I have a server on Digital Ocean, and I am using this to deploy multiple docker containers and using reverse proxies to host them on Nginx.
I have 2 domains linked to my server (Single Public IP). Let's name them domain1.com and domain2.com
Now I have 2 service running on docker, Postgres (port 5432) and MySQL (port 3306)
I set up reverse proxies to translate domain1.com to localhost:5432 and domain2.com to localhost:3306:
server {
listen 80;
server_name domain1.com;
location / {
proxy_pass http://localhost:5432;
}
}
server {
listen 80;
server_name domain2.com;
location / {
proxy_pass http://localhost:3306;
}
}
The thing that is bothering me here is that if I try to access domain1.com:3306, the connection works which i don't want. I want each domain to be accessible by the service assigned to them only.
For example a telnet to domain1.com:5432 from the outside should work but a telnet to domain2.com:3306 should not.
Can someone please help ?
You have to make your mysql instance to listen locally ( Container host ) only, so end users won't be able to reach it from outside only nginx and other local processes can do so.
So for this you have just to rebuild your image with the correct configuation of my.cnf :
Or without rebuilding the image ( before running ) :
Where my.cnf should contain the following config :
You can do the same for Postgres.
EDIT 1 : Since your last comment :
You can do it vice versa to block the traffic on nginx level; but if you want to block totally the traffic so it won't be processed by the kernel so for exemple telnet will show connection refused, you have to do it on Layer 3 with iptables.