The current docs (Docker & MongoDB | Containers & Compatibility | MongoDB) state:
If you need to access the MongoDB server from another application running locally, you will need to expose a port using the -p argument.
docker run --name mongodb -d -p 27017:27017 mongodb/mongodb-community-server:$MONGODB_VERSIONUsing this method, you will be able to connect to your MongoDB instance on mongodb://localhost:27017.
In fact, this command will expose port 27017 to the entire Internet. Even if you have a firewall, docker will helpfully modify iptables to open the port to the world. From my testing, running this command results in a ransomware attack in under an hour, which is not an ideal UX.
I suggest either:
-
Update the command to
docker run --name mongodb -d -p 127.0.0.1:27017:27017 mongodb/mongodb-community-server:$MONGODB_VERSION, which restricts port 27017 to localhost. -
Add a large security disclaimer.
This should reduce the number of users affected by ransomware, eg: