Restricting server to internal network

In Interfaces Frank!Console and Ladybug, it was said that requiring authorization can be combined with allowing acces through HTTP instead of HTTPS. This makes sense when the server is only accessible from an internal network – an internal network that only connects servers that are part of the same product.

We continue the example of the previous subsection HTTP Interfaces in which only access to <ApiListener> elements is possible. The example adds a client that connects to the server and authenticates using basic authentication. The client is treated in the next subsection. Below you see the docker-compose.yml file in which the server container is highlighted:

services:
  frank-authorization-server:
    image: frankframework/frankframework:latest
    volumes:
      - ./server/configurations:/opt/frank/configurations
      - ./server/resources:/opt/frank/resources
    environment:
      instance.name: frank-authorization-server
      dtap.stage: DEV
      configurations.directory.autoLoad: true
      application.security.http.transportGuarantee: none
  frank-authorization-client:
    image: frankframework/frankframework:latest
    ports:
      - 8080:8080
    volumes:
      - ./client/configurations:/opt/frank/configurations
      - ./client/resources:/opt/frank/resources
      - ./client/secrets:/opt/frank/secrets
    environment:
      instance.name: frank-authorization-client
      dtap.stage: LOC
      configurations.directory.autoLoad: true
      credentialFactory.class: org.frankframework.credentialprovider.PropertyFileCredentialFactory
      credentialFactory.map.properties: /opt/frank/secrets/credentials.properties

The important part here is what is missing – there is no ports entry. No port is made accessible on the host network. This is the way to restrict docker containers to the internal network. The network of containers that are part of the same Docker Compose file.