Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it’s db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.
It’s strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.
I’m not a netsec professional, this is just my understanding of best practices.
Am I doing something wrong? All my services are grouped in docker compose files. Containers that have to communicate internally - a server and it’s db for example - are on their own private docker network. A reverse proxy has its ports 80 and 443 open and it is on an external docker network. Services that I need to access from the outside are on this network and they do not have any ports open. Except for the torrent client, which has a UDP port open.
It’s strong, but splitting services into separate VMs is stronger than just using separate docker containers. This is especially true for the torrent client.
I’m not a netsec professional, this is just my understanding of best practices.
I am also just a hobbyist, so that was a genuine question. Thanks for the answer.
Same here! Good luck with your setup!!