I´m working with a Docker compose file to create a nginx and tomcat container. nginx will be used as a reverse proxy so then it access the tomcat. I was able to do this successfully with 2 separate contaienrs using azure container instaces. you hit the URL of the nginx and then you got redirected to tomcat securley as nginx has HTTPS and the certificates. Till that everything ok. But the issue is that If you access individualy the tomcat Ip by http yo can also access the container and that is not secure. I just want that tomcat be access by nginx. How can this be achieved? Im trying to use a docker compose now which I know containers will be using same network and can connect to each other, but how can I achieve that the nginx connects to the Tomcat and that tomcat only can be access by the redirection of the nginx over https and that tomcat is unable to be access by http individually . This is the YML I have, But i don´t know how to manage ports to achieve what I want. Is this possible?
version: '3.1'
services:
tomcat:
build:
context: ./tomcat
dockerfile: Dockerfile
container_name: tomcat8
image: tomcat:search-api
ports:
- "8080:8080"
nginx:
build:
context: ./nginx
dockerfile: Dockerfile
container_name: nginx
image: nginx:searchapi
depends_on:
- tomcat
ports:
- "80:80"
- "443:443"
By using the ports option in your docker-compose you are exposing that port externally. If you remove the ports option from tomcat it should still work since the container should expose the port 8080 internally only for the docker network.