Nginx status page in Docker

I have a server which hosts several Docker containers including an Nginx reverse proxy to serve content. In order to get status of this server I have added the following location block:

location /nginx_status {
    stub_status on;
    access_log  off;
    allow       127.0.0.1;
    allow       172.0.0.0/8;
    deny        all;
}

Under normal circumstances I would only have opened up 127.0.0.1 but that means that the host machine would not have access (only the Nginx container itself would) so I opened up all of the 172 addresses. Is there a cleaner/more secure way of doing this or is my approach reasonable for a production environment?

  • Passing sensitive information to Docker container in AWS EC2 container service
  • Why php-fpm from official Docker image doesn't work for me?
  • Execute JUnit tests inside Docker container
  • Start node app when running docker container from cli
  • Docker-compose and Docker-swarm
  • How can I determine if a specific tag is available for an image
  • How to pass docker run command line arg to docker-compose?
  • Dockerfile volume with database - using volume for mutable user-servicable parts
  • exec is no use ,I do not know how to solve
  • How to connect postgresql container to django container?
  • Issues with artifactory Docker
  • Service inside docker container stops after some time
  • One Solution collect form web for “Nginx status page in Docker”

    When docker starts it creates an interface docker0 that is an ethernet bridge, and assigns it an IP address. Docker tries to choose a smart default, and the 172.17.0.0/16 range is a good default. The host will route all traffic destined for that network to the docker0 bridge, and it’s not accessible externally unless you’ve mapped a port.

    In your question you’ve allowed 172.0.0.0/8, some of which is not RFC1918 private address space. You could restrict this further to either all of the addresses in the Docker network driver source I linked before, or simply 172.17.0.0/16 since that’s the first in the list and is usually used.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.