How to correctly block access to a port forwarded docker container?
I have a VPS running docker. I have an Apache container running that port forwards some random port to port 80 in the container.
I can hit my VPS IP on the random port and it loads the site as expected.
In addition, I've setup SSL on my Nginx reverse proxy and am wanting SSL termination via Nginx which forwards the request in cleartext to the container. This is also working, but the container port is still exposed to the outside world.
What is the recommended approach to only allow what is defined in my nginx conf to be what is exposed? In other words, how can I secure the container to be only accessible to nginx?
Solution 1:
By default docker binds mapped ports to 0.0.0.0
, which exposes it to all interfaces. If you don't want that, you can bind it to the local interface only.
docker run -p 127.0.0.1:8080:80 httpd