Firewall rules, apache proxy and docker

bartAV · October 6, 2020, 5:02pm

Hello all,
I have setup Bitwarden_rs and it is working well.
I’ve setup a systemd service on my Ubuntu 20.04 host woth the option:

-p 9011:80 -p 3012:3012

In Apache conf file I have configured bitwarden as subdomain like: bitwarden.myserver.com

ServerName bitwarden.myserver.com SSLEngine On Include /etc/letsencrypt/options-ssl-apache.conf ErrorLog /data/bitwarden-error.log CustomLog /data/bitwarden-access.log combined RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L] ProxyPass / http://localhost:9011/ SSLProxyEngine on ProxyPreserveHost On ProxyRequests Off RequestHeader set X-Real-IP %{REMOTE_ADDR}s

Now I can reach bitwarden als bitwarden.myserver.com, but also as ip-address:9011.

So it looks like as if port 9011 has been opened in the firewall. But I do not see this in iptables -S. I do see some lines of docker. Did docker open this port to the outside?
How can I close 9011 for the outside world?

jjlin · October 6, 2020, 5:47pm

You would use -p 127.0.0.1:9011:80; see https://docs.docker.com/engine/reference/commandline/run/#publish-or-expose-port--p---expose.

bartAV · October 6, 2020, 6:03pm

Oh it is that simple! Thank you jjlin
Should I also add this for 3012?

-p 127.0.0.1:9011:80 -p 127.0.0.1:3012:3012

Topic		Replies	Views
Apache Reverse Proxy Problems Help	7	1901	December 21, 2020
Server Proxy Via Apache Third Party Help	1	672	November 20, 2020
Fail2ban on apache with reverse proxy Third Party Help	2	1523	March 17, 2021
Change Port from 443 Help	6	5043	April 17, 2020
Change domain name? Help	5	3218	February 8, 2021

Firewall rules, apache proxy and docker

Related Topics