| Panel | ||||
|---|---|---|---|---|
| ||||
How do can I securely expose the Web UI 's of netFIELD App app containers in a secure way when running on hosts that are do not supporting support netFIELD OS (e.g., by using nginxa reverse proxy)? |
| Panel | ||||
|---|---|---|---|---|
| ||||
When using netFIELD Apps on hosts that are do not supporting support Hilscher's "netFIELD OS" operating system, it is up to the responsibility of the end - user to implement an appropriate mechanism to expose a secure method for exposing the apps' Web UI ports (usually coming without https:// support) in a secure wayport (which typically lack HTTPS support). The most effective and easy straightforward solution is to use an nginx reverse proxy such as Nginx (installable which can also be installed as a container) to act as the a secure bridge between the inner internal container "bridged" network and the host's external network available from outside. Nginx is able to offer a broad provides a wide range of security controls that most likely match can meet nearly all end-user needsrequirements: https://docs.nginx.com/nginx/admin-guide/security-controls/ The overall setup then may would look like the following illustration shows: only a single nginx Nginx port needs to be exposed, secured with TLS secured as https:// and routes accesses to subordinate application containersas HTTPS, which then routes traffic to the underlying application containers. Please note: if a reverse proxy is not used and the container's Web UI port 80 is exposed directly, the container engine modifies iptables on Linux. This makes the port publicly accessible and may bypass existing firewall settings, potentially exposing the system to security risks.
|
| Panel | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|