Can I change the default IP from 0.0.0.0 when binding?

How can I change the default IP when binding ports to not be 0.0.0.0, but 127.0.0.1 (i.e. not publicly accessible)?

However, I want the ability to open access up for some containers - so blocking all of DOCKER in iptables isn’t really an option.

So, in summary:

docker run -d -p 12345 private/container

will result in something like 127.0.0.1:72234->12345/tcp, but

docker run -d -p 123.10.12.123:12345 public/container

will result in something like 123.10.12.123:72242->12345/tcp.


Any thoughts?

1 Like

you can use -p IP:host_port:container_port or -p IP::port according to

is this what you wanted?

2 Likes

I’m sorry was my question unclear?

I don’t see how effectively quoting back my example helps…

Let me try again


I want to change the default IP of Docker -p/--publish to be something other than 0.0.0.0

The closest (I think) I can find is this comment:

Or if you always want Docker port forwards to bind to one specific IP address, you can edit your system-wide Docker server settings and add the option --ip=IP_ADDRESS

in the docs - but where is Docker server in Docker for Mac?

sorry, just read your command, and got irritated by the single “:” when there should be a double “::”. :slight_smile:

So it’s not as clearly documented as it could be, but it is a simple fix:

Visit Docker > Preferences > Daemon > Advanced in the toolbar and add the line

  "ip" : "127.0.0.1",

to the start of the configuration file, i.e. it will look like

{
  "ip" : "127.0.0.1",
  "experimental" : false
}

Restart and then the default (i.e. when you don’t define it) host for published ports will be 127.0.0.1.

3 Likes

I apologize that this is exactly the opposite of what you’re asking for, but could you describe what you did, if anything, to make your containers publicly accessible? I do want mine to be accessible by my colleagues on my work network, and yet they aren’t, despite supposedly being bound to 0.0.0.0.

My docker ps output is:

5d95d5d760bf multitenant "/entrypoint.sh bi..." 13 seconds ago Up 11 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp multitenant

I’ve confirmed that this is not a firewall issue on my machine, as it is configured to allow traffic from work IPs on port 80/443. I even tried disabling it completely, but that didn’t help.

I’m not sure if it’s relevant, but I’m using docker-compose to bring up my machines. It’s configured to expose the appropriate ports, as you can see from docker ps, but they are still inaccessible by my colleagues. They cannot browse to the web server running in that container, and cannot telnet into either port.

Sorry, I don’t know the answer. Your output look like what I had, so I’d
guess it’s something to do with your corporate network. I’d open another
question to not confuse this one or your question.

To test - I’d download a container that you know works, i.e. I always use
[1], and then try it. I’d also try connecting from your phone when you are
on another (less restrictive) network, say your home network. If you can,
then it’s a useful piece of evidence. If you can’t…then there’s some
other blocking - like firewall. Are there any iptables issues/changes that
you know about.

BTW the MacOS firewall doesn’t seem to do what it claims on the box, so
don’t be surprised if it’s doing something unexpected.

[1] https://hub.docker.com/r/v4tech/markdown-editor/

How are you running your docker host machine? Native or in a VM? If it runs in a virtualbox, make sure you have configured a bridged network.

Hi, could you find any answer to your question @v4tech ?

finally the solution i looked for!
TNX!!