Move admin UI to separate internal port (5275) for security

- Admin API and static files only accessible on port 5275 - Main proxy port (8080) no longer serves admin endpoints - AdminPortFilter rejects admin requests on wrong port - AdminStaticFilesMiddleware only serves static files on admin port - Port 5275 NOT exposed in Dockerfile or docker-compose by default - Access admin UI via SSH tunnel or by uncommenting port mapping
2026-02-09 23:55:10 -05:00 · 2026-02-03 14:39:07 -05:00
parent 6abf0e0717
commit a8d04b225b
6 changed files with 99 additions and 7 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,6 +34,9 @@ services:
    restart: unless-stopped
    ports:
      - "5274:8080"
+      # Admin UI on port 5275 - ONLY expose if you need local access
+      # DO NOT expose through reverse proxy - contains sensitive config
+      # - "5275:5275"
    depends_on:
      redis:
        condition: service_healthy