I have Ubuntu 16.04 server with an app running using Docker:
web: &django
restart: always
environment:
- DJANGO_SECRET_KEY=local
image: web
build:
context: .
dockerfile: ./compose/production/web/Dockerfile
command: /gunicorn.sh
volumes:
- /static:/static
- /media:/media
depends_on:
- postgres
- redis
links:
- redis
ports:
- "8083:5000"
env_file: .env
In Ubuntu server nginx config I have:
proxy_pass http://0.0.0.0:8083;
but when I scan the server using nmap I see that port 8083
is open:
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8083/tcp open us-srv
Even if I close it:
ufw deny 8083
ufw deny 8083/tcp
and scan again using nmap it seems to be open. How can I close this port?
Best Answer
If you don't want a docker container to open a port, than don't publish that port in the first place.
Simply remove the port from you container configuration.
Simply remove that mapping:
(Background: docker creates firewall rules that on the host will open up the ports you publish to make the container accessible to the world. Those rules take precedence over that
ufw deny
command. https://docs.docker.com/config/containers/container-networking/)