我在Docker容器中运行了一个django应用程序(请参阅下面的docker compose和dockerfile)。我已经从docker-compose中删除了端口暴露,但是当我将代码部署到ubuntu服务器上时,我仍然可以通过端口3000访问该应用程序。我还使用nginx进行proning(请参见下面的nginx文件)。
services:
rabbitmq:
restart: always
image: rabbitmq:3.7
...
db:
restart: always
image: mongo:4
...
cam_dash:
restart: always
build: .
command: python3 manage.py runserver 0.0.0.0:3000
...
celery:
restart: always
build: .
command: celery -A dashboard worker -l INFO -c 200
...
celery_beat:
restart: always
build: .
command: celery beat -A dashboard -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler
...
FROM python:3.7
COPY requirements.txt /
RUN pip3 install -r /requirements.txt
ADD ./ /dashboard
WORKDIR /dashboard
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 3000
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
root /var/www/html;
index index.html;
}
server {
listen 443;
server_name camonitor.uct.ac.za;
ssl on;
ssl_certificate /etc/ssl/certs/wildcard.crt;
ssl_certificate_key /etc/ssl/private/wildcard.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /var/www/html;
index index.html;
}
location /dash/ {
proxy_pass http://127.0.0.1:3000/dash/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
...
我希望,如果我尝试访问https://example.com:3000/dash/,则应该无法访问它。 https://example.com/dash/可以正常工作。
感谢您的帮助。
答案 0 :(得分:1)
您应防止使用系统的防火墙访问端口3000。 我在同一台机器上托管多个Web服务器并使用Nginx代理时遇到了相同的问题,我解决了在docker-compose.yml中使用此端口配置,将端口仅绑定到本地主机,也许您可以将相同的配置应用于python服务器。 >
“ 127.0.0.1:3000:3000”
version: '3'
services:
myService:
image: "myService/myService:1"
container_name: "myService"
ports:
- "127.0.0.1:3000:3000"