Traefik whitelist
Greetings,
Its not an dokploy issue at all.
I dont want to expose my dokploy production infra to internet, except for my localmachine ip (passing an whitelist ip maybe).
Question 1
How do I achieve that?
As I understand, i dont have to firewall my 443 and 80 port from my VPS. I need only to firewall "dokploy" container ports for public.
PS: i have another containers serving http on 443/80 with traefik proxy reverse
Question 2
What if my localmachine ip changes?
I mean, there is any way to change that traefik config by vps terminal?
Thanks in advance
4 Replies
If you want to whitelist only 1 ip addresses you can do it with firewall(UFW,firewalld or iptabels) and in this case will work very well. Also you can change via containers if you want only one project on public internet you can create another bridge at firewall and configure it . Yes maybe will be a lot harder but exist some methods to do this without proxy reverse).
2. It will works because docker have a bridge mode and automatically will change ip address
Hi there, thanks for the answer.
Only 1 ip address for an specific application (which is dokploy admin).
I cant firewall entire VPS because I have anothers services being served by traefik (with dokploy ofc). That means i have to firewall only this specific app (dokploy admin).
Question: Is this the correct behavior?
labels:
...
- traefik.http.middlewares.my-service-ipwhitelist.ipwhitelist.sourcerange=127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 100.64.0.0/10
- traefik.http.routers.my-service.middlewares=my-service-ipwhitelist@docker