From 6c6de37419facfae15c6223fc5ff95cf0aeea739 Mon Sep 17 00:00:00 2001
From: Scott Idem <stidem@gmail.com>
Date: Wed, 29 Apr 2026 14:02:48 -0400
Subject: [PATCH] fix: restrict Dozzle to localhost-only binding

Bind Dozzle to 127.0.0.1 to prevent exposure on external/LAN interfaces.
Previously bound to 0.0.0.0, allowing unauthenticated access to container
logs from any network-reachable host.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8d4356a..c9f1f37 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -202,7 +202,7 @@ services:
         volumes:
             - /var/run/docker.sock:/var/run/docker.sock
         ports:
-            - "${AE_DOZZLE_PORT:-8881}:8080"
+            - "127.0.0.1:${AE_DOZZLE_PORT:-8881}:8080"
         restart: unless-stopped
         logging:
             driver: "json-file"