Docker security on Linode (Akamai Cloud)

Secure Docker deployments on Linode instances

Linode Cloud Firewall

Linode (now Akamai Cloud) offers a Cloud Firewall that blocks traffic at the network level before it reaches your Linode. This is your first line of defence against Docker port exposure.

✅ Recommended Linode Cloud Firewall rules

Inbound:
  ACCEPT  TCP  22    # SSH — restrict to your IP if possible
  ACCEPT  TCP  80    # HTTP
  ACCEPT  TCP  443   # HTTPS
  DROP    ALL        # Block everything else

Outbound:
  ACCEPT  ALL        # Allow all outbound

UFW setup on Linode

# Safe UFW setup sequence
sudo ufw allow 22/tcp comment "SSH"
sudo ufw allow 80/tcp comment "HTTP"
sudo ufw allow 443/tcp comment "HTTPS"
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable

Docker compose best practices for Linode

services:
  app:
    image: myapp
    ports:
      - "127.0.0.1:8080:8080"  # App — reverse proxied by nginx
  db:
    image: postgres:15
    # No ports: — internal only
  nginx:
    image: nginx
    ports:
      - "80:80"    # Public — intentional
      - "443:443"  # Public — intentional

Audit your Docker Compose and firewall rules

Open Docker Auditor →

Frequently Asked Questions

Does Linode's cloud firewall interact with Docker?

Linode Cloud Firewall operates at the network edge, before traffic reaches your Linode. It blocks traffic before Docker's iptables rules are evaluated, so it effectively protects Docker-exposed ports. Still use 127.0.0.1 bindings as defence-in-depth.