Optional database network isolation
Jean
Subject: Feature request – Optional database network isolation
I would like to propose a security improvement for EasyPanel, specifically for critical applications.
Currently, when applications and their databases share common Docker networks, a compromised application could potentially gain network access to other databases hosted on the same platform.
In this context, the database is the highest-priority asset to protect.
I am therefore suggesting the addition of an optional feature, enabled at application installation time, that would provide:
Automatic creation of a dedicated private Docker network
The database connected only to this private network
No network exposure of the database
A guarantee that no other application can reach the database
UI option example:
☑ Enable Database Network Isolation (Advanced Security)
This option would be disabled by default, ensuring no impact on standard deployments, and used only when a higher security level is required.
This approach would significantly improve data protection while preserving EasyPanel’s simplicity and usability.
Thank you for your work on EasyPanel and for considering this request.
Exemple docker compose:
services:
app: &netbox
networks:
- net-private
- net-public
db:
image: docker.io/postgres:16-alpine
env_file: env/db.env
volumes:
- vol-db:/var/lib/postgresql/data
networks:
- net-private
networks:
net-public:
external: true
net-private: