On the default installation, done through kobo-install, ports for postgres, mongo and redis are defined through ports:, and potentially accessible from the outside.
Is this correct? Can the communication between containers go through expose:?
If the open state of the ports is a requirement of the application, should it not be noted in the readme / documentation?
Please can someone shed some light on this subject, I am sure it will be beneficial to many.
Thanks,
Can’t say for sure, but I’d imagine that the ports are configured in this way to allow for split front/back end setups.
If you’re worried about ports being open on the host you might want to consider configuring some basic firewall rules to reject all requests other than local.
@jmillar is right. It has been done this way to allow backend containers to run on another server.
But there is always place for improvement and it’s one of the open issues. https://github.com/kobotoolbox/kobo-install/issues/57.
Using a firewall is strongly recommended.
It is in the next release of kobo-docker
https://github.com/kobotoolbox/kobo-docker/tree/kobo-install-two-databases#secure-your-installation
Great 
@maric.vladimir,
A quick reply to tell you a new version has been released where ports are not exposed anymore (by default).
It contains few other features but more important it uses two different databases.
