Modern Reservation System - Security Best Practices
🔒 Current Implementation: Localhost Binding
✅ What We’ve Done:
- Business Services → Bind to
127.0.0.1(localhost only)- reservation-engine (8081) - Internal only
- availability-calculator (8083) - Internal only
- payment-processor (8084) - Internal only
- rate-management (8085) - Internal only
- Gateway Service → Remains on
0.0.0.0:8080(externally accessible)- Single entry point for all external traffic
- Routes to internal services via localhost
- Infrastructure Services → Mixed exposure
- Eureka Server (8761) - Accessible for service discovery
- Config Server (8888) - Should be internal only
- Zipkin (9411) - Admin/monitoring access
🌐 Network Architecture:
Internet/External Clients
↓
Gateway Service (8080)
[0.0.0.0:8080 - EXPOSED]
↓
┌─────────────────────────┐
│ Internal Services │
│ 127.0.0.1 ONLY │
│ │
│ reservation-engine │ ← 127.0.0.1:8081
│ availability-calc │ ← 127.0.0.1:8083
│ payment-processor │ ← 127.0.0.1:8084
│ rate-management │ ← 127.0.0.1:8085
└─────────────────────────┘
🔧 Alternative Approaches
Option 2: Docker Network Isolation
# docker-compose-secure.yml
version: '3.8'
services:
gateway:
networks:
- public
- internal
ports:
- "8080:8080"
reservation-engine:
networks:
- internal # No public network
# No port mapping - internal only
networks:
public:
external: true
internal:
internal: true # No external access
Option 3: Reverse Proxy + Internal Network
# nginx.conf
upstream backend {
server 127.0.0.1:8080; # Only gateway exposed
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
# Block direct service access
location ~ ^/(reservation-engine|payment-processor|rate-management|availability-calculator) {
return 403;
}
}
📊 Security Comparison
| Approach | Security Level | Dev Experience | Complexity |
|---|---|---|---|
| Localhost Binding | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐ |
| Docker Networks | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐ |
| Reverse Proxy | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐ |
| Service Mesh | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐⭐ |
🚀 Testing the Implementation
Before Changes (Insecure):
curl http://localhost:8081/reservation-engine/actuator/health # ✅ Direct access
curl http://localhost:8083/availability-calculator/health # ✅ Direct access
curl http://localhost:8084/payment-processor/health # ✅ Direct access
After Changes (Secure):
curl http://localhost:8081/reservation-engine/health # ❌ Connection refused
curl http://localhost:8083/availability-calculator/health # ❌ Connection refused
curl http://localhost:8084/payment-processor/health # ❌ Connection refused
# Only through gateway
curl http://localhost:8080/reservation-engine/health # ✅ Via gateway
curl http://localhost:8080/availability-calculator/health # ✅ Via gateway
curl http://localhost:8080/payment-processor/health # ✅ Via gateway
🔍 Gateway Routing Configuration
The gateway should have routes like:
spring:
cloud:
gateway:
routes:
- id: reservation-engine
uri: http://127.0.0.1:8081
predicates:
- Path=/reservation-engine/**
filters:
- StripPrefix=1
- id: payment-processor
uri: http://127.0.0.1:8084
predicates:
- Path=/payment-processor/**
filters:
- StripPrefix=1
💡 Benefits Achieved
- Zero Direct Access → Business services unreachable externally
- Single Entry Point → All traffic flows through gateway
- Centralized Security → Authentication/authorization at gateway
- Service Discovery Still Works → Internal communication via localhost
- Development Friendly → No complex networking setup
- Production Ready → Proper security boundaries
🎯 Next Steps
- ✅ Localhost binding implemented
- 🔄 Test service isolation
- 🔄 Verify gateway routing
- 🔄 Update monitoring/health checks
- 🔄 Configure proper authentication