Nginx status page in Docker

I have a server which hosts several Docker containers including an Nginx reverse proxy to serve content. In order to get status of this server I have added the following location block:

location /nginx_status {
    stub_status on;
    access_log  off;
    deny        all;

Under normal circumstances I would only have opened up but that means that the host machine would not have access (only the Nginx container itself would) so I opened up all of the 172 addresses. Is there a cleaner/more secure way of doing this or is my approach reasonable for a production environment?

  • Doesn't Docker port binding obviate the need for Kubernetes' complex networking model?
  • supervisor.sock refused connection in docker container
  • Multiple SymmetricDS instances at same host
  • Docker python client API copy
  • Nginx proxy on Elastic Beanstalk EC2 instance times out
  • Multithreading during image build
  • Docker on RHEL 7 in AWS can’t pull images
  • Launching Docker demon from Java Service
  • Docker permissios shared Volume on mac
  • Docker container UUID
  • How to access mysql outside my kubernetes cluster?
  • How to place files on shared volume from within Dockerfile?
  • One Solution collect form web for “Nginx status page in Docker”

    When docker starts it creates an interface docker0 that is an ethernet bridge, and assigns it an IP address. Docker tries to choose a smart default, and the range is a good default. The host will route all traffic destined for that network to the docker0 bridge, and it’s not accessible externally unless you’ve mapped a port.

    In your question you’ve allowed, some of which is not RFC1918 private address space. You could restrict this further to either all of the addresses in the Docker network driver source I linked before, or simply since that’s the first in the list and is usually used.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.