How to secure and lock down Docker web app

Currently reading
How to secure and lock down Docker web app

13
1
NAS
ds218+
Operating system
  1. Linux
I am going to run my nginx:stable-alpine web server in Docker, with DNAT port forwarding from my router and expose it to the Internet.
I would like to learn how to protect my lan environment from possible attackers, who can launch zero-days attacks on Nginx and take over the container.
The container will be run as follows:
docker run -d -p 32768:80 -p 32769:443 nginx:stable-alpine
And I want to close any outbound traffic from the container.
My first thought was that I would have to implement fw rules on Synology and ensure I have a have the right interface set up for the container (not bridge).
Any thoughts?
Tx
 

Rusty

Moderator
NAS Support
2,378
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Check this topic


Ip masquerade is the keyword here
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top