Connection security between client and server inside docker compose

Good day guys,

I have a rather basic question to ask, is the connection between client/server/database inside the docker compose secure?
Secure as in, I dont even need to encrypt the connection between those 3.

And if yes, is it a good idea for production?

Thats all from me. Thank you very much.

By default docker networks provide no transfer encryption/security.

You can try if you can enable transfer encryption by creating a network with the parameter --opt encrypted=true. I am not sure if it works with networks of type bridge (which is the default) or only works with networks of type overlay (which might require the node to be a swarm node, which can be done with docker swarm init)

If the network-level transfer encryption does not work, you will have to enable TLS for your components the same way you would need to enable them without docker.

Appart from that: docker containers are just isolated processes on the host kernel… so what’s unavailablle without docker usualy won’t be magicly available because the process is now run inside an isolated context :slight_smile:

Kubernetes on the other hand is able to delegate transport encryption to a service meshs like istio - this option is not available for plain docker.

1 Like