One container to rule them all


Just starting with Docker and I was wondering how can I expose only one container wich will forward my request to the internal network of docker.

Here’s my usecase : I want to have a container, say Organizr or something like this (a webapp that embedd iframe to make a portal to other applications/container) to access other container but without exposing them to the web directly.

I seek for weeks now with reverse proxy solution and load balacing and stuff but didn’t find what I’m seeking.

Here is a brief schema of what I’m seeking :

If you want to expose a single container that hides other containers services, instead of using of Organizer you will need to use a reverse proxy, such as treaefic, haproxy or nginx. You will need to declare how the reverse proxying will happen.

Regardless whether you want to access those reverse proxied services directly or in an “Organizer” iframe. The request will always made from the browser and flow thru the reverse_proxy to the service of the target container. Without a reverse proxy, the browser won’t be able to reach the not exposed containers. How could it?!

Organizer is sibling to the webapps, and not a node in front of them :wink: For me it’s noting else then a fancy bookmark dashboard.

Thanks :slight_smile:

With traefik I only manage to expose all my containers… For now organizr access my other app with their respective subdomain.

I don’t want to expose all my containers but only one Wich will forward internally the requests. I don’t know if your understand my needs…

-------- Message d’origine --------

Lets see if we figure out why you think i don’t understand your needs.
Please elaborate on why publishing the treafic port (as in mapped to the host) and using the container network to let it reverse proxy the request to the backend containers (of course they map no port to the host) is not the solution.

Are you aware where the process that request the data of the iframe is executed? If it’s outside the container network, then what you want is impossible. Though, a reverse proxy acts like a man in the middle where the process that request the data from the backend service is inside the container network.

I am curious!

What you want is a some sort of reverse proxy that acts as portal. It should have portal logic, but not embed the other services content, instead it should render it in the page and send it as a singe response. Good luck in finding that!