Docker Community Forums

Share and learn in the Docker community.

Docker Networking and ports

Hello,everyone,I am very new to docker Please help me on one of this topic.

Previously i have used lxc containers and we used to play with iptables to access the containers. Here i saw you directly mapping the host port to the container port. Now my question is: So mapping those ports works only while creating new containers?? What about the existing containers?? Let’s say i want to ssh to existing containers from my host ip [10.10.10.10:4444] to some ip of container [172.16.1.2:22] …

we used to do this in lxc using iptables nat rules… I guess we can still do this in docker using iptables. But is there any way to access the existing containers by directly mapping port of host to container port?? As i did so i couldn’t succeed because if i try to add that configuration; sudo docker run -it -d --name TEST -p 4444:22 centos it will say that “docker: Error response from daemon: Conflict. The container name “/TEST” is already in use by container”. So according to the situation we can map only one port at a time to the container during creation . AM i right?? Suppose i want to run my website in one of the container and i will map that website container as 8080:80 .

Now what if i want to access that web container through ssh from host assuming the ip of host as [10.10.10.10] and it’s port 4444 has been mapped with container port 22? How to do this??? In LXC we use to map different ports i.e web, ssh for the same container using iptables. Now how to do the same in docker? do we again need to play with iptables here?? Sorry the question is too long. I am new in docker…

I’m a bit confused by your post …

So you want to run a container with port 22 exposed … and another container that has also 22 exposed ?
Well first (regarding you error message from above) those container need to have unique names (tags) … otherwise you get: “The container name “TEST” is already in use”.

Next, if you expose a specific port number to your host, you can only do this one sigle time. For example, your first container has -p 22:22 that will “NAT” your hosts port 22 to your docker container port 22. If you try to assign the hosts port 22 again the operation will fail as this port is already in use … but you can choose a different one … e.g. port 8022 -> -p 8022:22

But, if you just want to directly access the container, there’s no need to run a sshd inside every single container. Just access them diretly via:

docker exec -it < container ID> /bin/bash

This will launch a bash shell inside the container so you’ll have acces to all the files inside.
(assuming a Ubuntu/RHEL/CentOS base image …)

Thanks for the reply…

I got what you are saying…But actually my question is:

can’t we configure ssh and some web servers in the samecontainer so that i am able to expose sth 2927:22 for my ssh and 8080:80 for my webservices such as using apache…and So that i will be able to ssh into that container from outside the host and will be also able to surf my some kind of websites through that apache hosted. using x.x.x.x:8080

I am talking about installing both ssh and webservers in the same container and exposing port such as 22 and 8080 respectively… and accessing from outside host…so that i need not have to login to host everytime to access my containers…

Is this possible??

Ah, now I get it. Yes that’s no problem.
Depending on your base-image you’ll need to add the installation of your webserver and ssh-daemon inside the Dockerfile. And afterwards expose their respective ports.
For example:

FROM ubuntu:latest
RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install nginx openssh-server
COPY ./myHtmlPages /var/www/html
COPY nginx.conf /etc/nginx/nginx.conf
CMD [‘nginx’, ‘-g’, ‘daemon off;’]

Then launch the container:

docker run --name myCombinedContainer -p 22:22 -p x.x.x.x:8080:80 -d < image ID>

This config is of course a “quick and dirty - for demonstration purpose only” thing … You’ll have to add the appropriate config files for your services and (if necessary) plan addition volumes if you need persistent files/data …

ok so you are saying if we want to run both one in the same container , we have to modify the base-image maually by ourself??? Can’t we install ssh services and some webserver like apache directly inside the container as we used to do in LXC…sorry i have used LXC alot so i am expecting docker somewhat similar like that…may be i am wrong about this…

so ok after adding the abov config, will i be able to expose the ports simultaneously for both ssh and web servers like:

For ssh:
sudo docker run -it -d --name TEST -p 2927:22 centos

For webservice:

sudo docker run -it -d --name TEST -p 8080:80 centos

Assuming that name of container is TEST and the base-image is centos.

so it’s ok for the first command i.e. for ssh
as soon as i enter the second command for webserver it will popup the TEST container has been already configured… so how can i expose the port 22 and 8080 for that container named TEST simultaneously…that’s what i am facing problem…did you get my question now?

ok … there’s a difference between a “base-image” and an “image” in your local docker repository.

Usually you get your base images from dockerhub or a specific vendor.
Based on this base-image, you may add additional stuff … for instance: other services (like sshd, apache or python) or your own application.
There’re are alreayd “optimized” base-images for python, java, mariadb or apache images available (even smaller in size )
But you also can take an OS base-image (ubuntu/centos/alpine …) and add stuff to it.

In order to do so you create a Dockerfile. Here you first specify your base image and then all the stuff, files and configs you want to include. Afterwards you run (e.g.) "docker build --tag myStuff ." to build the local image.
Now you “run” that image which creates the container … The Container is “the instance” … that piece of SW floating around your memory :wink:

With the “run” command you also specify which ports get mapped to the “outside world” (your host)

sir thanks for alot of information but sorry i am still not getting the answer of my question…

ok this command is fine as i will use it when it want to expose both ports for ssh and webservice simultaneously like below as you told.

docker run --name myCombinedContainer -p 22:22 -p x.x.x.x:8080:80 -d < image ID>

But what i want to expose another port for some other services for that existing container already configured as ssh and webservice within i?? sorry for my slow learning process…i am totally unknown about the docker so i am asking you alot of questions…

No problem … we all started small :wink:

So If I understand you correctly … You’ve an already running container and you want to additionally expose another (or multiple) ports ?

That is not possible. You’d have to stop the container and run a new one with the additionyl ports exposed …

@arn16: please be aware that a container does NOT boot an os. The OS base image are merly a set of binaries, libraries and config files that make up the core of the OS. When a container is started from an image it does not start any os services or anything else than the defined entrypoint script or command from the Dockerfile. You will need to write an entrypoint script that starts all services you require from within the entrypoint script; usualy people use them to apply ENV variables to config files before starting the main process of the container.

Ok thanks got it…:slightly_smiling_face::slightly_smiling_face::slightly_smiling_face::slightly_smiling_face:

Thanks for the suggestion.