Docker compose - restrict internet access, allow egress only through proxy
Question
I am trying to replicate restricted production environment on my local development environment using Docker compose.
Application containers shouldn't be able to access the internet from the inside. One of the containers shall be able to expose its web port to the host machine. Host machine shall be able to reach that web service.
Proxy container shall be able to reach the internet. Application containers shall be able to be reached the proxy on eg 3128 port.
Is it possible to setup this using Docker compose?
1 answers
solution1
0 2021-10-26 21:22:37
Actually this is possible. Ingress (NginX) and egress (Squid) containers need to be both in internal and external networks, whereas application containers are only in the internal network.
# Base docker-compose, which is extended by more specific docker-compose files
version: "3.5"
services:
appname-nginx:
image: companyimage/nginx
container_name: appname-nginx
depends_on:
- appname-web
ports:
- "127.0.0.1:443:443"
- "127.0.0.1:80:80"
networks:
appname-network:
aliases:
- local.appname.com
appname-external-network:
appname-web:
image: companyimage/web
container_name: appname-web
networks:
- appname-network
appname-outbound-proxy-squid:
image: companyimage/squid
container_name: appname-outbound-proxy-squid
networks:
- appname-external-network
- appname-network
networks:
appname-network:
name: appname-network
internal: true
appname-external-network:
name: appname-external-network
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.