Communication between docker container

[surtan02]

I am installing my EJBCA-CE with docker behind a nginx-reverse-proxy, it works fine, I can access the adminweb if my browser have the right client certificate. Now i want to deploy my custom application (call it app-1), as a docker container inside the same host with my ejbca container. the app-1 need to call some API from /ejbca-rest-api/{endpoint}, but since I set the ejbca to port 8082 and 8081, it cant receive the client cert send by my app-1. how do I manage to authenticate my app-1 to access ejbca-api without passing it through nginx? prolly make the ejbca/ejbca-rest-api publicly accessible so i done need to provide auth for my app-1

my app-1 axios

const pfx = fs.readFileSync(PFX_FILE_DIRECTORY);
const passphrase = EJBCA_ADMIN_PASS;
const agent = new https.Agent({
  pfx: pfx,
  passphrase: passphrase
});

export const axiosInstance = axios.create({
  baseURL: http://ejbca:8082,
  httpsAgent: agent
});

my docker-compose,yaml

version: '3.8'

services:
  ejbca:
    hostname: mydomainhost
    image: keyfactor/ejbca-ce
    ports:
      - "8082:8082"
      - "8081:8081"
    env_file:
      - .env
    environment:
      - TLS_SETUP_ENABLED=simple
      - DATABASE_JDBC_URL=${EJBCA_DATABASE_JDBC_URL}
      - DATABASE_USER=${EJBCA_DATABASE_USER}
      - DATABASE_PASSWORD=${EJBCA_DATABASE_PASSWORD}
      - PROXY_HTTP_BIND=0.0.0.0

  app-1:
    image: app-1
    build:
      context: .
    ports:
      - "3000:3000"
    env_file:
      - .env
    volumes:
      - ${LOCAL_CA_FILE_DIRECTORY}:${CA_FILE_DIRECTORY}
      - ${LOCAL_PFX_FILE_DIRECTORY}:${PFX_FILE_DIRECTORY}

[cindy-chin]

Did you find solution for this eventually?

[primetomas]

Unless you modified the EJBCA container, it listens to port 8443 with client certificate authentication.
https://hub.docker.com/r/keyfactor/ejbca-ce
If you want to remap 8443 to another port it's "-p 443:8443" so I would assume it should be "8082:8443" if you want port 8082 to be the service port. But since you are using TlS_SETUP="simple" it will not use client cert authentication. It should be documented in the dockerhub documentation, you should use another TLS_SETUP if you want "internal" client cert authenticated access.