I have the following situation. I have a service that listens to 127.0.0.1 on port 1234 (This cannot be changed for security reasons). On the same machine run a docker container. I need to somehow connect to the service on the host from within the container. Because the service only accepts requests from 127.0.0.1, i need somehow to link the port from the container to the host port but in reverse so when i connect from within the container to 127.0.0.1:1234 the service on the host will receive the data. Is this possible?
Thanks.
With the default bridged network, you won't be able to connect from the container to a service on the host listening on 127.0.0.1. But you can use --net=host when running a container to use the host network stack directly in the container. It removes some of the isolation, but then allows you to talk directly to 127.0.0.1 as the container and talk to services running on the host.
Question
How to bind Dockerized service on localhost:port ?
Answer
Use the -p as this: docker run -p 127.0.0.1:1234:1234 <other options> <image> <command>.
Related
TL;DR: I just want a way to forward trafic to localhost to the host without using --net=host
I'm running multiple containers on the same host, and need them to access an instance of Redis that's available at localhost:6379. Also, I need to use port forwarding, so using --net=host is not an option.
How can I start multiple containers and allow all of them to forward trafic to localhost to the host?
I have also tried docker run --add-host localhost:<private ip address> -p <somehostport>:<somecontainerport> my_image, with no success (I still get that connection to 127.0.0.1:6379 is refused, as if localhost was not resolved to the host's private IP)
I'm running multiple containers on the same host, and need them to access an instance of Redis that's available at localhost:6379.
You can't.
If something is listening only on localhost, then you can't connect to it from another computer, from a virtual machine, or from a container. However, if your service is listening to any other address on your host, so you can simply point your containers at that address.
One solution is to configure your Redis service to listen on the address of the docker0 bridge, and then point your containers at that address.
This is better solved by a small redesign. Move redis into a container. Connect containers via container networking, and publish the redis port to localhost for anything that still isn't in a container. E.g.
docker network create redis
docker run -d --net redis -p 127.0.0.1:6379:6379 --name redis redis
docker run -d --net redis -e REDIS_URL=redis:6379 your_app
Containers need to communicate by the container name over a user created network, so your app will need to be configured with the new redis URL (changing localhost to redis).
The only other solution I've seen for this involves hacking of iptables rules, which isn't very stable when containers get redeployed.
I have a process running on a host that needs to communicate with a docker and I want it to be done by some parameter that can't change (like docker name or host name) unlike IP (prefer not to make the IP of the docker static or install external dockers for this).
I'm aware that dockers can resolve addressees by name in a private network and that's what I want but not between dockers but between process running on the host and docker.
couldn't find a solution, can it be done ?
Edit:
I'm not allowed to use host network and open additional ports on the host for security reasons.
You're welcome to choose the way which fits your needs better.
Option 1. Use host's networking. In this case Docker does not create separate net for container and you connect to container's services as if they would run on your host:
docker run --network=host <image_name>
Drawback of this approach - low isolation and thus security. You dont need to expose any ports here - if service listens on 8080, just open localhost:8080 and enjoy.
Second approach is more correct - you expose (somehow forward) internal ports in container and map them onto ports in the host.
docker run -p 8080:80 <image_name>
This will map port 80 from container to port 8080 on the host. As in previous example, you still connect using localhost, e.g. localhost:8080.
I want to open port on docker container.
but not using docker run -p option.
because container have assigned independent IP address by bridge network.
so my system don't need port forwarding.
for example.
host OS has IP 172.30.1.2
container has IP 172.30.1.3
so I want to connect the container with 172.30.1.3:80 directly.
then, I tried something using iptables. but it is denied.
are there some way possible?
You can specify an IP endpoint when exposing ports. For example: -p 172.30.1.3:80:80
Check documentation here
How to access or connect to a process running on docker on host A from a remote host B
consider a Host A with ip 192.168.0.3 which is running a application on docker on port 3999 .
If i want to access that application from remote machine with IP 192.168.0.4 in same subnet.
To be precise i am running Kafka producer on the server and i am trying to receive using Kafka-console-Consumer.
Use --net=host to run your container and it'll use the host's network stack, then you can connect to the application running inside container like it's running on host directly.
Port mapping, use option -p to map the port inside your container to a port of your host. e.g. docker run -d -p <container port>:<host port> <image>, then you can connect to <host>:<host port> to connect your application inside container
Docker's built-in multi-host network. In early releases the network driver is isolated from docker's core, you have to use 3rd party tools like flannel or weave for multi-host connection, but from release 1.9, it has been merged into docker. You can follow it's guide to set it up.
Hope this is helpful :-)
First you need to bind docker container's port to the Host A:
docker run -d -p 3999:3999 kafka-producer
Then you need to access Host A from Host B using IP:Port
192.168.0.3:3999
Is docker capable of exposing a port only to the host and not to the outside.
I need to put a docker running with a mongo database, and I wanted that it was only accessible from the host, but I need to link the host port 27017.
Is this possible, or do the only possible way is to change firewall definitions?
Sure, just bind it to localhost, like this:
docker run -p 127.0.0.1:27017:27017
Also: Your host can also talk to each container normally over its IP. Use docker inspect $ID to get a json dump (beside other stuff) containing the network IP.