Issue
I have Nginx has a reversed proxy to connect client request to docker running container.
The problem is you can access container by typing serverhost.fr:port_number. I want the client to only access the running container by a specific hostname.
Here my docker-compose.yml file :
version: '3'
services:
api:
image: username/backendimgage:latest
ports:
- "8081:8000"
restart: always
front:
depends_on:
- api
image: username/frontendimage:latest
ports:
- "8080:36073"
restart: always
I've tried to block with ufw, it breaks everything. I've tried to send a 401 code on Nginx using if statement like
if ( $host = serverhost.fr:port_number ){ return 401; }
OR
if ( $host ~* portnumber ){ return 401; }
But it doesn't work. I don't have a big ops background so I'm kind of lost.
Solution
If you're running the nginx proxy outside of Docker, you must connect to the published ports: from your containers.
By default when you publish ports: they're published on all interfaces of the host system. However, you can specify an alternate bind address. If you set a backend service to only publish on the 127.0.0.1 localhost interface, it won't be reachable from off host.
version: '3'
services:
api:
image: username/backendimgage:latest
ports:
- "127.0.0.1:8081:8000"
# ^^^^^^^^^
(If you're trying to connect from one container to another by using its host port – something like http://host.docker.internal:8081 on MacOS/Windows platforms – this will interfere with that, but you should be able to use Docker-native inter-container communication there.)
Answered By - David Maze Answer Checked By - Senaida (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.