Filtering outgoing container traffic – General Discussions

Hello Docker Community,

I am facing a networking issue with my application to run JupyterHub using Docker containers.

To give you a bit of context. I created a virtual machine, on it: port 2022 (ssh) served by my server, port 443 (https) served by nginx proxied to port 8080 served by jupyterhub. A docker container is generated for each user to access JupyterHub.

The problem: On JupyterHub, users can apparently access my server and use all features and services there.

Desired solution: I want to block all traffic from the containers ( -s ) to every other network. How can I filter traffic that originates from e.g. the docker bridge/task containers?

I am still new to dockers and a novice in networking. I would highly appreciate your opinions and advice to fix this issue.

Here is my docker-compose file for reference:

version: "3"

services:
  jupyterhub:
    restart: always
    build: ./jupyterhub
    hostname: jupyterhub
    ports:
      - "8080:8000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      DOCKER_NOTEBOOK_IMAGE: "exam-scipy-notebook"
      DOCKER_NETWORK_NAME: "jupyterhub-network"
      DOCKER_JUPYTER_IMAGE: "jupyterhub/singleuser:latest"
      HUB_IP: "jupyterhub"      
      
      LTI_CLIENT_KEY: "${LTI_CLIENT_KEY}"
      LTI_SHARED_SECRET: "${LTI_SHARED_SECRET}"
      

networks:
  default:
    external:
      name: "jupyterhub-network"

Thank you :slight_smile:


Read more here: Source link