Docker Community Forums

Share and learn in the Docker community.

Accessing docker containers on another host

I would like to add a proxy container to my docker-compose with the sole aim of forwarding any API calls verbatim to an external host and port. I wondered if this needs a container at all or could be done with some docker commands and/or iptables rules? I’d like to avoid the need to change hosts files on the client containers, in other words easily swap in and out the proxy vs the real container and have either recognised within the docker network DNS. It would be like a mock of the container but with more control, and the mock would be shared between several docker hosts, if that makes sense?

Hi there

I would 100% create a proxy container, maybe stuff like traefik og a simple nginx proxy.

Its better than maintaining iptables

I suppose I’m attracted to the fact that it could theoretically be done with no overhead. I think I’d have to create a new virtual port on docker0, get docker to assign an IP address to it and a name, without it being associated with any container, then create some kind of NAT rule to send packets arriving at that interface elsewhere. Adding the port should be OK as it’s probably a bridge/kernel command but I’m not sure if there’s any docker command to get into the docker DNS system and manipulate it, at least I haven’t seen one.

There isnt, but not sure why you would do that?

You can, again with traefik, create virtualhosts, so if its domain.com → container:80

You dont have to manipulate anything, and i wont recommend it at all, if you’re running things in docker, just stick to the options there is in docker, since it will solve 99% of all needs

If I can use traefik (or other proxy) to produce multiple homes all of which are visible from all other containers without having to change them, then sure, I’d go for that. I just thought I’d need to have multiple instances of traefik/proxy to get them registered with the docker DNS, because I will need a lot of different proxies.

EDIT: This seems to give me a fairly lightweight proxy container, maybe that’s good enough:

FROM busybox
RUN echo '80      stream  tcp     nowait  nobody  /bin/nc nc 172.17.0.6 8006' > /etc/inetd.conf
CMD ["/bin/inetd", "-f"]