堆栈内存溢出
  简体   繁体   English

Docker compose - 限制互联网访问,仅允许通过代理出口

[英]Docker compose - restrict internet access, allow egress only through proxy

 原文  2021-10-26 21:05:20       docker/ docker-compose/ proxy/ squid/ network-security

问题描述

I am trying to replicate restricted production environment on my local development environment using Docker compose.我正在尝试使用 Docker compose 在我的本地开发环境中复制受限的生产环境。

Application containers shouldn't be able to access the internet from the inside.应用程序容器不应该能够从内部访问互联网。 One of the containers shall be able to expose its web port to the host machine.其中一个容器应能够将其 Web 端口暴露给主机。 Host machine shall be able to reach that web service.主机应能够访问该 Web 服务。

Proxy container shall be able to reach the internet.代理容器应能够访问互联网。 Application containers shall be able to be reached the proxy on eg 3128 port.应用程序容器应能够通过例如 3128 端口访问代理。

Is it possible to setup this using Docker compose?是否可以使用 Docker compose 进行设置?

1 个解决方案

解决方案1
 0  2021-10-26 21:22:37

Actually this is possible.其实这是可能的。 Ingress (NginX) and egress (Squid) containers need to be both in internal and external networks, whereas application containers are only in the internal network. Ingress(NginX)和egress(Squid)容器需要在内网和外网同时存在,而应用容器只在内网。

# Base docker-compose, which is extended by more specific docker-compose files
version: "3.5"
services:
  appname-nginx:
    image: companyimage/nginx
    container_name: appname-nginx
    depends_on:
      - appname-web
    ports:
      - "127.0.0.1:443:443"
      - "127.0.0.1:80:80"
    networks:
      appname-network:
        aliases:
          - local.appname.com
      appname-external-network:
  appname-web:
    image: companyimage/web
    container_name: appname-web
    networks:
      - appname-network
  appname-outbound-proxy-squid:
    image: companyimage/squid
    container_name: appname-outbound-proxy-squid
    networks:
      - appname-external-network
      - appname-network
networks:
  appname-network:
    name: appname-network
    internal: true
  appname-external-network:
    name: appname-external-network

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Docker nginx代理后面的compose容器无法访问inte.net - Docker compose container behind nginx proxy cannot access internet docker(-compose): 只能通过 nginx-proxy-manager 访问 wikijs 容器; 502错误的网关 - docker(-compose): access wikijs container only through nginx-proxy-manager; 502 Bad Gateway 限制Docker容器的互联网访问 - Restrict docker container internet access 限制对Docker容器的Internet访问? - Restrict internet access to docker container? 限制互联网访问 - Docker 容器 - Restrict Internet Access - Docker Container Docker compose 没有 inte.net 访问权限 - Docker compose has no internet access 允许docker容器访问Internet - Allow docker container to access the internet Docker Compose 和 Nginx 反向代理:我无法通过代理访问后端 - Docker Compose and Nginx reverse proxy: I can't access the backend through the proxy docker 组合容器无法访问互联网 - docker compose containers not able to access internet 仅允许使用docker通过Nginx访问Express应用 - Only allow access to express app through nginx with docker
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM