IPTables Docker and Nginx

Understanding IPTables and Docker

Docker creates it's own rules to port-forward and docker creates chain rules using, PREROUTING, FORWARD and POSTROUTING. All of this chains will have priority over INPUT, as shown in the next graph:

And each time docker is initialized, the rules will overwrite other rules that interfere with it's dockers.

To help secure your system. we recommend using NGINX to proxy your connections.

Configuring NGINX

If you have configured a cluster for elasticsearch you can configure docker in the following way:

 docker run -d ... entermediadb/entermedia-elasticnode

 

This will create the docker, and inside the docker ports will be open (9300 and 9200) for elastic search

 

Now on Nginx we can configure a stream More info here

 stream { allow 172.0.0.0/8; # Add as meny IPs you need here to be open deny all; server { listen {pubIP}:9200; # configure your public IP proxy_pass {dockerIP}:9200; # configure your server IP } server { listen {pubIP}:9300; # configure your public IP proxy_pass {dockerIP}:9300; # configure your server IP } }

This way, you can still configure with IPTables with the INPUT Chain, and you can configure nginx as your firewall:

 iptables -A INPUT -p tcp -m tcp -m multiport --dports 9300,9200 -j ACCEPT

With this you can configure iptables or nginx, whichever is more convenient for you