From 0c8fa056d28827b617c94a4a99737009e0819f00 Mon Sep 17 00:00:00 2001 From: Tim Stollberg Date: Sat, 18 Jul 2026 16:13:34 +0700 Subject: [PATCH] feat(docker): expose mysql on host loopback for SSH-tunneled DB access Binds only to 127.0.0.1 on the Coolify host, not 0.0.0.0, so the DB is reachable via an SSH tunnel (e.g. SequelAce) but never exposed publicly. --- docker/docker-compose.prod.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml index b394c25..ab0cb2b 100644 --- a/docker/docker-compose.prod.yml +++ b/docker/docker-compose.prod.yml @@ -33,6 +33,8 @@ services: MYSQL_USER: ${DB_USERNAME} MYSQL_PASSWORD: ${DB_PASSWORD} MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} + ports: + - "127.0.0.1:3306:3306" volumes: - mysql_data:/var/lib/mysql healthcheck: