1

I´m working with a Docker compose file to create a nginx and tomcat container. nginx will be used as a reverse proxy so then it access the tomcat. I was able to do this successfully with 2 separate contaienrs using azure container instaces. you hit the URL of the nginx and then you got redirected to tomcat securley as nginx has HTTPS and the certificates. Till that everything ok. But the issue is that If you access individualy the tomcat Ip by http yo can also access the container and that is not secure. I just want that tomcat be access by nginx. How can this be achieved? Im trying to use a docker compose now which I know containers will be using same network and can connect to each other, but how can I achieve that the nginx connects to the Tomcat and that tomcat only can be access by the redirection of the nginx over https and that tomcat is unable to be access by http individually . This is the YML I have, But i don´t know how to manage ports to achieve what I want. Is this possible? 

    version: '3.1'
services:

  tomcat:
    build:
      context: ./tomcat
      dockerfile: Dockerfile
    container_name: tomcat8
    image: tomcat:search-api
    ports:
      - "8080:8080"

  nginx:
    build:
      context: ./nginx
      dockerfile: Dockerfile
    container_name: nginx
    image: nginx:searchapi
    depends_on: 
    - tomcat 
    ports:
      - "80:80"
      - "443:443"
Chanafot
  • 736
  • 4
  • 22
  • 46

2 Answers2

2

By using the ports option in your docker-compose you are exposing that port externally. If you remove the ports option from tomcat it should still work since the container should expose the port 8080 internally only for the docker network.

Onestay
  • 458
  • 1
  • 5
  • 12
2

Only remove the ports expose in your docker-compose file in the tomcat service, the reverse proxy will works with the internal network of docker using your custom nginx.conf with the container link and internal port of tomcat container, here i attach an example: 

  version: '3.1'
    services:

      tomcat:
        # build:
        #   context: ./tomcat
        #   dockerfile: Dockerfile
        container_name: tomcat8
        image: tomcat:search-api

      nginx:
        build:
          context: ./nginx
          dockerfile: Dockerfile
        container_name: nginx
        image: nginx:searchapi
        links:
          - "tomcat"
        volumes:
          - ./proxyConf:/etc/nginx/conf.d
        depends_on: 
        - tomcat 
        ports:
          - "80:80"
          - "443:443"

proxyConf/default.conf file:

server {
  listen 80;
  server_name localhost;

  location / {
    proxy_pass http://tomcat:8080;
  }
}

In proxy pass i add the docker-compose link of tomcat with the internal port of tomcat container.

This is my direcotry tree:

C:.
│   docker-compose.yml
│
├───nginx
│       Dockerfile
│
├───proxyConf
│       default.conf
│
└───tomcat
        Dockerfile
Brayan Caldera
  • 2,001
  • 2
  • 11
  • 20