You can do this with an additional inter-container network (or mutiple if You see the need or usecase for that.), because for such setup to work reliably it is essential that each container only has one non-internal network assigned. To complete the answer of for Your demand. I'd like a proper answer on how to secure my "frontend" facing network, without having to specify specific ports in iptables. The current answer gives me some direction, but requires manual rules for each port.
I'm trying to find an easy way in docker or iptables to do that. I had assumed, it would be simple to just expose one network to the outside world. The backend services, I want to restrict IP ranges to (Allow some other non docker networks to communicate), and the frontend services I want to open exposed ports to the world.įor the bounty: There's clearly a way in docker to define multiple overlay networks. To be more clear: My intent right now is for the backend services to communicate with each other for now, so removing EXPOSE would work now, but ultimately, I want to partition the 2 networks.Nginx container should be able to access redis service 6379 internally. In the example above, I should be able to access nginx from the outside world on port 80 or 443, but NOT redis.This is a simple 1 server setup (Digital Ocean), running Ubuntu 18.04 LTS.How do I expose frontend to the world, but allow backend services to communicate with each other without exposing them to the world? (I'm assuming using iptables, or specifying in docker which network I want to expose to the host).You'll notice I have 2 networks here, frontend and backend. This file contains 2 networks: version: '2.1' I have a new application that I've created via a docker-compose file.
0 kommentar(er)
