Docker services listen on host network interface

Hi all,
I’m a docker newbie, this is my environment : CentOS Linux release 7.4.1708 (Core) + Docker version 18.03.1-ce, build 9ee9f40 .
My host eth0 network interface ip : 192.168.0.124
I create stack with 3 services : nginx, php-fpm, mariadb and make them running together. Here my configuration

docker-compose.yml
version: "3.3"
services:
  php-fpm70:
    image: php-fpm70
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    configs:
# map www.conf from host to php-fpm container to change port from 9000 to 9003
      - source: www.conf.1
        target: /etc/opt/rh/rh-php70/php-fpm.d/www.conf
    volumes:
      - /opt/www:/opt/www
      - /var/lib/mysql:/var/lib/mysql
    ports:
      - "9003:9003"
    networks:
      - webnet
  web:
    image: nginx
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    volumes:
# websites source code
      - /opt/www:/opt/www
# nginx virtual host config
      - /opt/nginx/conf.d:/etc/nginx/conf.d
      - /var/log/nginx:/var/log/nginx
      - /var/lib/mysql:/var/lib/mysql
    ports:
      - "80:80"
      - "443:443"
    networks:
      - webnet
  mariadb:
    image: mariadb
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    environment:
      MYSQL_ROOT_PASSWORD: ***
    configs:
      - source: my.cnf
        target: /etc/my.cnf
    volumes:
# mariadb datadir
      - /var/lib/mysql:/var/lib/mysql
      - /opt/mariadb/my.cnf.d:/etc/my.cnf.d
    ports:
      - "3306:3306"
    networks:
      - webnet

configs:
  www.conf.1:
    file: /opt/php-fpm70/www.conf
  my.cnf:
    file: /opt/mariadb/my.cnf

networks:
   webnet:
/opt/nginx/conf.d/test.conf
server {
        listen 80;
        server_name test.mydomain.com;
    access_log /var/log/nginx/test/access.log;
    error_log /var/log/nginx/test/error.log;
    root /opt/www/test/;
    gzip  on;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied off;
gzip_types text/plain text/css application/xml+html application/javascript image/jpeg image/x-icon image/gif image/png video/jpeg;
gzip_disable "MSIE [1-6]\.";

index index.html index.htm index.php;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-fpm70:9003;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

/opt/mariadb/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
#bind-address = 192.168.0.124
[mysqld_safe]
log-error=/var/lib/mysql/mariadb.log
pid-file=/var/lib/mysql/mariadb.pid
!includedir /etc/my.cnf.d

/opt/www/test/abc.php
<?php
$servername = "mariadb";
$username = "root";
$password = "***";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
docker stack deploy -c docker-compose.yml getstartedlab
docker service ls
ID                  NAME                      MODE                REPLICAS            IMAGE               PORTS
ugibxe1c4o76        getstartedlab_mariadb     replicated          1/1                 mariadb:latest      *:3306->3306/tcp
p489hfezvwlw        getstartedlab_php-fpm70   replicated          1/1                 php-fpm70:latest    *:9003->9003/tcp
du2fpdpev154        getstartedlab_web         replicated          1/1                 nginx:latest        *:80->80/tcp, *:443->443/tcp

I can access to test.mydomain.com → “Welcome to nginx” , test.mydomain.com/index.php → show phpinfo. But I cannot access to test.mydomain.com/abc.php → “Connected successfully"

 netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      998/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1218/master
tcp6       0      0 :::9003                 :::*                    LISTEN      1320/dockerd
tcp6       0      0 :::80                   :::*                    LISTEN      1320/dockerd
tcp6       0      0 :::22                   :::*                    LISTEN      998/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1218/master
tcp6       0      0 :::443                  :::*                    LISTEN      1320/dockerd
tcp6       0      0 :::2377                 :::*                    LISTEN      1320/dockerd
tcp6       0      0 :::3306                 :::*                    LISTEN      1320/dockerd
tcp6       0      0 :::7946                 :::*                    LISTEN      1320/dockerd
udp        0      0 0.0.0.0:4789            0.0.0.0:*                           -
udp6       0      0 :::7946                 :::*                                1320/dockerd

 ps aux | grep nginx
root     26446  0.0  0.0  36824  3304 ?        Ss   12:02   0:00 nginx: master process nginx -g daemon off;
101      26562  0.0  0.0  37276  2220 ?        S    12:02   0:00 nginx: worker process

ps aux | grep php-fpm
root     26263  0.0  0.1 298928 18308 ?        Ss   12:02   0:00 php-fpm: master process (/etc/opt/rh/rh-php70/php-fpm.conf)
apache   26366  0.0  0.0 301004 10796 ?        S    12:02   0:00 php-fpm: pool www
apache   26367  0.0  0.0 298928  9304 ?        S    12:02   0:00 php-fpm: pool www
apache   26368  0.0  0.0 298928  9308 ?        S    12:02   0:00 php-fpm: pool www
apache   26369  0.0  0.0 298928  9304 ?        S    12:02   0:00 php-fpm: pool www
apache   26370  0.0  0.0 298928  9308 ?        S    12:02   0:00 php-fpm: pool www

