This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/mattan99 on 2025-08-02 23:44:09+00:00.
I'm currently running a few docker containers on my server pc running ubuntu server. They are only accessible on LAN.
This pc is isolated in a separate VLAN with firewall rules only allowing access from my trusted VLAN to the server, not the other way around.
I have a NPM (proxy) container to handle SSL certs. This container has a network called "npm_network" that my other containers share.
I'm only able to access my services through NPM as I don't expose any ports for the other containers.
So I forward traffic to http(s)://container_name:port.
NPM example
services:
nginx_proxy_manager:
...
networks:
- npm_network
networks:
npm_network:
external: true
Other containers example:
services:
name-of-app:
...
networks:
- default
- npm_network
networks:
default:
driver: bridge
name: app_name_internal
npm_network:
external: true
Now to the question about docker security.
I'm mostly copying the compose file from the services documentation and add the security_opt: no-new-privileges:true
Is this enough? Should I be more paranoid?