Docker Community Forums

Share and learn in the Docker community.

Disable port 80 from docker container

I would like to block port 80 in a docker container. The goal is to prevent any type of http connection to the container.

This is the current result when docker ps is run. I would like 80/tcp not to appear at all.

[root@hostname ~]# docker ps
CONTAINER ID        IMAGE                                                       COMMAND             CREATED             STATUS                  PORTS                     NAMES
f97b8dbd3483        hostname:9091/gitlab/gitlab-ce:13.2.4-ce.0   "/assets/wrapper"   25 hours ago        Up 25 hours (healthy)   22/tcp, 80/tcp, 443/tcp   gitlab_gitlab.1.2nisadt5p04p9kokxca7eq45d

Here is the docker-compose for the container:

version: "3.1"
services:
    gitlab:
        image: 'hostname:9091/gitlab/gitlab-ce:13.2.4-ce.0'
        deploy:
          placement:
            constraints:
              - node.hostname == hostname.dev.local
          restart_policy:
            condition: any
        hostname: 'hostname.dev.local'
        environment:
            CHEF_FIPS: ''
            GITLAB_OMNIBUS_CONFIG: |
                external_url 'https://hostname:9096'
                gitlab_exporter['enable'] = false
                gitlab_rails['gitlab_username_changing_enabled'] = false
                gitlab_rails['gitlab_email_enabled'] = true
                gitlab_rails['gitlab_email_from'] = 'gitlab@hostname'
                gitlab_rails['gitlab_email_display_name'] = 'GitLab'
                gitlab_rails['gitlab_email_reply_to'] = 'noreply@nobody'
                gitlab_rails['smtp_enable'] = true
                gitlab_rails['smtp_address'] = "example.com"
                gitlab_rails['smtp_openssl_verify_mode'] = 'none'
                nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
        user: root
        ports:
            - '9096:9096'
            - '30022:22'
        volumes:
            - '/u01/cicd/gitlab/config:/etc/gitlab'
            - '/u01/cicd/gitlab/logs:/var/log//gitlab'
            - '/u01/cicd/gitlab/data:/var/opt/gitlab'
            - '/u01/cicd/toolkit:/var/opt/toolkit'
            - '/u01/cicd/gitlab/backups:/var/opt/gitlab/backups'
            - '/home/DEV/appadm/keystore:/keystores'

The expose instruction is in the docker file which the image is built from. You need to create your own customized Image for that.

To get the job done: First locate the dockerfile for the official nginx (library)

Then Edit the dockerfile’s expose instruction to 443 only.

Now build your own image modified image using official(customized) dockerfile.

To answer your edited question:

Docker uses iptables, While you could manually update the firewall rules to make the service unavailable at a certain port, you would not be able to unbind the Docker proxy. So port 80 will still be consumed on the docker host and docker proxy.