: env_file: - ./docker/common.env ports: - - "${HASHER_API_PORT}:8000" + - "127.0.0.1:${HASHER_API_PORT}:8000" volumes: - *logs-volume networks: @@ -243,8 +243,8 @@ services: timeout: 30s retries: 3 ports: - - "${RABBITMQ_PORT}:5672" - - "${RABBITMQ_ADMIN_PORT}:15672" + - "127.0.0.1:${RABBITMQ_PORT}:5672" + - "127.0.0.1:${RABBITMQ_ADMIN_PORT}:15672" networks: - pixl-net volumes: @@ -281,7 +281,7 @@ services: hasher-api: condition: service_healthy ports: - - "${PIXL_EXPORT_API_PORT}:8000" + - "127.0.0.1:${PIXL_EXPORT_API_PORT}:8000" healthcheck: interval: 10s timeout: 30s @@ -331,7 +331,7 @@ services: PIXL_QUERY_TIMEOUT: ${PIXL_QUERY_TIMEOUT} PIXL_MAX_MESSAGES_IN_FLIGHT: ${PIXL_MAX_MESSAGES_IN_FLIGHT} ports: - - "${PIXL_IMAGING_API_PORT}:8000" + - "127.0.0.1:${PIXL_IMAGING_API_PORT}:8000" ################################################################################ # Data Stores @@ -354,7 +354,7 @@ services: source: postgres-data target: /var/lib/postgresql/data ports: - - "${POSTGRES_PORT}:5432" + - "127.0.0.1:${POSTGRES_PORT}:5432" healthcheck: test: ["CMD", "pg_isready", "-U", "${PIXL_DB_USER}"] interval: 10s From a72b5dbf85a5b85ede1f6f13c708c9a5680e82f9 Mon Sep 17 00:00:00 2001 From: Jeremy Stein Date: Wed, 1 May 2024 18:27:27 +0100 Subject: [PATCH 2/4] Ditto in the tests. No need to expose these externally. --- pixl_core/tests/docker-compose.yml | 12 ++++++------ pixl_export/tests/docker-compose.yml | 2 +- pixl_imaging/tests/docker-compose.yml | 8 ++++---- test/docker-compose.yml | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/pixl_core/tests/docker-compose.yml b/pixl_core/tests/docker-compose.yml index ed9270086..e6d81fa97 100644 --- a/pixl_core/tests/docker-compose.yml +++ b/pixl_core/tests/docker-compose.yml @@ -22,8 +22,8 @@ services: RABBITMQ_DEFAULT_USER: guest RABBITMQ_DEFAULT_PASS: guest ports: - - "25672:5672" - - "35672:15672" + - "127.0.0.1:25672:5672" + - "127.0.0.1:35672:15672" healthcheck: test: rabbitmq-diagnostics -q check_running interval: 10s @@ -43,8 +43,8 @@ services: RAW_IP_ADDR: "orthanc-raw" # aka. hostname DICOM_WEB_PLUGIN_ENABLED: true ports: - - "4243:4242" - - "8043:8042" + - "127.0.0.1:4243:4242" + - "127.0.0.1:8043:8042" networks: - pixl-test healthcheck: @@ -67,8 +67,8 @@ services: RAW_IP_ADDR: "dicom-web" # aka. hostname DICOM_WEB_PLUGIN_ENABLED: true ports: - - "4244:4242" - - "8044:8042" + - "127.0.0.1:4244:4242" + - "127.0.0.1:8044:8042" volumes: - ../../test/dicomweb_config/:/run/secrets:ro networks: diff --git a/pixl_export/tests/docker-compose.yml b/pixl_export/tests/docker-compose.yml index fab3f14c3..312f620a5 100644 --- a/pixl_export/tests/docker-compose.yml +++ b/pixl_export/tests/docker-compose.yml @@ -26,7 +26,7 @@ services: POSTGRES_DB: pixl PGTZ: Europe/London ports: - - "35432:5432" + - "127.0.0.1:35432:5432" env_file: - ../../docker/common.env command: postgres -c 'config_file=/etc/postgresql/postgresql.conf' diff --git a/pixl_imaging/tests/docker-compose.yml b/pixl_imaging/tests/docker-compose.yml index 0ffe50e8a..6189f4679 100644 --- a/pixl_imaging/tests/docker-compose.yml +++ b/pixl_imaging/tests/docker-compose.yml @@ -29,8 +29,8 @@ services: RAW_DICOM_PORT: "4242" RAW_IP_ADDR: "orthanc-raw" # aka. hostname ports: - - "4243:4242" - - "8043:8042" + - "127.0.0.1:4243:4242" + - "127.0.0.1:8043:8042" volumes: - ../../test/vna_config/:/run/secrets:ro @@ -52,8 +52,8 @@ services: ORTHANC_AUTOROUTE_RAW_TO_ANON: "false" PROJECT_CONFIGS_DIR: "/projects/configs" ports: - - "4244:4242" - - "8044:8042" + - "127.0.0.1:4244:4242" + - "127.0.0.1:8044:8042" volumes: # Overriding config for the test - ./orthanc_raw_config/:/run/secrets:ro diff --git a/test/docker-compose.yml b/test/docker-compose.yml index fb6d20d93..71f186b72 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -30,8 +30,8 @@ services: RAW_DICOM_PORT: "4242" RAW_IP_ADDR: "orthanc-raw" # aka. hostname ports: - - "4243:4242" - - "8043:8042" + - "127.0.0.1:4243:4242" + - "127.0.0.1:8043:8042" volumes: - ./vna_config/:/run/secrets:ro healthcheck: @@ -55,8 +55,8 @@ services: RAW_IP_ADDR: "dicomweb-server" # aka. hostname DICOM_WEB_PLUGIN_ENABLED: true ports: - - "4244:4242" - - "8044:8042" + - "127.0.0.1:4244:4242" + - "127.0.0.1:8044:8042" volumes: - ./dicomweb_config/:/run/secrets:ro networks: From d769c9e6d09a7ef71e0ed1001df4a4c00d869b98 Mon Sep 17 00:00:00 2001 From: Jeremy Stein Date: Thu, 2 May 2024 10:39:30 +0100 Subject: [PATCH 3/4] Update docker-compose.yml Co-authored-by: Stef Piatek --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1fdc2b6ec..abed7e4e7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -244,7 +244,7 @@ services: retries: 3 ports: - "127.0.0.1:${RABBITMQ_PORT}:5672" - - "127.0.0.1:${RABBITMQ_ADMIN_PORT}:15672" + - "${RABBITMQ_ADMIN_PORT}:15672" networks: - pixl-net volumes: From 45cee8d1e175f66b846cd2d2a6f574f51e2fd6b7 Mon Sep 17 00:00:00 2001 From: Jeremy Stein Date: Thu, 2 May 2024 10:41:59 +0100 Subject: [PATCH 4/4] Postgres needs external access --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index abed7e4e7..8320eb92c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -354,7 +354,7 @@ services: source: postgres-data target: /var/lib/postgresql/data ports: - - "127.0.0.1:${POSTGRES_PORT}:5432" + - "${POSTGRES_PORT}:5432" healthcheck: test: ["CMD", "pg_isready", "-U", "${PIXL_DB_USER}"] interval: 10s