4 lat temu · a21289bf11
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@@ -1,5 +1,53 @@
 
				 # Advanced Configuration
			
 
				 
			
 
				+## Best Practice: Use a docker network
			
 
				+
			
 
				+For those who have a few of their upstream services running in docker on the same docker
			
 
				+host as NPM, here's a trick to secure things a bit better. By creating a custom docker network,
			
 
				+you don't need to publish ports for your upstream services to all of the docker host's interfaces.
			
 
				+
			
 
				+Create a network, ie "scoobydoo":
			
 
				+
			
 
				+```bash
			
 
				+docker network create scoobydoo
			
 
				+```
			
 
				+
			
 
				+Then add the following to the `docker-compose.yml` file for both NPM and any other
			
 
				+services running on this docker host:
			
 
				+
			
 
				+```yml
			
 
				+networks:
			
 
				+  default:
			
 
				+    external:
			
 
				+      name: scoobydoo
			
 
				+```
			
 
				+
			
 
				+Let's look at a Portainer example:
			
 
				+
			
 
				+```yml
			
 
				+version: '3'
			
 
				+services:
			
 
				+
			
 
				+  portainer:
			
 
				+    image: portainer/portainer
			
 
				+    privileged: true
			
 
				+    volumes:
			
 
				+      - './data:/data'
			
 
				+      - '/var/run/docker.sock:/var/run/docker.sock'
			
 
				+    restart: always
			
 
				+
			
 
				+networks:
			
 
				+  default:
			
 
				+    external:
			
 
				+      name: scoobydoo
			
 
				+```
			
 
				+
			
 
				+Now in the NPM UI you can create a proxy host with `portainer` as the hostname,
			
 
				+and port `9000` as the port. Even though this port isn't listed in the docker-compose
			
 
				+file, it's "exposed" by the portainer docker image for you and not available on
			
 
				+the docker host outside of this docker network. The service name is used as the
			
 
				+hostname, so make sure your service names are unique when using the same network.
			
 
				+
			
 
				 ## Docker Secrets
			
 
				 
			
 
				 This image supports the use of Docker secrets to import from file and keep sensitive usernames or passwords from being passed or preserved in plaintext.
			
@@ -34,7 +82,7 @@ services:
 
				       DB_MYSQL_PORT: 3306
			
 
				       DB_MYSQL_USER: "npm"
			
 
				       # DB_MYSQL_PASSWORD: "npm"  # use secret instead
			
 
				-      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
			
 
				+      DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
			
 
				       DB_MYSQL_NAME: "npm"
			
 
				       # If you would rather use Sqlite uncomment this
			
 
				       # and remove all DB_MYSQL_* lines above
			
@@ -55,7 +103,7 @@ services:
 
				       MYSQL_DATABASE: "npm"
			
 
				       MYSQL_USER: "npm"
			
 
				       # MYSQL_PASSWORD: "npm"  # use secret instead
			
 
				-      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD 
			
 
				+      MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
			
 
				     volumes:
			
 
				       - ./data/mysql:/var/lib/mysql
			
 
				 ```