Security Update for Docker Deployments
Channels DVR Server has received a security update that may potentially disrupt how you access it on your home network.
This includes accessing the web admin and your Channels clients connecting to it locally.
What is the issue?
We’ve found that there are certain Docker deployments that do not properly operate iptables
, which causes the source IP address to be discarded when using bridged networking.
This impacts our ability to properly secure your Channels DVR Server installation as it allows anyone from anywhere full access to your install.
Because we can not easily identify if a Docker deployment has this issue directly, we are proactively requiring authentication for the IP of the gateway address of the Docker deployment using bridged networking.
The main source of these Docker deployments with this issue is Docker running on Synology DSM systems.
Am I affected?
If you are NOT running Channels DVR Server via Docker, you are NOT affected. You can ignore this post.
If you ARE running Channels DVR Server via Docker AND using bridged networking, you MAY be affected.
Because we can not easily identify if a Docker deployment has the issue that we are resolving, we can only say that if you are hosting Channels DVR Server with Docker, then you will need to pay attention to this post.
What will happen?
If you are affected by the issue, you will no longer be able to freely connect to your Channels DVR Server web admin from your local network. You will be prompted to authenticate with a token.
Additionally, your Channels clients will no longer be able to connect to your Channels DVR Server.
What do I need to do?
You need to change the Docker networking mode for your Channels DVR Server to use host
networking.
Once you do this, you will be able to continue using Channels DVR Server and your Channels clients as you were before.
Docker Compose
If you are using Docker Compose, you will need to change your network_mode
to host
.
network_mode: host
Docker CLI
If you are using the Docker CLI, you will need to add --network=host
to your docker run
command.
docker run --network=host ...
UI Managed Docker
If you are using other software that manges your Docker deployment, you will need to change the networking mode to host
for your Channels DVR Server container.
You will need to reference the documentation of your UI managed Docker deployment to determine how to do this.
Categories
Recent Posts
Channels 6.0 for Apple TV & iOS
August 11, 2024
Channels 5.8 for Apple TV & iOS
February 8, 2024
Security Update for Docker Deployments
January 8, 2024
November 15, 2023
September 20, 2023
September 14, 2023