This repository was archived by the owner on Jun 13, 2025. It is now read-only.
Security: Publishing control port to the entire world?Β #1
Description
Right now, you are publishing the control port on the IP of the machine this is running on, and in the advanced config, you are also allowing access from everyone. This does not seem like a good idea on internet-facing machines.
A more secure configuration may be:
docker run [...] -p localhost:7396:7396 [...] coreweave/fah-gpu:7.5.1 \
FAHClient [...] --web-allow [docker-ip-range]/24 --allow [docker-ip-range]/24In that case, the control port is only bound to localhost and only allows access from machines in the docker network (you can of course restrict that even further if you want). With that config, you can access the control port from the local machine where docker is installed, or, when accessing the machine via SSH, you can do SSH port forwarding to use the client.foldingathome.org interface using ssh [machine] -L 7396:localhost:7396.