I want to run a hidden service in Whonix and to isolate the webserver and php I want to configure them inside docker containers. I installed Docker and configured nginx, php and both containers are up and running. I also can access the nginx server through the hidden service generated in the gateway (I followed the official whonix guide to configure it) but the nginx can’t access the php container, I tested the communication between them using ping but there isn’t any communication between those containers. The same docker file is working in Debian 9 without problems so I guess that maybe I need to add something in the firewall to allow the private internal address of containers. I though that this will can be a good idea to improve whonix security or anonimity because even if there is any leak, it will be a docker private ip and having the code isolated in containers I think that’s better. I am not an expert in Docker but I am very noob using firewall and iptables so I need some help to get that configuration working.
Thanks for your reply. I know that if there is a leak the ip is internal, but as far as I know; the attacker could know that you are using whonix as gateway. Using a different internal ip address won’t disclose that information.
About Bublewrap I will check it but it is the first time that I hear it. I have some knowledges about lxc and firejail; I tried to build it using both but it was a bit difficult.
In docker I am not sure if my guessing it is right but if so, I only need to know how can allow connection between internal private ips to connect containers which I also think that it should be handled by the firewall but I don’t have many knowledges about iptables, networking and firewalls
This discussion assumes local execution ability. In that case for example installed list of packages is unique to Whonix, fonts, and whatnot. Also while Protocol Leak and Fingerprinting Protection is not fully on topic, some things apply.