Hello,

I’ve done some research, but I’m a bit lost …
I have a Debian 12 server.
I installed a docker container that uses port 5100 (docker run -d -p “5100:5100” example/example)
as I want to be able to access my docker service via an SSL (or not) connection and a domain name, I’ve created a Nginx configuration:

server {
        listen 80;
    server_name toto.exemple.com;

    location / {
        proxy_pass http://localhost:5100;
    }
}
server {
    server_name toto.exemple.com;
    listen 443 ssl;
    ssl_certificate     /toto.exemple.com.crt;
    ssl_certificate_key /toto.exemple.com.key;

    location / {
        proxy_pass http://localhost:5100;
    }
}

I can access my service via http or https://toto.exemple.com all is well.

Now, as the server doesn’t have a firewall, I’d like to set one up using iptables rules.
I forbid everything and then authorize the ports that seem to correspond to my service:

but as soon as I activate the rules, access to Nginx works but after a while I get an error 504, Nginx <> Docker container communication doesn’t seem to work:

504 Gateway Time-out

I’ve done a lot of tests with the rules, but I can’t find the solution …

if anyone here has had this problem and could help me
thanks in advance.

Check out nginx-proxy, which is a reverse proxy, running within Docker. It can automatically detect other running Docker service containers by environment variables, forward by domain and use the companion container to create TLS certificates for it.

I would then let only listen nginx-proxy on external ports, let it share a Docker Network with other services to only forward requests internally. Other services do not need -p.

Thanks for your help, I’ll look into it.