Addressing the container is killing me!

Trying to find out where my ports are exposed on the host is causing me all sorts of grief.

I’m running Docker for Mac - upgraded today, I have a VPN container that also has a web browser in it and I have no idea what host name and port to use on Safari on my Mac. I have tried local host,,, some 172. Addresses too!

Has anyone written the defacto standard on how to work out where your applications live when you fire them up?

get container ids for runnign containers

docker ps

get ip address and port info for a specific container

docker inspect container_id

…yeah, never do this. It will give you an artificial IP address that’s useless for most purposes. That’s doubly true if you’re in an environment like either of the Mac-based environments where Docker is running in a virtual machine: the host simply can’t reach the fake Docker network.

You should treat the fact that containers happen to have IP addresses as an implementation detail, use the normal docker run -p option to publish ports on your host, and use your host’s DNS name (or IP address) and the published ports to access your containers.

(The further corollary to this, which you should absolutely Google, is that you should never say localhost in a Docker world, except in the extremely specific case of you, the human, sitting at the keyboard and typing it into a browser or tool running on your desktop to get access to a container’s published port.)