Permissions: lock down streams, allow only admin tool

I (try to) run EventStore in a docker-compose cluster.
I want EventStore interface to be publicly available (so I could administer it from outside the docker container), but I want to lock down writing/reading to actual streams (via REST api) from the outside.

If it was possible to put admin interface on one port and REST api on another, that would be easy in docker. But I don’t think it’s possible, right?

P.S. I really enjoy working with EventStore, but the docs seem to be rather sparse, so I’d ask a few more newbie questions later, please bare with me :slight_smile: