mirror of
https://github.com/jc21/nginx-proxy-manager.git
synced 2024-08-30 18:22:48 +00:00
jc21
GitHub
commit
b7b808d98d
@ -1,5 +1,53 @@
|
||||
# Advanced Configuration
|
||||
|
||||
## Best Practice: Use a docker network
|
||||
|
||||
For those who have a few of their upstream services running in docker on the same docker
|
||||
host as NPM, here's a trick to secure things a bit better. By creating a custom docker network,
|
||||
you don't need to publish ports for your upstream services to all of the docker host's interfaces.
|
||||
|
||||
Create a network, ie "scoobydoo":
|
||||
|
||||
```bash
|
||||
docker network create scoobydoo
|
||||
```
|
||||
|
||||
Then add the following to the `docker-compose.yml` file for both NPM and any other
|
||||
services running on this docker host:
|
||||
|
||||
```yml
|
||||
networks:
|
||||
default:
|
||||
external:
|
||||
name: scoobydoo
|
||||
```
|
||||
|
||||
Let's look at a Portainer example:
|
||||
|
||||
```yml
|
||||
version: '3'
|
||||
services:
|
||||
|
||||
portainer:
|
||||
image: portainer/portainer
|
||||
privileged: true
|
||||
volumes:
|
||||
- './data:/data'
|
||||
- '/var/run/docker.sock:/var/run/docker.sock'
|
||||
restart: always
|
||||
|
||||
networks:
|
||||
default:
|
||||
external:
|
||||
name: scoobydoo
|
||||
```
|
||||
|
||||
Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
|
||||
and port `9000` as the port. Even though this port isn't listed in the docker-compose
|
||||
file, it's "exposed" by the portainer docker image for you and not available on
|
||||
the docker host outside of this docker network. The service name is used as the
|
||||
hostname, so make sure your service names are unique when using the same network.
|
||||
|
||||
## Docker Secrets
|
||||
|
||||
This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user