How can I block a port that is docker is using publicly?

I am running wikijs on port 8080 running reverse proxy with apache. With cloudflare argo tunnel so only specific people can login to wikijs.

So if user try to browse http://publicip:80 (port being used by apache) it will redirect to port 8080 and cloudflare main page will pop up.

However when user try to access directly http://publicip:8080 (port being used by wikijs), it still goes through. Tried ufw with port 80 not being allowed and it works. But not for port 8080

Nevermind. I found about the fix in this link GitHub - chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables

I am having a similar issue and this was useful, thanks for the link