From 617730ab761e0ec7ee389b4a9d853a9bcdb03444 Mon Sep 17 00:00:00 2001
From: Martin Gross <gross@rami.io>
Date: Tue, 10 Aug 2021 10:31:40 -0400
Subject: [PATCH] Update Smallscale Docker Docs: bind exposed ports to
 127.0.0.1 explicitly

---
 doc/admin/installation/docker_smallscale.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/admin/installation/docker_smallscale.rst b/doc/admin/installation/docker_smallscale.rst
index b6c9585611..0bec2404fb 100644
--- a/doc/admin/installation/docker_smallscale.rst
+++ b/doc/admin/installation/docker_smallscale.rst
@@ -39,6 +39,10 @@ Linux and firewalls, we recommend that you start with `ufw`_.
 .. warning:: We recommend **PostgreSQL**. If you go for MySQL, make sure you run **MySQL 5.7 or newer** or
              **MariaDB 10.2.7 or newer**.
 
+.. warning:: By default, using ufw in conjunction will not have any effect. Please make sure to either bind the exposed
+             ports of your docker container explicitly to 127.0.0.1 or configure docker to respect any set up firewall
+             rules.
+
 On this guide
 -------------
 
@@ -183,7 +187,7 @@ named ``/etc/systemd/system/pretix.service`` with the following content::
     TimeoutStartSec=0
     ExecStartPre=-/usr/bin/docker kill %n
     ExecStartPre=-/usr/bin/docker rm %n
-    ExecStart=/usr/bin/docker run --name %n -p 8345:80 \
+    ExecStart=/usr/bin/docker run --name %n -p 127.0.0.1:8345:80 \
         -v /var/pretix-data:/data \
         -v /etc/pretix:/etc/pretix \
         -v /var/run/redis:/var/run/redis \