fix(security): also disable Dozzle container actions

chriscrosstalk · claude · jakeaturner · commit 2cc0ab2feb55 · 2026-03-19T23:19:17.000Z
Dozzle runs on port 9999 with no authentication. DOZZLE_ENABLE_ACTIONS
allows anyone on the LAN to stop/restart containers. NOMAD already
handles container management through its own admin UI.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/install/management_compose.yaml b/install/management_compose.yaml
@@ -51,7 +51,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock # Allows Dozzle to read logs from the Host's Docker daemon
     environment:
-      - DOZZLE_ENABLE_ACTIONS=true # Enables the action buttons (restart, stop, etc.)
+      - DOZZLE_ENABLE_ACTIONS=false # Disabled — unauthenticated container stop/restart on LAN
       - DOZZLE_ENABLE_SHELL=false  # Disabled — shell access + Docker socket = privilege escalation
   mysql:
     image: mysql:8.0
