How to secure and lock down Docker web app

13
1
NAS
ds218+
Operating system
  1. Linux
I am going to run my nginx:stable-alpine web server in Docker, with DNAT port forwarding from my router and expose it to the Internet.
I would like to learn how to protect my lan environment from possible attackers, who can launch zero-days attacks on Nginx and take over the container.
The container will be run as follows:
docker run -d -p 32768:80 -p 32769:443 nginx:stable-alpine
And I want to close any outbound traffic from the container.
My first thought was that I would have to implement fw rules on Synology and ensure I have a have the right interface set up for the container (not bridge).
Any thoughts?
Tx
 
Check this topic


Ip masquerade is the keyword here
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Those are two different layers: one is the management ui to perform actions on the api. the other is the...
Replies
12
Views
2,056

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top