I’m getting rid of Bitwarden’s built in Lets Encrypt system (owing to a lack of dns challenge) because none of my network is publically available.
I’ve setup nginx proxy manager and begun proxying everything behind that.
Part of how this works is I’ve completely removed SSL from bitwarden - now I want to isolate all bitwarden docker containers I’ve created that my local network cannot access.
Based on what I read in this forum, I go to bwdata/docker/
& create a file named docker-compose.override.yml
and override the “network” like the below but I just wanted to confirm what the correct approach to do it is?
The goal is to restrict the WebUI so it is not accessible from anywhere but the named network, so all ingress/egress is controlled by the nginx proxy manager container.
services:
nginx:
ports:
- "127.0.0.1:8081:8080"
networks:
- default
- host-only-internal
networks:
host-only-internal:
external: false
(Where “host-only-internal
” is the name of the network where nginx proxy mgr is attached to, and "127.0.0.1:8081:8080"
signifies the container will only listen on localhost and therefore will not be reachable from outside the named network.)