My firewall is closed, nothing is forwarded. This is all on my LAN only. I just don’t want the non-https ports available at all, even on the LAN.
My firewall is closed, nothing is forwarded. This is all on my LAN only. I just don’t want the non-https ports available at all, even on the LAN.
vividspecter@lemm.ee 3 weeks ago
There’s likely a firewall on the system that hosts the docker services, and docker’s default bridge rules bypass it when publishing a port. And since the docker rules are prioritised, it can be quite difficult to override them in a reliable way.
I personally use host networking to avoid the whole mess, but be aware you’ll have to change the internal ports for a bunch of services most likely, and that’s not always well-documented. And using the container name as the host name won’t work when referencing other containers, you’ll have to use e.g. localhost:<port number> even inside the network.
You can do the bind to localhost thing that others have mentioned, as long as the reverse proxy itself is inside the docker network.