Home > database >  HTTPS for docker containers
HTTPS for docker containers

Time:12-04

I am developing a workflow service as a training project. Abstracting from the details, everything you need to know for this question is in the image. For deployment, I rented a server and ran docker-compose on it. Everything works well, but what I'm worried about is that ports 8000 and 5432 are open.

The first question is, is it worth worrying? And if so, how to get rid of it? Docker-compose file content below

version: "3"

services:
  db:
    container_name: 'emkk-db'
    image: postgres
    volumes:
      - ./backend/data:/var/lib/postgresql/data
    env_file:
      - ./backend/db.env
    ports:
    - "5432:5432"

  backend:
    container_name: 'emkk-backend'
    image: emkk_backend
    build: ./backend
    volumes:
      - ./backend:/emkk/backend
    env_file:
      - ./backend/.env
    ports:
      - "8000:8000"
    depends_on:
      - db

  frontend:
    container_name: 'emkk-frontend'
    image: emkk_frontend
    build: ./frontend
    command: npm run start
    env_file:
      - ./frontend/.env
    volumes:
      - /emkk/frontend/node_modules
      - ./frontend:/emkk/frontend
    ports:
      - "80:80"
    depends_on:
      - backend

I also want to configure HTTPS protocol. I tried installing nginx and putting a certificate on it using a certbot, and then proxying requests to containers. I sat with this for several hours and I still did not manage to achieve anything better than a HTTPS for the nginx start page.

Maybe I'm doing completely wrong things, but I'm new to this, I haven't had to deal with deployments before. I would be grateful for your answers, which will contain an idea or an example of how you can do this.

CodePudding user response:

If you don't have a connection to 8000 (probably WAS) or 5432 (database) from an external server, you can change docker-compose.yml to:

  • you have to expose only necessary ports for external clients.
  • when you connect to backend from web, you should use service name like backend:8000
  • when you connect to db from backend, you should use service name like db:5432
version: "3"

services:
  db:
    container_name: 'emkk-db'
    image: postgres
    volumes:
      - ./backend/data:/var/lib/postgresql/data
    env_file:
      - ./backend/db.env

  backend:
    container_name: 'emkk-backend'
    image: emkk_backend
    build: ./backend
    volumes:
      - ./backend:/emkk/backend
    env_file:
      - ./backend/.env
    depends_on:
      - db

  frontend:
    container_name: 'emkk-frontend'
    image: emkk_frontend
    build: ./frontend
    command: npm run start
    env_file:
      - ./frontend/.env
    volumes:
      - /emkk/frontend/node_modules
      - ./frontend:/emkk/frontend
    ports:
      - "80:80"
    depends_on:
      - backend

And, you can use nginx proxy manager to service with HTTPS and a certificate from the certbot.

  • Related