Dokploy•12mo ago

expose only a specific endpoint to internet

I have a backend service, of which I want to expose only one endpoint to the internet while rest of the endpoints should be accessible internally. How can I achieve this with traefik labels in docker-compose?

E.g: I have

api.saral.club

api.saral.club

, this should be accessible by other internal services like frontend. The frontend is deployed as a separate project in the separate container, but in the same dokploy project. The backend is deployed using docker-compose, and it has one additional service apart from fastapi server. I want the endpoint

api.saral.club/payment-webhook

api.saral.club/payment-webhook

to be publicaly accessible from the internet but rest of the endpoints should stay in private.

Here's my docker-compose:

services:
  backend:
    build:
      context: .
      target: webapp
    expose:
      - 8000
    depends_on:
      celery-worker:
        condition: service_healthy

    labels:
      - "traefik.http.services.backend-svc.loadbalancer.server.port=8000"
      - "traefik.enable=true"
      - "traefik.http.routers.backend-public.rule=Host(`api.saral.club`) && PathPrefix(`/mnemonics/v1/info`)"
      - "traefik.http.routers.backend-public.entrypoint=websecure"
      - "traefik.http.routers.backend-public.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-public.priority=100"
      - "traefik.http.routers.backend-public.service=backend-svc"
      - "traefik.http.routers.backend-internal.rule=Host(`api.saral.club`)"
      - "traefik.http.routers.backend-internal.entrypoints=websecure"
      - "traefik.http.routers.backend-internal.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-internal.service=backend-svc"
      - "traefik.http.routers.backend-internal.middlewares=internal-only"
      - "traefik.http.routers.backend-internal.priority=10"
      - "traefik.http.middlewares.internal-only.ipwhitelist.sourcerange=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8"
    networks:
      - dokploy-network
      - default

services:
  backend:
    build:
      context: .
      target: webapp
    expose:
      - 8000
    depends_on:
      celery-worker:
        condition: service_healthy

    labels:
      - "traefik.http.services.backend-svc.loadbalancer.server.port=8000"
      - "traefik.enable=true"
      - "traefik.http.routers.backend-public.rule=Host(`api.saral.club`) && PathPrefix(`/mnemonics/v1/info`)"
      - "traefik.http.routers.backend-public.entrypoint=websecure"
      - "traefik.http.routers.backend-public.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-public.priority=100"
      - "traefik.http.routers.backend-public.service=backend-svc"
      - "traefik.http.routers.backend-internal.rule=Host(`api.saral.club`)"
      - "traefik.http.routers.backend-internal.entrypoints=websecure"
      - "traefik.http.routers.backend-internal.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-internal.service=backend-svc"
      - "traefik.http.routers.backend-internal.middlewares=internal-only"
      - "traefik.http.routers.backend-internal.priority=10"
      - "traefik.http.middlewares.internal-only.ipwhitelist.sourcerange=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8"
    networks:
      - dokploy-network
      - default

Dokploy•12mo ago

monte

expose only a specific endpoint to internet

api.saral.club

api.saral.club

api.saral.club/payment-webhook

api.saral.club/payment-webhook

to be publicaly accessible from the internet but rest of the endpoints should stay in private.

Here's my docker-compose:

services:
  backend:
    build:
      context: .
      target: webapp
    expose:
      - 8000
    depends_on:
      celery-worker:
        condition: service_healthy

    labels:
      - "traefik.http.services.backend-svc.loadbalancer.server.port=8000"
      - "traefik.enable=true"
      - "traefik.http.routers.backend-public.rule=Host(`api.saral.club`) && PathPrefix(`/mnemonics/v1/info`)"
      - "traefik.http.routers.backend-public.entrypoint=websecure"
      - "traefik.http.routers.backend-public.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-public.priority=100"
      - "traefik.http.routers.backend-public.service=backend-svc"
      - "traefik.http.routers.backend-internal.rule=Host(`api.saral.club`)"
      - "traefik.http.routers.backend-internal.entrypoints=websecure"
      - "traefik.http.routers.backend-internal.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-internal.service=backend-svc"
      - "traefik.http.routers.backend-internal.middlewares=internal-only"
      - "traefik.http.routers.backend-internal.priority=10"
      - "traefik.http.middlewares.internal-only.ipwhitelist.sourcerange=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8"
    networks:
      - dokploy-network
      - default

services:
  backend:
    build:
      context: .
      target: webapp
    expose:
      - 8000
    depends_on:
      celery-worker:
        condition: service_healthy

    labels:
      - "traefik.http.services.backend-svc.loadbalancer.server.port=8000"
      - "traefik.enable=true"
      - "traefik.http.routers.backend-public.rule=Host(`api.saral.club`) && PathPrefix(`/mnemonics/v1/info`)"
      - "traefik.http.routers.backend-public.entrypoint=websecure"
      - "traefik.http.routers.backend-public.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-public.priority=100"
      - "traefik.http.routers.backend-public.service=backend-svc"
      - "traefik.http.routers.backend-internal.rule=Host(`api.saral.club`)"
      - "traefik.http.routers.backend-internal.entrypoints=websecure"
      - "traefik.http.routers.backend-internal.tls.certresolver=letsencrypt"
      - "traefik.http.routers.backend-internal.service=backend-svc"
      - "traefik.http.routers.backend-internal.middlewares=internal-only"
      - "traefik.http.routers.backend-internal.priority=10"
      - "traefik.http.middlewares.internal-only.ipwhitelist.sourcerange=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8"
    networks:
      - dokploy-network
      - default

expose only a specific endpoint to internet

Similar Threads

expose only a specific endpoint to internet

Similar Threads

Similar Threads

Similar Threads