Mahammad Adil Azeem
Reputation: 9392
Docker Compose - restrict service access to some container and disable access from outside docker
I have four services service1, service2, service3, postgres. Each one is exposed via some port. What I want is that postgres service should only be accessible from docker containers and not from VM via psql command (disabling access from outside docker).
Here is my docker-compose.local.yml
version: '3'
services:
postgres:
container_name: postgres
image: registry.domain.com/postgres-multi:9.5
restart: unless-stopped
ports:
- "5432:5432"
environment:
LC_ALL: C.UTF-8
POSTGRES_USER: postgres
POSTGRES_MULTIPLE_DATABASES: service1,service2,service3
volumes:
- postgres_data:/var/lib/postgresql/data/
service1:
container_name: service1
build:
context: ./service1
args:
environ: local
command: python manage.py runserver 0.0.0.0:8000
ports:
- "8001:8000"
depends_on:
- postgres
environment:
DATABASE_URL: 'postgres://postgres/service1'
DJANGO_MANAGEPY_MIGRATE: 'on'
DJANGO_MANAGEPY_COLLECTSTATIC: 'on'
DJANGO_LOADDATA: 'off'
DOMAIN: '0.0.0.0'
volumes:
- ./service1/app:/home/service1/app/app
service2:
container_name: service2
build:
context: ./service2
args:
environ: local
command: python manage.py runserver 0.0.0.0:8000
ports:
- "8002:8000"
depends_on:
- postgres
- service1
environment:
DATABASE_URL: 'postgres://postgres/service2'
DJANGO_MANAGEPY_MIGRATE: 'on'
DJANGO_MANAGEPY_COLLECTSTATIC: 'on'
DJANGO_LOADDATA: 'on'
DOMAIN: '0.0.0.0'
volumes:
- ./service2/app:/home/service2/app/app
service3:
container_name: service3
build:
context: ./service3
args:
environ: local
command: python manage.py runserver 0.0.0.0:8000
ports:
- "8003:8000"
depends_on:
- postgres
- service1
environment:
DATABASE_URL: 'postgres://postgres/service3'
DJANGO_MANAGEPY_MIGRATE: 'on'
DJANGO_MANAGEPY_COLLECTSTATIC: 'on'
DJANGO_LOADDATA: 'on'
DOMAIN: '0.0.0.0'
volumes:
- ./service3/app:/home/service3/app/app
volumes:
postgres_data:
Upvotes: 3
Views: 2103
Answers (1)
brandon-barnett
Reputation: 1095
If you don't want to expose Postgres, I suggest removing your port mapping: ports: - "5432:5432". That is mapping the host port 5432 to the container port, which makes it available externally from that port on your host.
Upvotes: 5
Related Questions
- Docker-compose exclude service by default
- how to block external access to docker container linux centos 7
- docker-compose up for only certain containers
- Isolating certain Docker containers from one another
- Docker Compose: exposing ports only to other containers
- Make docker container only accessible from a certain IP
- How to docker-compose up only for services?
- Docker - access container only by specific IP
- Blockade for docker-compose
- Restricting access to a Docker container