Nginx Question posted in
The official documentation can be found here.

Nginx and Gunicorn with Docker – How to limit access to Flask app to only nginx?

My current Flask and Docker setup is the following:

Current Flask with Docker Setup

In this scenario, end users access the application container from the external IP on port 80 (which is a request to the Nginx container), which then proxies the request over to application container running on port 8000 with Gunicorn. However, people can bypass Nginx by using the same URL, but specifying the port as 8000, accessing the app directly using Gunicorn.

How do I limit access to my Flask application so it is only accessible via the Nginx container? If I block port 8000 in my server’s firewall, would Nginx still be able to proxy to the container running on port 8000?

Tags:

2

Answers


  1. 0

    If you --bind=127.0.0.1:800 (doc) then gunicorn should be limited to the (docker) host.

    You should test this to confirm.

    Login or Signup to reply.
  2. 0

    Use communication across links. Links allow containers to discover each other and securely transfer information about one container to another container. When you set up a link, you create a conduit between a source container and a recipient container. The recipient can then access select data about the source. To create a link, you use the –link flag.

    First start you app.

    docker run -d --name my_app APP_IMAGE

    Then start nginx container with link to your app container.

    docker run -d -P --name nginx --bind=YOUR_NGINX_BIND --link my_app:my_app NGINX_IMAGE

    Your application is now accessible from your nginx container via the alias "my_app" (no ip address needed). It will not be available from the host.

    More info: https://docs.docker.com/network/links/#communication-across-links

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search