Secure Container and Logins from the Internet?

Hi all,

I am new to the Docker Community and I was wondering about the security. For the moment I just play around with Docker, but how Secure Logins work in real Internet life?

I mean, I setup for example NGINX Proxy Manager, how can I prevent the whole World to get to my Login form? How can I make this only accessable from a VPN (Wireguard) Container? 127.0.0.1:81 blocks the public access, right? But how can I then access the login?

At the end there should only be Port 22, 80, 443 and the VPN Port open from the WAN.

Hope someone can kick me in the right Direction with this, due I have a big Questionmark abov my head.

Thx in advanced.

What do you mean by that? Without context it is just a URL. A URL doesn’t block anything.

If you want the application to be available only on localhost, you can forward only ports from the loopback ipaddress

ports:
  - 127.0.0.1:8080:80

and don’t let the ngix proxy to forward request to that container. I don’t use the proxy manager but i am sure ther eis a way to set exceptions. I only used “Nginx Proxy”.

If it is an admin site for people who have SSH access to the host, you can than use SSH tunnel to access that local port:

ssh -L 127.0.0.1:8080:127.0.0.1:8080 -N user@server

Or you can forward a public port to the container and configure a firewall to allow access from specific networks, like company LAN.

In case of Nginx Proxy Manager you could also add HTTP authentication to the host that you want to protect, so you would have a second layer of security but that is just an othe rlogin page that hides the application until a successful HTTP authentication.

You can also read about Web Application Firewalls. You could still have access to the ip address and port, but the WAF could reject the request.