Skip to content

Commit 6bca2b9

Browse files
committed
docs: clarify compose port edits for Docker nodes
1 parent ec76499 commit 6bca2b9

2 files changed

Lines changed: 3 additions & 1 deletion

File tree

src/content/docs/network/nodes/validator-node/deploy-nodes/using-docker.mdx

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,8 @@ and VFN will be deployed on separate machines.
159159
containers. In Docker deployments, a host firewall rule alone may not block a port that is still published by
160160
Compose. Publish only the ports each node role needs, keep REST/admin/inspection ports private unless explicitly
161161
required, and verify from a machine outside your host or VPC that ports meant to stay closed are not reachable.
162+
If a Compose file publishes `8080:8080` (or similar for `9101` / `9102`) and you do not want external access, either
163+
remove that entry or bind it to a trusted interface, e.g., `127.0.0.1:8080:8080`.
162164
</Aside>
163165

164166
7. To start the validator node, run the following command in your working directory:

src/content/docs/zh/network/nodes/validator-node/deploy-nodes/using-docker.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ import { Aside } from '@astrojs/starlight/components';
139139

140140
<Aside type="caution">
141141
**Docker 网络与已发布端口**<br />
142-
在启动容器之前,请检查 `docker-compose.yaml``docker-compose-fullnode.yaml` 中的 `ports:` 配置.在 Docker 部署中,如果端口仍由 Compose 发布,仅靠主机防火墙规则可能不足以阻止访问.只发布每种节点角色确实需要的端口,除非您明确需要,否则应保持 REST API / 管理 / 检查服务端口为私有,并从主机或 VPC 外部的机器验证本应关闭的端口确实无法访问.
142+
在启动容器之前,请检查 `docker-compose.yaml``docker-compose-fullnode.yaml` 中的 `ports:` 配置.在 Docker 部署中,如果端口仍由 Compose 发布,仅靠主机防火墙规则可能不足以阻止访问.只发布每种节点角色确实需要的端口,除非您明确需要,否则应保持 REST API / 管理 / 检查服务端口为私有,并从主机或 VPC 外部的机器验证本应关闭的端口确实无法访问.如果 Compose 文件里发布了 `8080:8080`(或 `9101` / `9102` 的类似映射),而您又不希望外部访问,请删除该条目,或者将其绑定到受信任的接口,例如 `127.0.0.1:8080:8080`.
143143
</Aside>
144144

145145
7. 要启动验证器节点,在您的工作目录中运行以下命令:

0 commit comments

Comments
 (0)