I have 2 docker containers (1x db and 1x node app) configured:
version: "3.7"
services:
db:
image: postgres:alpine
command: -p 5435
ports:
- 127.0.0.1:5435:5435
environment:
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASSWORD}
PG_PORT: ${DB_PORT}
POSTGRES_DB: ${DB_NAME}
volumes:
- pgdata:/var/lib/postgresql/nodeapp/data
restart: always
networks:
- nodeapp-network
container_name: nodeapp-db
web:
build:
context: .
dockerfile: Dockerfile
depends_on:
- db
ports:
- 13333:3333
volumes:
- webapp:/home/node/app
- /home/node/app/node_modules
env_file:
- .env
environment:
NODE_ENV: prod
networks:
- nodeapp-network
container_name: nodeapp-app
hostname: nodeapp-app
volumes:
pgdata:
webapp:
networks:
nodeapp-network:
driver: bridge
The problem: if I make a request to https://mywebsite.com/13333 I get the exact same content as https://api.mywebsite.com/13333. I want to restrict it and make possible ONLY with subdomain.
My apache configuration is below:
httpd.conf:
ServerRoot "/etc/httpd"
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin hi@mywebsite.com
ServerName www.mywebsite.com:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
# Load config files in the "/etc/httpd/conf.d" directory, if any.
Include conf.d/*.conf
Include sites-enabled/*.conf
mywebsite-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.mywebsite.com
ServerAlias mywebsite.com
DocumentRoot /var/www/mywebsite.com/html
ErrorLog /var/www/mywebsite.com/log/error.log
CustomLog /var/www/mywebsite.com/log/requests.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mywebsite.com/chain.pem
</VirtualHost>
</IfModule>
mywebsite.conf
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAlias mywebsite.com
DocumentRoot /var/www/mywebsite.com/html
ErrorLog /var/www/mywebsite.com/log/error.log
CustomLog /var/www/mywebsite.com/log/requests.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com [OR]
RewriteCond %{SERVER_NAME} =www.mywebsite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
myapp.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName api.mywebsite.com
<Proxy *>
Allow from *
</Proxy>
ProxyPass / https://172.22.0.3:3333
</VirtualHost>
</IfModule>
Already tried more solutions with redirecting but nothing worked.
Even deleting this mywebsite.conf the api continues to be served at domain and subdomain.
How I can solve this?
Thanks in advance!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello,
The Apache setup looks correct. What you could do is not to expose the 13333 port, that way the app would be accessible only via the local Docker network on port 3333.
That way only when someone accesses https://api.mywebsite.com they would be able to see the content, otherwise, the 13333 will be unavailable and the port will be accessible from the docker network itself and not the outside world anymore.
Alternatively, you could enable a firewall like UFW for example, and close down the 13333 port, that way you will not have to make changes to your Docker setup, but instead, you will lock down the port so people would not be able to access it.
Regards, Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.