Home > Mobile >  How not to expose port outside docker swarm cluster?
How not to expose port outside docker swarm cluster?

Time:12-07

Hello how can I define in compose port only for communication inside cluster? I don't want to expose my application outside cluster?

version: "3.8"
services:
  management:
    image: ${IMAGE}
    env_file:
      - vars.env
    networks:
      - my-network
    ports:
      - 8080:80
    deploy:
      placement:
        constraints: [node.role == manager]
      replicas: 1
      update_config:
        parallelism: 2
      restart_policy:
        condition: on-failure

networks:
  my-network:
    external: true
ports:
  - 8080:80

Will expose my app outside swarm cluster. Ho can I make my app accessible only inside cluster via port 80?

CodePudding user response:

Just omit the port from the ports section that you do not wish to expose outside the ingress network. Example nginx.yaml:

version: "3.9"
services:
  nginx-1:
    image: nginx:alpine 
  nginx-2:
    image: nginx:alpine

docker stack deploy -c nginx.yaml nginx

docker stack ps nginx

docker exec -t <nginx-1 container ID> wget -qO- nginx-2

The command will print the response from nginx-2 to nginx-1 accordingly. It is not mandatory to list the port under ports section in order to access a container port within the Swarm network.

For your case it means your sample spec do not need the ports section since you do not wish to expose 80 outside the Swarm network.

  • Related