CODEWITHSUNDEEP
securitydocker
zstate
zstate

Reputation: 2055

Restrict access to my docker dev environment within the local network

I’m using Docker for Mac for my development environment.

The problem is that anybody within our local network can access the server and the MySQL database running on my machine. Of course, they need to know the credentials, which they can possibly brute force.

For example, if my local IP is 10.10.100.22, somebody can access my local site by typing https://10.10.100.22:8300, or database mysql -h 10.10.100.22 -P 8301 -u root -p (port 8300 maps to docker 443, port 8301 maps to docker 3306).

Currently, I use Mac firewall and block incoming connections for vpnkit, which is used by Docker. It works, but I'm not sure if this is the best approach.

UPDATE

The problem with firewall is that you have to coordinate it with all developers in your team. I was hoping to achieve my goal just using Docker configuration same as private networks in Vagrant https://www.vagrantup.com/docs/networking/private_network.html.

What is the best way to restrict access to my docker dev environment within the local network?

Upvotes: 0

Views: 415

Answers (1)

zstate
zstate

Reputation: 2055

Found very simple solution for my problem. In the docker-compose.yml instead of,

services:
    mysql:
      image: mysql:5.6
      environment:
        - MYSQL_ROOT_PASSWORD=
        - MYSQL_DATABASE=test
      ports:
         - "8301:3306"

which opens the 8301 port wide open for the local network. I did the following,

services:
    mysql:
      image: mysql:5.6
      environment:
        - MYSQL_ROOT_PASSWORD=
        - MYSQL_DATABASE=test
      ports:
         - "127.0.0.1:8301:3306"

which binds the 8301 port to the docker host 127.0.0.1 only and the port is not accessible outside of the host.

Upvotes: 3

Related Questions