skip to Main Content

I have a Docker container on port 8081 running on Centos7, and a reverse proxy with Nginx.
My domain have a LetsEncrypt SSl installed and it works good when i access "https://my.example.com", it redirects me to my 8081 Docker.

But i when i access "http://my.example.com:8081", i still can reach my Docker application…i don’t want to enable this…don’t want to enable any http access.

I want to reach 8081 only through Nginx reverse proxy (that forces me to https)…i think it may be some configuration on my iptables, but i don’t have experience with it.
Can someone help me?

Thanks!

This is my conf.d file in Nginx

    server{
    server_name my.example.com;
    location / {
    proxy_pass http://localhost:8081;}

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server{
    if ($host = my.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

   listen 80;
   server_name my.example.com;
   return 404; # managed by Certbot
 
 
}

2

Answers


  1. Chosen as BEST ANSWER

    I have resolved this issue using the firewall application from my hosting provider(Vultr). There, i left 8081 only for local access, so now it's not possible to access this without passing through Nginx reverse proxy!


  2. iptables does not understand the difference between HTTP or HTTPS, it understands only ip; ports and mac levels, if you try to block port 8081 with iptables even your https connection will be dropped or rejected depending on your choice.

    If your docker container is accessible from the outside without passing through the reverse proxy, it is a container configuration issue, or if your nginx reverse proxy lets through http packets, then it is an nginx configuration issue, I think we need more details from your side.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search