croblesm
commented
4 years ago Interesting question, I don't think there is much information out there that focus on security when deploying SQL Server on Docker.
Therefore, I would suggest to follow the traditional best practices to harden your SQL Server instance as you would normally do it in a VM environment.
I normally follow these cloud security practices you mentioned, putting my containers behind a firewall or a NSG on Azure just allowing traffic through the 1433 port from my SQL instance to the back-end, using a private IP (never public).
Regards.
Looking for suggestions for discussion forums on security trade-offs deploying mssql-docker in clouds.
I've deployed my image to containers in VMs on Azure and AWS with public IP addresses. I used their Security Group models to allow SQL 1433 traffic from my Azure App Service (its Outbound IP addresses) and allow SSH 22 traffic from my local dev machine for management. I secure the SSH connection using a 4096 bit RSA key and the SQL connection with a strong login passwords.
I'm looking for further ways to strengthen the SQL connection security that don't tie me to a given cloud provider.
And looking for input why this is messed up or could be better in ways I need to learn more about.