make container visible only for another docker container but not for machines IP

Greyberry

By Greyberry
in Docker Engine

Recommended Posts

Greyberry Rookie

Greyberry

Posted
Posted (edited)

Hi volks,

 

Is there a way to make a port of a server-socket of a docker container only available for another docker container?

I have an application behind my reverse proxy, and do not want it to be exposed to my LAN, but only to the reverse proxy, which is also running on the same unraid-machine.

 

I guess it involves a separate docker-network and fixed ips within it for the docker containers. Can we do this on unraid? Or is there an even easyer solution I do not think of?

 

happy holidays

Edited by Greyberry
Link to comment
  • 4 weeks later...
jameson_uk Rookie

jameson_uk

Posted
Posted
On 12/30/2022 at 2:37 AM, Greyberry said:

Is there a way to make a port of a server-socket of a docker container only available for another docker container?

I have an application behind my reverse proxy, and do not want it to be exposed to my LAN, but only to the reverse proxy, which is also running on the same unraid-machine.

 

I guess it involves a separate docker-network and fixed ips within it for the docker containers. Can we do this on unraid? Or is there an even easyer solution I do not think of?

Yes the easiest way to achieve this is to use a separate docker network but it isn't too complicated.   I run Home Assistant, MQTT and Zigbee2MQTT all in the same network but only HA is accessible from the LAN.
 

I am going off memory now but roughly you just need to open up a terminal window for your server and run 

docker network create <some_name>

If you want you can also assign a subnet using --subnet=x.x.x.x/y

After creating you should see the network appear in the network type drop down for the container in Unraid.

 

Just put whichever containers you want onto that network and they will all be able to talk to each other and you can then control which are accessible via LAN.

You don't need fixed IPs if using a custom bridge network like this and you can just reference the other containers by name (you can also use advanced options to add a --hostname parameter)

 

The only thing to be wary of is that I think you need to go into the docker settings in the UI and set the option "Preserve user defined networks" (under advanced settings) to yes else your network will get deleted when you restart

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing