Docker containers usually still reachable even if bound to 127.0.0.1

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • SaaSHub - Software Alternatives and Reviews
  • Moby

    Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

    As discussed extensively in https://github.com/moby/moby/issues/22054, which is linked from the OP: this doesn't actually help, because Docker (by default) bypasses your existing firewall rules.

  • apt2ostree

    Build ostree images based on Debian/Ubuntu

    With apt2ostree[1] we use lockfiles to allow us to version control the exact versions that were used to build a container. This makes updating the versions explicit and controlled, and building the containers functionally reproducible - albeit not byte-for-byte reproducible.

    [1]: https://github.com/stb-tester/apt2ostree#lockfiles

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • ufw-docker

    To fix the Docker and UFW security flaw without disabling iptables

    Docker's behavior is unintutivie but makes sense given how container networking works. If you use UFW read https://github.com/chaifeng/ufw-docker and follow the guide.

    Then configuring firewall rules to containers is as easy as

        - name: Open HTTPS

  • rkt

    rkt (and many other container solutions) was introduced after docker was released and became popular... they even mentioned docker's shortcomings as a motivation for the project creation [0]. It had all the same problems as other replacement software: there were plenty of bugs and missing features, documentation was limited, and there are no community to help you (the announcement explicitly mentions "prototype quality release"). None of those would be fatal if it was significantly better than docker, but it was not -- it was basically the same functionality. So almost no one made the switch. It is closed now [1]

    And why "rkt"? There were much better alternative container runtimes. For example Sylabs Singularity [2] -- container-as-a-file, instant mounting, etc... I wish more people knew about it.

    [0] https://web.archive.org/web/20141201181834/https://coreos.co...

    [1] https://github.com/rkt/rkt#warning-end-of-project-warning

    [2] https://github.com/sylabs/singularity#singularityce

  • singularity

    SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure. (by sylabs)

    rkt (and many other container solutions) was introduced after docker was released and became popular... they even mentioned docker's shortcomings as a motivation for the project creation [0]. It had all the same problems as other replacement software: there were plenty of bugs and missing features, documentation was limited, and there are no community to help you (the announcement explicitly mentions "prototype quality release"). None of those would be fatal if it was significantly better than docker, but it was not -- it was basically the same functionality. So almost no one made the switch. It is closed now [1]

    And why "rkt"? There were much better alternative container runtimes. For example Sylabs Singularity [2] -- container-as-a-file, instant mounting, etc... I wish more people knew about it.

    [0] https://web.archive.org/web/20141201181834/https://coreos.co...

    [1] https://github.com/rkt/rkt#warning-end-of-project-warning

    [2] https://github.com/sylabs/singularity#singularityce

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts