Docker security

Question

Docker security

matteoventuri7 opened this issue 3 years ago · 1 comments

Hi, i have deployed nginx-ui on Docker like documentation but i have a problem: if I try to access to nginx-ui through nginx proxy all is ok (basic auth ask me login) but if i go direct on port 8080 then i can access to nginx-ui bypassing nginx proxy.
So, this is a summary:
nginx.mysite.com -> asking login (OK!!!)
mysite.com:8080 -> i can access to nginx-ui without login.

Any helps?
NGINX config

server { 
 listen 80;
 server_name nginx.mysite.com; 
 return 301 https://$host$request_uri; 
} 
server {
    listen 443 ssl; 
    server_name nginx.mysite.com; 
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:8080/;
    }

    auth_basic "nginxui secured";
    auth_basic_user_file /etc/apache2/.htpasswd;
}

Answer 1 · 2021-11-27T18:02:37.000Z

So, if you expose the nginx only on port 443, it wont be able to use port 8080.
If you only use this on the lan, then auth is almost obsolete