We have a docker bridge containing several docker containers. The main docker is an nginx server which acts as web host and forwards all data to the other containers.
Now a requirement is that the connections are limited to only a specified list of ip adresses. To do this I've editted the nginx server file:
server {
allow 127.0.0.0/8;
deny all;
...
Which should allow the loopback 127.0.0.1 to connect.
This however fails, and looking at the access.log shows why: All rows start with:
172.25.0.1 - - [10/Apr/2018:08:22:46 +0000] "GET
172.25.0.1
is the docker bridge network gateway; thus the docker "forgets" the external ips and I can't filter on that anymore.
How can I filter on ips? Or forward the source ips to the docker?