[ogarten]

So, you got an UI and a backend and the backend more or less makes HTTP(?) requests to other services?

The easiest way to secure the application is probably to use API keys or HTTP Basic Auth to get some basic security. How is your frontend secured? Do people login or can they just access the UI?

A more complicated setup would be OAuth2 but you would need an Auth provider your company may or may not have already. The good things is, your application only lives inside the local network which hopefully makes it less accessible to attacks anyway.

I think everything related to security should be discussed in the team you are working in. You are an intern and cannot know. If you were my intern I would not put you into the position to decide security related things.

Also, why is the UI running in docker but the backend on the host directly? I would run both in docker containers.