Skip to content

Commit

Permalink
Merge pull request #899 from jc21/develop
Browse files Browse the repository at this point in the history 
Docs for a docker network
  • Loading branch information
@jc21
jc21 committed Feb 17, 2021
2 parents 4a8d012 + a21289b commit b7b808d
Showing 1 changed file with 50 additions and 2 deletions.
52 changes: 50 additions & 2 deletions docs/advanced-config/README.md
View file
@@ -1,5 +1,53 @@
# Advanced Configuration # Advanced Configuration


## Best Practice: Use a docker network

For those who have a few of their upstream services running in docker on the same docker
host as NPM, here's a trick to secure things a bit better. By creating a custom docker network,
you don't need to publish ports for your upstream services to all of the docker host's interfaces.

Create a network, ie "scoobydoo":

```bash
docker network create scoobydoo
```

Then add the following to the `docker-compose.yml` file for both NPM and any other
services running on this docker host:

```yml
networks:
default:
external:
name: scoobydoo
```

Let's look at a Portainer example:

```yml
version: '3'
services:

portainer:
image: portainer/portainer
privileged: true
volumes:
- './data:/data'
- '/var/run/docker.sock:/var/run/docker.sock'
restart: always

networks:
default:
external:
name: scoobydoo
```

Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
and port `9000` as the port. Even though this port isn't listed in the docker-compose
file, it's "exposed" by the portainer docker image for you and not available on
the docker host outside of this docker network. The service name is used as the
hostname, so make sure your service names are unique when using the same network.

## Docker Secrets ## Docker Secrets


This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext. This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
Expand Down Expand Up @@ -34,7 +82,7 @@ services:
DB_MYSQL_PORT: 3306 DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm" DB_MYSQL_USER: "npm"
# DB_MYSQL_PASSWORD: "npm" # use secret instead # DB_MYSQL_PASSWORD: "npm" # use secret instead
DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
DB_MYSQL_NAME: "npm" DB_MYSQL_NAME: "npm"
# If you would rather use Sqlite uncomment this # If you would rather use Sqlite uncomment this
# and remove all DB_MYSQL_* lines above # and remove all DB_MYSQL_* lines above
Expand All @@ -55,7 +103,7 @@ services:
MYSQL_DATABASE: "npm" MYSQL_DATABASE: "npm"
MYSQL_USER: "npm" MYSQL_USER: "npm"
# MYSQL_PASSWORD: "npm" # use secret instead # MYSQL_PASSWORD: "npm" # use secret instead
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
volumes: volumes:
- ./data/mysql:/var/lib/mysql - ./data/mysql:/var/lib/mysql
``` ```
Expand Down

0 comments on commit b7b808d

Please sign in to comment.