I’m using a docker compose file, and I have everything running just fine, containers talking to each other as needed, NPM reverse proxying everything via a duckdns subdomain… everything’s cool.
Problem is, I can still go to, for example, http://192.168.1.30:8080/ and get the services without http.
I’ve tried commenting out the ports in the compose file, which should make them only available on the internal network, I thought. But when I do that, the containers can no longer connect to each other.
Any advice for me?
Edit:
Thanks for the quick & helpful suggestions!
While investigating bridge networks, I noticed a mention that containers could only find each other on the default container bridge by container name, which I did not know. I had tried 127.0.0.1, localhost, the external IP, hostnames, etc but not container names.
In the end, the solution was just to use container names when telling each container how to find the others. No need for creating bridge networks or any other shenanigans.
Thank you!
Are you using the default bridge? I have a similar setup (with Traefik instead of NPM), and for each compose file am using separate networks for the internet, proxy, and backend services.
services: some_service: ... networks: - frontend_network - proxy_network - backend_network backend_service: ... networks: - backend_network networks: frontend_network: driver: "bridge" proxy_network: driver: "bridge" internal: true backend_network: driver: "bridge" internal: trueI’ve tried commenting out the ports in the compose file, which should make them only available on the internal network, I thought. But when I do that, the containers can no longer connect to each other.
Did you create an explicit network for them to talk on? Otherwise the default docker network doesn’t support internal DNS queries.
https://docs.docker.com/engine/network/#container-networks
Specifically you need a network using the bridge driver: https://docs.docker.com/engine/network/drivers/bridge/
Thank you! I’ll give that a go!
Can you access the http ports from outside your home network?
Nothing is accessible outside my network. The proxy is local only.
Then it doesn’t really matter, does it? If the traffic is only going over your local network, then the only people who could sniff said traffic would already have pwned your entire network, and using SSL would be pointless anyway.
You need to change the nginx config (for the website you will be hosting your services at. /etc/nginx/sites-available/yourdomain.com
You can reroute all http requests to https in that config.
Watch a video on how nginx works and how to set it up, and then look for example nginx configs for your services. It’s a pretty standard setting nowadays so the syntax should be easy to find.
I think nginx can be setup to work locally only, but do you even need it for that? It’s primary use is to proxy http requests to the different websites running on your server, enable https via letsencryt and so on, I think.
Don’t forward them, close firewall ports, change configs to not listen on those ports, setup redirects to forward all requests on those ports to whichever you want…lots of options here
My firewall is closed, nothing is forwarded. This is all on my LAN only. I just don’t want the non-https ports available at all, even on the LAN.
