How to secure and lock down Docker web app

Currently reading
How to secure and lock down Docker web app

13
1
NAS
ds218+
Operating system
  1. Linux
I am going to run my nginx:stable-alpine web server in Docker, with DNAT port forwarding from my router and expose it to the Internet.
I would like to learn how to protect my lan environment from possible attackers, who can launch zero-days attacks on Nginx and take over the container.
The container will be run as follows:
docker run -d -p 32768:80 -p 32769:443 nginx:stable-alpine
And I want to close any outbound traffic from the container.
My first thought was that I would have to implement fw rules on Synology and ensure I have a have the right interface set up for the container (not bridge).
Any thoughts?
Tx
 
Check this topic


Ip masquerade is the keyword here
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Those are two different layers: one is the management ui to perform actions on the api. the other is the...
Replies
12
Views
1,410
You didn't get an error. You received just an event notification, based on your default DSM Notification...
Replies
4
Views
2,863
Thanks, Rusty! Did it in a minute or two. Portainer works again :) Will remember for the next time.
Replies
9
Views
2,552
And once you start working with more and more containers, you will see that CLI (and in some cases...
Replies
26
Views
17,037

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top