Is there server and Docker security features?

[ronald2wing]

Like, install UFW if not installed, use a private network by default.
This article mentions that it is possible to expose the ports to the public if Kamal is misused. https://www.gingerlime.com/2024/self-hosting-with-kamal-watch-your-ports-when-shipping/ Maybe add a warning when exposing the ports?

Also, the server security would be lifesaving for users.
Kamal really helps new people set up servers easily and quickly, and there are too many server security problems that people often miss.
Some hosting providers might use outdated Ubuntu or have ports exposed, and a few security defaults could save lives.

[nickhammond]

@ronald2wing You can utilize the docker-setup hook to harden your servers, here's an example #1404

The hook runs after Docker is installed on your server, so it's usually the best place to put that type of setup unless you're already doing it when you create your servers. UFW is a pretty common one, along with fail2ban, but installation is dependent upon the distro, apk add ip6tables ufw on Alpine vs. apt-get install ufw on Ubuntu, for example.

https://kamal-deploy.org/docs/hooks/docker-setup/