How can I securely expose the web UIs of netFIELD app containers when running on hosts that do not support netFIELD OS (e.g., by using a reverse proxy)?
When using netFIELD Apps on hosts that do not support Hilscher's "netFIELD OS" operating system, it is the responsibility of the end user to implement a secure method for exposing the apps' Web UI ports (which typically lack HTTPS support).
The most effective and straightforward solution is to use an reverse proxy such as Nginx (which can also be installed as a container) to act as a secure bridge between the internal container "bridged" network and the host's external network.
Nginx provides a wide range of security controls that can meet nearly all end-user requirements: https://docs.nginx.com/nginx/admin-guide/security-controls/
The overall setup would look like the following illustration: only a single Nginx port needs to be exposed, secured with TLS as HTTPS, which then routes traffic to the underlying application containers.
Please note: if a reverse proxy is not used and the container's web UI port 80 is exposed directly, the container engine modifies iptables on Linux. This makes the port publicly accessible and may bypass existing firewall settings, potentially exposing the system to security risks.
