Containerization with Docker became really popular and has allowed many applications to create light-weighted Dockerized infrastructures with a lot of features, such as fast code deployment.
Docker as is in its original architecture presumes that it’s containers can connect to the outside network. Meanwhile, by the default configuration you are not able to access the containers from the outside.
Restricting access to Docker containers from outside world is a good solution in terms of security, but may be problematic for some particular cases where you need an access from outside, for example testing the application, website hosting, etc.
In this article we will talk about docker commands which will make possible to expose port in docker containers and make them accessible from outside network and how to connect their ports to external ports in the host. Also, you are able to take a closer look at some useful docker commands at this article.
Port binding in Docker
Let’s assume that we want to run NGINX in Docker container. What you can do is install NGINX and run a container, but what you can’t do – is access this container from the outside.
By the default – Docker containers are using internal network and each Docker container is having it’s own IP that is accessible from Docker Machine. The interesting thing is that internal IP’s can’t be used to access containers from outside, however Docker Machine’s primary IP is accessible from external network.
Of course, you’ll need to enable user access to web server application from the internet. We usually bind Docker container 80 port to the host machine port, lets say 7777. Consequently, users will be able to access web server 80 port using the host machine port 7777.
Are you tired of managing your Docker infrastructure? Our DevOps engineers will take care of your Docker infrastructure and make it working as Swiss watches.
Exposing Docker ports while creating Docker container
To expose Docker ports and bind them while starting a container with
docker run you should use
-p option with the following Docker commands:
docker run -d -p 9090:80 -t nginx
This will create NGINX container and bind it’s internal 80 port to the Docker machines 9090.
Check it out with
docker ps command:
docker inspect command to view port’s bindings:
After that the internal 80 port will be accessible using Docker machine IP on port 9090.
Expose multiple docker ports.
Now we know how to bind one container port to host port, which is pretty useful. But in some particular cases (for example, in microservices application architecture) there is a need of setting up multiple Docker containers with a lot of dependencies and connections.
In such cases, it is conceivable to delineate scope of ports in the docker host to a container port:
docker run -d -p 7000-8000:4000 web-app
It will bind 4000 container’s port to a random port in a range 7000-8000. Include “EXPOSE“ parameter in Dockerfile if you want to update Docker container listening ports:
Exposing Docker port to a single host interface
There are also some particular cases when you need to expose docker port to a single host interface, let’s say – localhost. You can do this by mapping the port of the container to the host port at the particular interface:
docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT -t image
Docker ports random exposure during a build time
Want to map any network port inside a container to a port in the Docker host randomly ? – Use
docker run command:
docker run -d -P webapp
Security is #1 priority in any online project, so you should not forget about special security measures. Good solution will be to create Firewall rules and configure them to block unauthorized access to container.
If you have some problems with your Docker you can always hire our experts to take care of your containerized infrastructure – we’d be happy to collaborate with you!