your config is pretty huge and complicated. usually there is no harm to add rfc1918 addresses: 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8
as this addresses are not routeable in internet so attack vector remains internal. …but you still have some duplicates I would remove for the sake of clarity:
- you definitely don’t need 127.0.0.1/8 as this translates to localhost which is never the case for communication between different docker containers
- likely you don’t need 172.100.0.0/16
- you should explain what is 10.0.10.209 - your Docker host IP? depending on the setup you might need it… but in your case this one is covered by 10.0.0.0/8 as well
If you want to concise wopi allowlist and and make both system talking to each other through internal Docker networks look at this post:
The approach shows you generic config it might differ if you have no reverseproxy in place.