Nginx – Can’t close port when using Docker

dockernginxUbuntuufw

I have Ubuntu 16.04 server with an app running using Docker:

  web: &django
    restart: always
    environment:
      - DJANGO_SECRET_KEY=local
    image: web
    build:
      context: .
      dockerfile: ./compose/production/web/Dockerfile
    command: /gunicorn.sh
    volumes:
      - /static:/static
      - /media:/media
    depends_on:
      - postgres
      - redis
    links:
      - redis
    ports:
      - "8083:5000"
    env_file: .env

In Ubuntu server nginx config I have:

proxy_pass http://0.0.0.0:8083;

but when I scan the server using nmap I see that port 8083 is open:

PORT STATE SERVICE
80/tcp open http
443/tcp open https
8083/tcp open us-srv

Even if I close it:

ufw deny 8083
ufw deny 8083/tcp

and scan again using nmap it seems to be open. How can I close this port?

Best Answer

If you don't want a docker container to open a port, than don't publish that port in the first place.
Simply remove the port from you container configuration.

Simply remove that mapping:

ports:
  - "8083:5000"

(Background: docker creates firewall rules that on the host will open up the ports you publish to make the container accessible to the world. Those rules take precedence over that ufw deny command. https://docs.docker.com/config/containers/container-networking/)

Best Answer

Related Solutions

Ubuntu – Can not connect remotely to MySQL Server on Ubuntu 10.10

Linux – n00bie Linode VPS – am I reasonably secure? How to audit

Related Topic