Skip to content
Permalink
Browse files

Merge pull request #899 from jc21/develop

Docs for a docker network
  • Loading branch information
jc21 committed Feb 17, 2021
2 parents 4a8d012 + a21289b commit b7b808d98d787b25548265055d9f8621d31b580e
Showing with 50 additions and 2 deletions.
  1. +50 −2 docs/advanced-config/README.md
@@ -1,5 +1,53 @@
# Advanced Configuration

## Best Practice: Use a docker network

For those who have a few of their upstream services running in docker on the same docker
host as NPM, here's a trick to secure things a bit better. By creating a custom docker network,
you don't need to publish ports for your upstream services to all of the docker host's interfaces.

Create a network, ie "scoobydoo":

```bash
docker network create scoobydoo
```

Then add the following to the `docker-compose.yml` file for both NPM and any other
services running on this docker host:

```yml
networks:
default:
external:
name: scoobydoo
```

Let's look at a Portainer example:

```yml
version: '3'
services:
portainer:
image: portainer/portainer
privileged: true
volumes:
- './data:/data'
- '/var/run/docker.sock:/var/run/docker.sock'
restart: always
networks:
default:
external:
name: scoobydoo
```

Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
and port `9000` as the port. Even though this port isn't listed in the docker-compose
file, it's "exposed" by the portainer docker image for you and not available on
the docker host outside of this docker network. The service name is used as the
hostname, so make sure your service names are unique when using the same network.

## Docker Secrets

This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
@@ -34,7 +82,7 @@ services:
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
# DB_MYSQL_PASSWORD: "npm" # use secret instead
DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
DB_MYSQL_NAME: "npm"
# If you would rather use Sqlite uncomment this
# and remove all DB_MYSQL_* lines above
@@ -55,7 +103,7 @@ services:
MYSQL_DATABASE: "npm"
MYSQL_USER: "npm"
# MYSQL_PASSWORD: "npm" # use secret instead
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
volumes:
- ./data/mysql:/var/lib/mysql
```

0 comments on commit b7b808d

Please sign in to comment.