How to Add an Additional Layer of Security to your Services

This is a small addition to the previous guide I had created earlier.

The previous guide showed how you can add a iptables firewall that will work with your docker containers, while it may not seem complicated, and really it isn’t, it does take a little bit of reading and understanding for it to “click”, at least it did for me.

What this modification will do is modify your iptables rules to allow a dynamic IP to only be allowed access to your secure services. This may not be ideal for everyone, but for me it works great, since I can set it to my home IP address. This means I can only connect via SSH and the docker service via Portainer.

You may say, how do you connect if you are not at home? Well I just VPN to my home connection and then connect to my secure services.

Also if your looking for a way to securely connect to your docker service remotely, check out this awesome guide.

Read more →

Docker and Firewalls, who knew it could be this complicated …

The Problem

This is by far one of the biggest issues I have had trying to scour the internet looking for a good way to deal with Docker and my hosts firewall. I have spent DAYS souring the internet trying to find someone who has solved this problem, because I know they have solved this problem. If there is one rule I have always lived by with the internet age, if you have come across a problem, it is almost guaranteed someone else had the same problem and came up with a solution.

I have tried using UFW, after all it is called Uncomplicated Fire Wall, you would think it would be uncomplicated. But while the solution I found for my firewall worked on some of my hosts, it didn’t work on all of them. For interest, this was the solution I came across for UFW.

To fix the Docker and UFW security flaw without disabling iptables - chaifeng/ufw-docker

Why didn’t the above solution work for me? Well it did work, there was just 1 massive flaw. When I enabled UFW, I was getting timeouts and extremely slow page loads with my Nginx webserver. I tried scouring the web looking for a reason as to why this was happening, and sadly no one had this problem before, or at least it was such an uncommon problem the answer is buried somewhere on the internet. I did say “almost guaranteed” someone else had the same problem.

Read more →