Securing Our Docker Swarm with Overlay Networks
Disclaimer: This blog post is automatically generated from project documentation and technical proposals using AI assistance. The content represents our development journey and architectural decisions. Code examples are simplified illustrations and may not reflect the exact production implementation. The Port Explosion Problem I was reviewing our Docker Compose file when Caroline pointed out a problem: “We’re exposing way too many ports to the host.” She was right. Our current configuration looked like this: traefik: ports: - '8080:80' - '8443:443' postgres: ports: - '5432:5432' clickhouse: ports: - '8123:8123' - '9000:9000' nats: ports: - '4222:4222' - '8222:8222' “That’s six public ports just for infrastructure,” Caroline said. “And we’re not even using standard HTTP/HTTPS ports.” Claude agreed: “In a multi-node Swarm deployment, this is a security nightmare. Anyone who knows your IP can probe those ports.” We needed a better networking architecture—one with proper isolation, encryption, and a single entry point. ...