fleet/docs/solutions
Victor Lyuboslavsky ea22c8087b
Bind docker ports to 127.0.0.1 (#42232)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42226

When doing dev in a remote environment, like a public cloud VM, don't
expose ports to the public.
This is a contributor security improvement.

The localstack fail is present on main, and was not caused by this
change:
https://github.com/fleetdm/fleet/actions/runs/23439965808/job/68187858627

# Checklist for submitter

## Testing

- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Docker Compose configuration updated across multiple services (Redis,
MySQL, mail, monitoring, and storage services) to restrict port bindings
to localhost only instead of all network interfaces.
* Documentation Docker Compose examples updated to reflect
localhost-only port binding for core services.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-23 12:30:23 -05:00
..
all Create openclaw-detection.queries.yml (#40250) 2026-02-22 18:11:39 -05:00
android Solutions updates 2026-03-12 (#41596) 2026-03-16 11:58:51 -05:00
api-scripts Add script to sync Jamf user assignments to Fleet device mapping (#42177) 2026-03-20 14:54:45 -04:00
docker-compose Bind docker ports to 127.0.0.1 (#42232) 2026-03-23 12:30:23 -05:00
ios-ipados Add GlobalProtect profile (#42096) 2026-03-19 14:54:30 -05:00
linux added .keep file to add empty folders (#35109) 2025-11-03 11:45:48 -05:00
macos Solutions updates 2026-03-12 (#41596) 2026-03-16 11:58:51 -05:00
tines Update Jamf API endpoints (#39146) 2026-02-06 13:58:40 -06:00
windows Combine Windows MDM migration remediation into single script (#41537) 2026-03-13 08:59:27 +01:00
README.md Solutions symlinks (#37732) 2025-12-29 12:42:56 -06:00

Solutions

Best Practices

General

  • Name the file what the profile does.
    • For example, instead of googlePlayProtectVerifyApps.json (the name of the Android policy for this control), describe what it does: enforce-google-play-protect.json.
  • Use kebab case in file names, with all letters in lowercase.
    • Instead of passwordPolicy.json, use password-policy.json.
  • Be sure to end files with an empty newline.

If a solution is applicable to multiple platforms, keep the original in the main platform directory and symlink it to the other platforms. For example, if an Apple configuration profile can be used on both macOS and iOS, use macOS as the source, and create a symlink in the iOS directory.

  • cd docs/solutions/ios-ipados/configuration-profiles/
    • Note that this is the destination that we want the symlink to be in.
  • ln -s ../../macos/configuration-profiles/my-profile.mobileconfig .
    • The . here at the end means the current directory, and will use the same file name as the original (which is what we want).
  • git add profile.mobileconfig
  • git commit