0

I have a non-typical situation with docker-compose. I use only PHP 7.4 docker container for LEMP stack. In my configuration, I've defined port 9000 for PHP, and also I've used network_mode: 'host'. In this case, PHP can work with MySQL, but also can be accessible all over the world. If I comment #network_mode: 'host', PHP not accessible for everybody, but also can't work with MySQL. How can I use PHP with MySQL altogether, but will not be accessible for attackers? Thanks!

services:   
    php:
        container_name: php7.4
        restart: always
        network_mode: 'host'
        ports:
            - "127.0.0.1:9000:9000"
        build: ./images/php
        volumes:
            - /var/www/html:/var/www/html
Василий Подгузов
  • 13
  • 4
  • Instead of host network mode I would access the host using the Docker bridge IP. It is usually always 172.17.0.1. But see https://stackoverflow.com/questions/31324981/how-to-access-host-port-from-docker-container for more information. I'm adding this as a comment because this question might be considered off-topic or a duplicate (though, I haven't voted to close it). – Andy Shinn Jul 13 '20 at 20:10
  • You shouldn't need `network_mode: host` in normal operation; it generally disables Docker's network stack and it would complicate communicating with a MySQL database in another container. If you insist on host networking, then there are no Docker options that can limit the container's visibility. – David Maze Jul 13 '20 at 20:27
  • Thanks, @AndyShinn for the fast response. I've changed 'host' to 'bridge' and PHP running without access to the whole world, but couldn`t communicate with MySQL too. I've also tried to add 'bind-address = 172.17.0.1' to MySQL.cnf, but unsuccessfully. WordPress shows a database connection error. – Василий Подгузов Jul 13 '20 at 20:59

0 Answers0