0

I have a server on Digital Ocean, and I am using this to deploy multiple docker containers and using reverse proxies to host them on Nginx.

I have 2 domains linked to my server (Single Public IP). Let's name them domain1.com and domain2.com

Now I have 2 service running on docker, Postgres (port 5432) and MySQL (port 3306)

I set up reverse proxies to translate domain1.com to localhost:5432 and domain2.com to localhost:3306:

server {
  listen        80;
  server_name   domain1.com;

  location / {
    proxy_pass  http://localhost:5432;
  }
}

server {
  listen        80;
  server_name   domain2.com;

  location / {
    proxy_pass  http://localhost:3306;
  }
}

The thing that is bothering me here is that if I try to access domain1.com:3306, the connection works which i don't want. I want each domain to be accessible by the service assigned to them only.

For example a telnet to domain1.com:5432 from the outside should work but a telnet to domain2.com:3306 should not.

Can someone please help ?

Mervin Hemaraju
  • 115
  • 4
  • 14

1 Answers1

0

You have to make your mysql instance to listen locally ( Container host ) only, so end users won't be able to reach it from outside only nginx and other local processes can do so.

So for this you have just to rebuild your image with the correct configuation of my.cnf :

FROM mysql
COPY custom.cnf /etc/mysql/my.cnf

Or without rebuilding the image ( before running ) :

docker run -v <path_to_custom.cnf>:/etc/mysql/conf.d

Where my.cnf should contain the following config :

 bind-address=<host_ip>

You can do the same for Postgres.

EDIT 1 : Since your last comment :

server{
  listen        3306;
  server_name   domain2.com;
  return 403; 
}

You can do it vice versa to block the traffic on nginx level; but if you want to block totally the traffic so it won't be processed by the kernel so for exemple telnet will show connection refused, you have to do it on Layer 3 with iptables.

Reda Salih
  • 241
  • 2
  • 7