Nginx status page in Docker

I have a server which hosts several Docker containers including an Nginx reverse proxy to serve content. In order to get status of this server I have added the following location block:

location /nginx_status {
    stub_status on;
    access_log  off;
    allow       127.0.0.1;
    allow       172.0.0.0/8;
    deny        all;
}

Under normal circumstances I would only have opened up 127.0.0.1 but that means that the host machine would not have access (only the Nginx container itself would) so I opened up all of the 172 addresses. Is there a cleaner/more secure way of doing this or is my approach reasonable for a production environment?

  • How can I add automated tag to my Docker repository?
  • how to get docker-compose to use the latest image from repository
  • How to restore nuget packages from network share in Linux Docker container
  • Syn flood and net.ipv4.tcp_syncookies
  • Intellij, Spring dev tools remote, Docker, error Unexpected 404 response uploading class files
  • exec not found using Dockerfile ENTRYPOINT
  • CircleCI './docker-compose.yml' service 'version' doesn't have any configuration options
  • FileNotFoundException in tomcat7 running inside a ubuntu docker container
  • The volumes always mount to the /root/ not /crawler/ I specified
  • Docker volumes and package.json not found
  • Enter into docker container after shell script execution is complete
  • Determining if a process runs inside windows/iis
  • One Solution collect form web for “Nginx status page in Docker”

    When docker starts it creates an interface docker0 that is an ethernet bridge, and assigns it an IP address. Docker tries to choose a smart default, and the 172.17.0.0/16 range is a good default. The host will route all traffic destined for that network to the docker0 bridge, and it’s not accessible externally unless you’ve mapped a port.

    In your question you’ve allowed 172.0.0.0/8, some of which is not RFC1918 private address space. You could restrict this further to either all of the addresses in the Docker network driver source I linked before, or simply 172.17.0.0/16 since that’s the first in the list and is usually used.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.