Skip to content

Docker and UFW


This guide assumes:

  • You are using NGINX
  • You have a non-root user with sudo privileges
  • You have a domain name pointing to your server

This guide will walk you through how to use Docker with UFW and NGINX as a reverse proxy. This setup will allow UFW to block the service your Docker command makes as well as proxy requests coming from a subdomain.

By default, if you start a Docker container without localhost/ before the port, the service will bypass UFW and be publicly accessible for everyone.

DNS Setup

Set up a subdomain for your app. Since this varies greatly between DNS providers, I will not go into details but please google it if you are having trouble.


Start a simple docker container with port 9000 exposed. Something like The is very important here


Configure UFW to allow connections to port 80 and/or 443 (if not already enabled)

sudo ufw allow http
sudo ufw allow https


Set up the configuration file in the /etc/nginx/sites-available/ directory. You will want it to set up as a proxy to the port of your docker container. It should look something like the below.

server {
  listen 443 ssl;

  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  add_header X-XSS-Protection "1; mode=block";
  add_header X-Frame-Options "SAMEORIGIN";

  location / {
  location ~ /\.ht {
    deny all;

Last update: November 26, 2020