Hello,
I am beginning to tighten up my docker networking options and am a little confused on how to use network aliases to restrict access to services.
Scenario
Traefik
This runs as a docker-compose file with two networks.
Services
keycloak-db network=keycloak
keycloak-backup network=keycloak
keycloak network=traefik+keycloak
jaeger network=traefik
traefik-forward-auth network=traefik
traefik network=traefik
With the above services I have started to segregate components to their own networks within the single compose file.
I then want to protect several web servers using Traefik.
Several web servers
I have several web servers each with the same services
nginx network=default+traefik
php network=default
db network=default
phpmyadmin network=default+traefik
The beginning of the docker-compose file looks like this:
version: '3'
networks:
traefik:
external:
name: traefik
services:
nginx:
build: nginx
networks:
default:
aliases:
- nginx
traefik:
aliases:
- server1
I have successfully exposed this web application as server1
from Traefik.
My problem is that it is also exposed as nginx
and I want to prevent access to the service name as that will not be unique.
Is there a way to restrict a service to resolve only as an alias on a network?
regards
Steve