From 1fbc10df243ef58de08282b1b71bbd991d0f19f9 Mon Sep 17 00:00:00 2001 From: TiynGER Date: Fri, 21 May 2021 16:08:41 +0200 Subject: [PATCH] docker/nginx: move blocking remote ports to docker --- wiki/docker.md | 14 ++++++++++++++ wiki/nginx.md | 14 ++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/wiki/docker.md b/wiki/docker.md index d23ca8c..702521c 100644 --- a/wiki/docker.md +++ b/wiki/docker.md @@ -36,3 +36,17 @@ The programs below are useful docker-management systems in different style. To use Nvidia GPUs with docker you need to install the nvidia-cuda-toolkit. There is a [guide on marmelab](https://marmelab.com/blog/2018/03/21/using-nvidia-gpu-within-docker-container.html) that focusses on that topic. + +### Block remote port access + +If you configured a reverse proxy to a port chances are you don't want the port +to be accessed outside of the proxy. +Especially if you set up a authentication over nginx the open port will avoid +the authentication. +This can be changed at the forwarded docker-service by replacing for example +`-p 7000:7000` with `-p 172.17.0.1:7000:7000`. +This forces the docker container to only expose the port in the docker bridge +network, effectively banning remote access. + +If you use [Traefik](./traefik.md) it is not needed, because you don't have to +publish ports to reverse proxy them. diff --git a/wiki/nginx.md b/wiki/nginx.md index 16c1b29..aacc04f 100644 --- a/wiki/nginx.md +++ b/wiki/nginx.md @@ -2,15 +2,5 @@ ## Server -A server can be setup via docker with the [nasourso image](./docker-images/nasourso_-_nginx-certbot-docker-tui.md). - -### Block remote port access - -If you configured a reverse proxy to a port chances are you don't want the port -to be accessed outside of the proxy. -Especially if you set up a authentication over nginx the open port will avoid -the authentication. -This can be changed at the forwarded docker-service by replacing for example -`-p 7000:7000` with `-p 172.17.0.1:7000:7000`. -This forces the docker container to only expose the port in the docker bridge -network, effectively banning remote access. +A server can be setup via docker with the +[nasourso image](./docker-images/nasourso_-_nginx-certbot-docker-tui.md).