rmandlx
commented
3 years ago It might be possible to open docker ports only for certain ip addresses. See this docker example:
docker run --rm -it -p 127.0.0.1:3333:80 httpd
Open rmandlx opened 3 years ago
rmandlx
commented
3 years ago It might be possible to open docker ports only for certain ip addresses. See this docker example:
docker run --rm -it -p 127.0.0.1:3333:80 httpd
rmandlx
commented
3 years ago better solution might be to have the raspberry pi access the backend normally via the api gateway (raspberrypi will need to authenticate also using a login endpoint? configure the password as environment variables for the raspberry pi server and the backend?) and the backend services will be able to call the pi without exposing themselves. we will probably need a dyndns service for the pi (so we can access the pi with a fixed hostname and don't need to know the ip address)
Right now all of the microservice run inside a docker container. Only the apigateway communicates with the outside world (this is required, because the authentication is implemented there)
However, the booking microservice will have to communicate with the raspberry pi, so we probably have to open a port for this. How will we protect this microservice from outside requests then? A person could just send a request directly to the booking service with a faked JWT (because the jwt will not be validated in the booking service).
Is there a way to make the port only accessible from a certain ip address? Or can we use some http feature? I think there is a way of only accepting http requests, that come from a certain host?