Limit internet access to some services only?

Hi All,

I am running traefik v2 on my qnap and I would like to limit access to only a few containers to be available from the outside (internet) - the rest of the containers (or services) should only be available from my internal IPs and should ideally throw an error when accessed from somewhere else.

I saw someone made a similar post with pretty much the same request but didn't receive any replies (How to limit Internet traffic to some containers only?) so I thought I will take another shot at this.

Any way this can done maybe with entry points?

Thanks a lot,
stivi

I was the OP of the linked question and got no answer (I also posted it on SO). I ended up moving to Caddy .

Certainly seems like a job for IPWhitelist Middleware

that is exactly what I was looking for. Not sure why I couldn't find it. thanks a lot I will give it a shot!

Sorry I havne't been able to look into this earlier, but a quick question on this middleware, as I couldn't find the information.

Wouldn't I have to make changes to my internal DNS in order to be able to reach traefik from my internal network?

Like I currently have all of Cloudflares IPs whitelisted + my local lan IPs. I guess because I am hosting the domain on cloudflare the dns would always go out unless I tell my DNS server to look for that particular host locally and not go out to the internet?

That is certainly what I would do on the local network. It is possible to do it via internet, but why would you want to? QNAP would generally mean a file server / media server. You don't want to be going all the way out and back for these things when they are on your local network.