Advise needed: How to secure rancher driven application itself so that it can ONLY be accessed thru rap? #43
Comments
|
If there is no external mapped port for containers they will only be accessible via RAP no ? |
|
I dont think so. when there is no external port for container, i think RAP just doesnt do anything
hansel
…On 28 Feb 2018, 4:52 AM +0800, adi90x ***@***.***>, wrote:
If there is no external mapped port for containers they will only be accessible via RAP no ?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
No external port for RAP containers or the others ?
As main goal of RAP, is to route trafic from one input port(80/http most of
the time) to several containers not exposing a port on the outside of
rancher, lets say you have RAP exposing & listening on port 80 of host,
then you can have unlimited number of Web containers exposing 80 but not
listening on host port and RAP will route input trafic based on hostname
Is it clearer ?
Le 28 févr. 2018 04:59, "hansel" <[email protected]> a écrit :
… I dont think so. when there is no external port for container, i think RAP
just doesnt do anything
hansel
On 28 Feb 2018, 4:52 AM +0800, adi90x ***@***.***>, wrote:
> If there is no external mapped port for containers they will only be
accessible via RAP no ?
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub, or mute the thread.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#43 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AKpqdKfcCK3rFfBW1HkZ3g6BrAjfSUBKks5tZM86gaJpZM4R_esP>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So this is more of a rancher question, but i wish to restrict access to all applications whichcurrently have domain names driven by rap so that it only ever goes thru the nginx-proxy.
Purpose is to be able to install nginx-lua into rap, so that i'm able to run lua scripts against every connection.
How would this be accomplished?
I was thinking that we do not define any ports at all for all applications within the application config.
This is probably the easiest way to stop rancher from opening those public ports.
then make rap.port mandatory so that rap will always know which ports are needed , and have rancher active proxy make a docker --link with every container that needs to be proxied?
The text was updated successfully, but these errors were encountered: