We have the stacks running on Digital Ocean. To improve security the docker swarm all runs on the private network (eth1) on the Droplets. We have some management services that we do not want to expose on the public IP, but on the private IP.

Is it possible to expose a port on a specific interface? Or possible to create another ingress network that only expose ports on the private IP?

The workaround we have now is that those services we just run as normal containers, and exposing the ports on the private IP address.