2
votes

I would like to know the answer for the following:-

I'm currently running Docker 17.09-ce in swarm mode. I would like to know if I created an encrypted overlay network as $ docker network create --opt encrypted --driver overlay secure-net and having 2 containers running in the same encrypted overlay network, eg Container A (Nginx) and Container B (Custom App). Do I still need to secure my Nginx with SSL/TLS so that Custom App and Nginx are communicating in a secure channel between the 2 or having an encrypted overlay network is good enough as far as security is concern

Assuming there is no requirement for Nginx to be exposed to external request outside the host, meaning no port will be exposed in Nginx and all communication is communicated internally only through the overlay network.

I've read the article below but not 100% sure

https://forums.docker.com/t/mesh-networking-security/16975

1

1 Answers

4
votes

Communication between services running inside containers (i.e. Nginx proxy service) - data-plane, is not encrypted by default. When you do:

$ docker network create --opt encrypted --driver overlay

You’re strictly saying create an overlay network which always encrypts traffic between containers on different swarm nodes (traffic traversing overlay network). It will ensure there is encrypted communication between endpoints.

If you’re not exposing your service to the public, then you don’t need to do Nginx specific TLS/SSL encryption. If you want to expose to the public, then you’ll have to configure TLS/SSL encryption for traffic between your load balancer and the end user.