I have a web application (open Source CKAN) using docker which is running on a public server. the application is available and publicly reachable using http://ip-address:5000.
On the same server, other applications are running on different ports. All applications have to be reachable under port 80 and 443. So, the approach is to use apache (installed directly on the server) and user proxy reverse. So for my application, the http://localhost:5000 is redirected to myserver.com.
Although the server and other applications have to be publicly reachable by the world, my application has to be made available to a specific IP network.
I first thought this can be done using iptables on docker as explained here, but apparently, in my case, it only limits http://ip-address:5000 and not myserver.com. My understanding is that myserver.com is open anyway and limiting the docker doesn’t affect the myserver.com as the access to docker is anyway internal on the server-side.
So, I successfully closed access to my docker using:
iptables -A DOCKER-USER -i eth0 -p tcp -m conntrack --ctorigdstport 5000 --ctdir ORIGINAL -j DROP
But now my problem lies on how to limit the access to myserver.com only to the IP address 10.123.354.20.
How is it possible to only restrict access to one of the applications running on a host server from a specific IP address /range of IP addresses.
Source: Docker Questions