is it possible to turn off listening HTTP internally?

[tommyjcarpenter]

I have a Dockerfile that uses this project: https://gerrit.onap.org/r/gitweb?p=dcaegen2/platform/configbinding.git;a=blob;f=Dockerfile;h=6c783f05525e8859d58d71f0fae2b26f04419cc0;hb=040d03d77587ce24f0e99ee504b5b0ff5473a39e

Even if I do not do the following:

ENV LISTEN_PORT 10000
EXPOSE 10000

The container seems to "internally listen" on 80, even if the port isn't mapped publically. This was discovered though a port scan inside a K8 pod. I'm going to guess that somewhere up in the chain of Dockerfiles, there is an EXPOSE 80.

Is there some way to resolve this? In our corporate requirements doing this in another container isn't an option. Is there some NGINX configuration I can add that for example redirects 80 to 443, etc?

Big thanks and I use this project often!

[tommyjcarpenter]

@tiangolo note that in a few other issues I've read here, it talks about handling https externally; I don't have that option, and I've already handled HTTPS by deploying my container with

... -v /host/path/to/nginx.key:/etc/nginx/ssl/nginx.key -v /host/path/to/nginx.crt:/etc/nginx/ssl/nginx.crt ...

My question is simply how to turn off all non-https communication; or more specifically have this container not expose any non-https ports.

[tiangolo]

Thanks for the patience with this.

The expose is configured in the parent Docker image, here: https://github.com/tiangolo/uwsgi-nginx-docker/blob/master/python3.7/Dockerfile#L95

The problem is that I fear that removing that could break some deployments that somehow already depend on it :disappointed: , so I'm not really sure what would be the best way to solve this use case :thinking:

[github-actions[bot]]

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.