Docker Community Forums

Share and learn in the Docker community.

Docker-compose restrict network access to named alias

Hello,
I am beginning to tighten up my docker networking options and am a little confused on how to use network aliases to restrict access to services.

Scenario

Traefik

This runs as a docker-compose file with two networks.

Services

keycloak-db          network=keycloak
keycloak-backup      network=keycloak
keycloak             network=traefik+keycloak
jaeger               network=traefik
traefik-forward-auth network=traefik
traefik              network=traefik

With the above services I have started to segregate components to their own networks within the single compose file.

I then want to protect several web servers using Traefik.

Several web servers

I have several web servers each with the same services

nginx      network=default+traefik
php        network=default
db         network=default
phpmyadmin network=default+traefik

The beginning of the docker-compose file looks like this:

version: '3'

networks:
  traefik:
    external:
      name: traefik


services:
  nginx:
    build: nginx

    networks:
      default:
        aliases:
          - nginx
      traefik:
        aliases:
          - server1

I have successfully exposed this web application as server1 from Traefik.

My problem is that it is also exposed as nginx and I want to prevent access to the service name as that will not be unique.

Is there a way to restrict a service to resolve only as an alias on a network?

regards
Steve

I highly doubt that.

Though, you can use {service name or alias}.{network name} to access the container from another container in the same network.