Docker Community Forums

Share and learn in the Docker community.

Docker reverse proxy to a container with host networking

Hello all.

I’m generally pretty comfortable with Docker, but I need to do something that has me stumped.

I have a Traefik server running in a Docker container that listens on ports 80 and 443 of the host. I use this container to reverse proxy to a variety of other services all running in Docker containers as well.

Now, however, I am adding a new service that, for a variety of reasons, needs to run using host network mode. I want this service to be accessible via a subdomain on port 443. The service itself listens on port 8192 on the host. So what I need to do is simply set up a reverse proxy from myservice.mydomain.com to 0.0.0.0:8192 on the host.

I am not sure how to do this. How can I proxy traffic from with a non-host mode container (my Traefik reverse proxy) to a port on the host’s network stack? More generally, how can I write data to a port on the host from within a Docker container? Is this even possible?

Thanks for your help.

Ok so this actually ended up being fairly straightforward. The host machine is visible within the Docker container at the IP address assigned to the docker0 network interface. So all I had to do set up the reverse proxy was write the data to that IP address on port 8192 from within the container.

According to this thread, on macOS and Windows the host machine has a static hostname within the containers, but this doesn’t seem to exist on Linux hosts (peculiar).

Whetever you do, never ever use the container ip to communicate with a container. Never!

If your container uses the host network it shares the host’s namespace for networks - network-wise the container acts like a process directly run on the host. Since you alread use the host’s network, I hope the ip address you mention above is the host’s ip address and not the containers ip address…

Since you alread use the host’s network, I hope the ip address you mention above is the host’s ip address and not the containers ip address…

Yes this is the case. The IP address I’m using is taken from the result of running

ip addr show dev docker0

on the host. In my case, that is 172.17.0.1. This is the IP address of the host, not of any container.

Using the static ip of the interface for the docker0 bridge is a valid solution.
Though, you could have used any of the host’s interface ips, except localhost.

Now you should have a config folder on your host. Changing to that directory, you should see a bunch of different files and a folder called conf.d. It’s inside conf.d that all your configuration files will be placed. Right now there’s a single default.conf file, you can go ahead and delete that.

Still inside conf.d, create two folders: sites-available and sites-enabled. Navigate into sites-available and create your first configuration file. Here we’re going to setup an entry for Plex, but feel free to use another service that you have set up if you like. It doesn’t really matter what the file is called, however I prefer to name it like plex.conf.

Now open the file, and enter the following:

upstream plex {
server plex:32400;
}

server {
listen 80;
server_name plex.example.com;

location / {
proxy_pass http://plex;
}
}
Go into the sites-enabled directory, and enter the following command:

ln -s …/sites-available/plex.conf .
This will create a symbolic link to the file in the other folder. Now there’s only one thing left, and that is to change the nginx.conf file in the config folder. If you open the file, you should see the following as the last line:

include /etc/nginx/conf.d/*.conf;
Change that to:

include /etc/nginx/conf.d/sites-enabled/*.conf;
In order to get the reverse proxy to actually work, we need to reload the nginx service inside the container. From the host, run docker exec nginx -t. This will run a syntax checker against your configuration files. This should output that the syntax is ok. Now run docker exec nginx -s reload. This will send a signal to the nginx process that it should reload, and congratulations! You now have a running reverse proxy, and should be able to access your server at plex.example.com (assuming that you have forwarded port 80 to your host in your router).