I am beginning to tighten up my docker networking options and am a little confused on how to use network aliases to restrict access to services.
This runs as a docker-compose file with two networks.
keycloak-db network=keycloak keycloak-backup network=keycloak keycloak network=traefik+keycloak jaeger network=traefik traefik-forward-auth network=traefik traefik network=traefik
With the above services I have started to segregate components to their own networks within the single compose file.
I then want to protect several web servers using Traefik.
Several web servers
I have several web servers each with the same services
nginx network=default+traefik php network=default db network=default phpmyadmin network=default+traefik
The beginning of the docker-compose file looks like this:
version: '3' networks: traefik: external: name: traefik services: nginx: build: nginx networks: default: aliases: - nginx traefik: aliases: - server1
I have successfully exposed this web application as
server1 from Traefik.
My problem is that it is also exposed as
nginx and I want to prevent access to the service name as that will not be unique.
Is there a way to restrict a service to resolve only as an alias on a network?