Page 1 of 1

[Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 21 May 2025, 23:07
by shabzone
Looking to host my own photo service and was thinking about security. Even though SPC is set up, docker still has access to the filesystem and network and runs as root. If the container has mounts to my fs that would expose everything if there was an attack, correct?

Re: [Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 22 May 2025, 17:29
by OrionXie
shabzone wrote: 21 May 2025, 23:07
I think so. 1. You may need to search for and use relevant commands to configure Docker account or access restrictions;
2. Alternatively, you can use our application software Photos to host your photos. We hope it can help you and have a pleasant day.

Re: [Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 22 May 2025, 20:39
by shabzone
Where can I find more documentation and tech specs for photos? Thanks

Re: [Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 23 May 2025, 23:11
by OrionXie
shabzone wrote: 22 May 2025, 20:39
The following is an explanation related to Photos for your reference.
https://toshelp.terra-master.com/web/#/en/Terra_Photos

Re: [Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 22 Aug 2025, 15:20
by Aarona
What are the potential risks of running Docker containers as root? How can these risks be mitigated to enhance security?

Re: [Discussion] What are the best practices for security when exposing docker containers to the internet?

Posted: 22 Aug 2025, 16:18
by CursaYang
If a process within a container gains root privileges, it may affect the security of the host machine or other containers.

It is advisable to run containers using non-root users. Limit the network permissions and mounted file systems of the container to prevent access to sensitive parts of the host machine.