Join Log in
Score:0
Ryan avatar Server

How to correctly block access to a port forwarded docker container?

jp flag
Ryan

I have a VPS running docker. I have an Apache container running that port forwards some random port to port 80 in the container.

I can hit my VPS IP on the random port and it loads the site as expected.

In addition, I've setup SSL on my Nginx reverse proxy and am wanting SSL termination via Nginx which forwards the request in cleartext to the container. This is also working, but the container port is still exposed to the outside world.

What is the recommended approach to only allow what is defined in my nginx conf to be what is exposed? In other words, how can I secure the container to be only accessible to nginx?

154
0 + 0
Score:1
avatar Server
in flag
Gerald Schneider

By default docker binds mapped ports to 0.0.0.0, which exposes it to all interfaces. If you don't want that, you can bind it to the local interface only.

docker run -p 127.0.0.1:8080:80 httpd
0 + 0
Ryan avatar
jp flag
Ryan
Thanks, that was easy. For some reason I was thinking 0.0.0.0 was already binding to localhost and forgot it was exposing to all and not just local. Thanks for the quick response and explanation.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.