just_another_person@lemmy.world 2 months ago
Don’t forward them, close firewall ports, change configs to not listen on those ports, setup redirects to forward all requests on those ports to whichever you want…lots of options here
just_another_person@lemmy.world 2 months ago
Don’t forward them, close firewall ports, change configs to not listen on those ports, setup redirects to forward all requests on those ports to whichever you want…lots of options here
robolemmy@lemmy.world 2 months ago
My firewall is closed, nothing is forwarded. This is all on my LAN only. I just don’t want the non-https ports available at all, even on the LAN.
vividspecter@lemm.ee 2 months ago
There’s likely a firewall on the system that hosts the docker services, and docker’s default bridge rules bypass it when publishing a port. And since the docker rules are prioritised, it can be quite difficult to override them in a reliable way.
I personally use host networking to avoid the whole mess, but be aware you’ll have to change the internal ports for a bunch of services most likely, and that’s not always well-documented. And using the container name as the host name won’t work when referencing other containers, you’ll have to use e.g. localhost:<port number> even inside the network.
You can do the bind to localhost thing that others have mentioned, as long as the reverse proxy itself is inside the docker network.