Proxy without exposing ports?

I'm currently running some test containers with docker and Traefik before getting everything else setup. Currently, I can proxy the containers on a bridge network with ports exposed on the host.

That is: -p 8001:8000

Is it possible to proxy containers without exposing a port to my LAN? These are what I need to either confirm or deny as possible:

  • As far as I know, this could be done using Traefik labels (not sure how though).

  • Could I use a different network type? If so, what and why?

  • Is there a way to isolate the container's network, such that I cannot access it via a port bridged to the host? It would be fine if it were to be accessible by port on another subnet perhaps.

How can I isolate these containers so they are only accessible by proxy regularly?

submitted by /u/AgentFinley
[link] [comments]
Source: Reddit