堆栈内存溢出
  简体   繁体   English

在Docker内部表达应用程序。 限制仅访问主机本地主机

[英]Express app inside docker. Restricting access to host localhost only

 原文  2018-04-09 04:33:02       node.js/ express/ docker/ nginx

问题描述

I am trying to restrict access to my express/nodejs app so that it can only be accessed from it's domain url. 我试图限制对我的express / nodejs应用程序的访问,以便只能从其域URL访问它。 Currently if I go to http://ip-address-of-server:3000 , the app gets served directly, bypassing nginx. 目前,如果我转到http://ip-address-of-server:3000 ,则可以绕过nginx直接提供该应用程序。

I have tried adding 'localhost' in the app.listen -- 我尝试在app.listen中添加'localhost'-

app.listen(4000, 'localhost' , () => console.log('Server running'));

but this ends up making the app completely inaccessible. 但这最终使该应用完全无法访问。 Even through nginx. 即使通过nginx。

The app is running inside a docker container. 该应用程序正在docker容器中运行。 And nginx is running on the host. Nginx正在主机上运行。 I think this might be causing it but don't know how to fix this. 我认为这可能是造成此问题的原因,但不知道如何解决。

2 个解决方案

解决方案1
 2  2018-04-09 04:45:35

Looks like you want to do IP based filtering ie you want the node.js program to be accessible only from nginx (localhost or remote) and locally. 看起来您想执行基于IP的过滤,即您希望仅可从nginx(本地主机或远程)和本地访问node.js程序。

There are two ways 有两种方法

  • Use express-ipfilter middleware. 使用express-ipfilter中间件。 https://www.npmjs.com/package/express-ipfilter to filter requests based on ips https://www.npmjs.com/package/express-ipfilter可以基于ips过滤请求

  • Let node.js listen to everything but change the iptables on the host to restrict port access to specific ips. 让node.js监听所有内容,但更改主机上的iptables以将端口访问限制为特定的ips。 Expose the port of the node.js container to the host using -p and close the iptable for that port to the outside world 使用-p将node.js容器的端口暴露给主机,并关闭该端口到外部的iptable

I prefer the second way as it is more robust and restricts traffic at the network level 我更喜欢第二种方法,因为它更健壮并限制了网络级别的流量

解决方案2
 2 已采纳  2018-04-09 05:12:49

You can use Docker host mode networking for your app since you mentioned that "The app is running inside a docker container. And nginx is running on the host.". 您可以将Docker主机模式网络用于您的应用程序,因为您提到“该应用程序在Docker容器中运行。而nginx在主机上运行。”。

Ref - https://docs.docker.com/network/host/ 参考-https: //docs.docker.com/network/host/

This way, it will be reachable via nginx on the same network. 这样,就可以通过同一网络上的nginx进行访问。 Your "localhost" settings will start working as usual after launching the container in docker host mode networking. 在docker主机模式网络中启动容器后,您的“ localhost”设置将照常开始工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 仅允许使用docker通过Nginx访问Express应用 - Only allow access to express app through nginx with docker 主机“localhost”覆盖docker中的“localhost” - Host "localhost"overwrites "localhost"in docker 限制Docker容器的文件访问 - Restricting file access of Docker container Express服务器仅在端口localhost:3000上首次加载应用程序 - Express server is loading the app only the first time on port localhost:3000 快递应用服务器。 只听所有接口而不是本地主机 - express app server . listen all interfaces instead of localhost only 无法从vagrant主机访问节点express应用程序 - Can't access a node express app from vagrant host machine 如何从 docker nuxt 应用程序访问主机 nodejs 应用程序? - How to access host nodejs app from docker nuxt app? 从 docker 容器内的节点服务器访问 ubuntu localhost - Access ubuntu localhost from node server inside docker container Express 不在 docker 上运行,而是在 localhost 上运行 - Express does not run on docker, but on localhost Docker 在浏览器中访问本地主机 - Docker access localhost in browser
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM