How to correctly block access to a port forwarded docker container?

docker nginx

I have a VPS running docker. I have an Apache container running that port forwards some random port to port 80 in the container.

I can hit my VPS IP on the random port and it loads the site as expected.

In addition, I've setup SSL on my Nginx reverse proxy and am wanting SSL termination via Nginx which forwards the request in cleartext to the container. This is also working, but the container port is still exposed to the outside world.

What is the recommended approach to only allow what is defined in my nginx conf to be what is exposed? In other words, how can I secure the container to be only accessible to nginx?


Solution 1:

By default docker binds mapped ports to 0.0.0.0, which exposes it to all interfaces. If you don't want that, you can bind it to the local interface only.

docker run -p 127.0.0.1:8080:80 httpd

Related

What happens if a website does not have a robots.txt file?
How to power-up PSU from Proliant DL185 without mobo?
How to make Request Tracker use an external SMTP mail server?
where does my sftp passwords save in linux?
How to use klist to show kerberos principal instance URL?
Starcraft 2: Effectively harass as zerg
Can I remotely control my PS3 with my laptop?
Which NES game is depicted in this "This Kid is Awesome!" meme poster?
What is the surface water to land ratio in minecraft?
Forming an arc in SC2 - mechanics
What does 'Increased Sign Intensity' mean?
Is it viable to play through the Witcher: Enhanced Edition relying heavily on magic?