0

I have in my local network some docker containers with firefox that running on different ports like 5801, 5802, etc. So that only the device from which the launch was requested was accessible, i used the following command like this:

iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 5801 -j DROP

where 1.2.3.4 is a user IP.

But now i have made domain names for these containers. They work fine, but now anyone can connect to any container. So my question is, how do i allow only one user to access only one domain and drop everyone else?

For example:

  • user1 launch container1 with domain name sub1.domain.example
  • user2 launch container2 with domain name sub2.domain.example

And user1 should only have access to sub1.domain.example; user2 - only to sub2.domain.example.

I already tried to use ipset, but got this:
ipset v6.23: Cannot open session to kernel.

My server is a Synology NAS.

evgeniy317
  • 3
  • 1

1 Answers1

0

You're solving this on the wrong layer. Don't try to solve it on IP layer. That's just inflexible in most cases.

Implement some sort of authentication in the applications you serve, either directly, or with some authentication in front of it, such as oauth2-proxy.

If you implement a proper frontend, you could even just have example.com, and redirect users behind the scenes based on privileges.

vidarlo
  • 6,654
  • 2
  • 18
  • 31