ps aux | grep mysql
polkitd  26046  0.0  0.6 1989536 106020 ?      Ssl  12:02   0:05 mysqld
docker service inspect getstartedlab_web
[
    {
        "ID": "2v9cdy0k2v36vepjwtl14lced",
        "Version": {
            "Index": 3701
        },
        "CreatedAt": "2018-07-05T05:02:16.470349059Z",
        "UpdatedAt": "2018-07-05T05:02:16.494103979Z",
        "Spec": {
            "Name": "getstartedlab_web",
            "Labels": {
                "com.docker.stack.image": "nginx",
                "com.docker.stack.namespace": "getstartedlab"
            },
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "nginx:latest@sha256:2cf71a9320ea65566c0738e87400407aaffd8dd11a411ceb2f2b585ad513469e",
                    "Labels": {
                        "com.docker.stack.namespace": "getstartedlab"
                    },
                    "Privileges": {
                        "CredentialSpec": null,
                        "SELinuxContext": null
                    },
                    "Mounts": [
                        {
                            "Type": "bind",
                            "Source": "/opt/www",
                            "Target": "/opt/www"
                        },
                        {
                            "Type": "bind",
                            "Source": "/opt/nginx/conf.d",
                            "Target": "/etc/nginx/conf.d"
                        },
                        {
                            "Type": "bind",
                            "Source": "/var/log/nginx",
                            "Target": "/var/log/nginx"
                        },
                        {
                            "Type": "bind",
                            "Source": "/var/lib/mysql",
                            "Target": "/var/lib/mysql"
                        }
                    ],
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Isolation": "default"
                },
                "Resources": {},
                "RestartPolicy": {
                    "Condition": "on-failure",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {
                    "Platforms": [
                        {
                            "Architecture": "amd64",
                            "OS": "linux"
                        },
                        {
                            "OS": "linux"
                        },
                        {
                            "Architecture": "arm64",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "386",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "ppc64le",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "s390x",
                            "OS": "linux"
                        }
                    ]
                },
                "Networks": [
                    {
                        "Target": "yzrbcgwqfjk2scbuirvqczdqs",
                        "Aliases": [
                            "web"
                        ]
                    }
                ],
                "ForceUpdate": 0,
                "Runtime": "container"
            },
            "Mode": {
                "Replicated": {
                    "Replicas": 1
                }
            },
            "UpdateConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "RollbackConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "EndpointSpec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 80,
                        "PublishedPort": 80,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 443,
                        "PublishedPort": 443,
                        "PublishMode": "ingress"
                    }
                ]
            }
        },
        "Endpoint": {
            "Spec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 80,
                        "PublishedPort": 80,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 443,
                        "PublishedPort": 443,
                        "PublishMode": "ingress"
                    }
                ]
            },
            "Ports": [
                {
                    "Protocol": "tcp",
                    "TargetPort": 80,
                    "PublishedPort": 80,
                    "PublishMode": "ingress"
                },
                {
                    "Protocol": "tcp",
                    "TargetPort": 443,
                    "PublishedPort": 443,
                    "PublishMode": "ingress"
                }
            ],
            "VirtualIPs": [
                {
                    "NetworkID": "ktub04rx2lr2h3jrmcf40qf91",
                    "Addr": "10.255.1.140/16"
                },
                {
                    "NetworkID": "yzrbcgwqfjk2scbuirvqczdqs",
                    "Addr": "10.0.0.7/24"
                }
            ]
        }
    }
]

docker service inspect getstartedlab_mariadb
[
    {
        "ID": "u0xoj5q2m9hoqkl1ygf1y0b5w",
        "Version": {
            "Index": 3732
        },
        "CreatedAt": "2018-07-05T07:04:50.246336862Z",
        "UpdatedAt": "2018-07-05T07:04:50.260515986Z",
        "Spec": {
            "Name": "getstartedlab_mariadb",
            "Labels": {
                "com.docker.stack.image": "mariadb",
                "com.docker.stack.namespace": "getstartedlab"
            },
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "mariadb:latest@sha256:f2085c2176ba6294cf73033b344a420faa2ddae1b97b6795c101552e86284ba3",
                    "Labels": {
                        "com.docker.stack.namespace": "getstartedlab"
                    },
                    "Env": [
                        "MYSQL_ROOT_PASSWORD=***"
                    ],
                    "Privileges": {
                        "CredentialSpec": null,
                        "SELinuxContext": null
                    },
                    "Mounts": [
                        {
                            "Type": "bind",
                            "Source": "/var/lib/mysql",
                            "Target": "/var/lib/mysql"
                        },
                        {
                            "Type": "bind",
                            "Source": "/opt/mariadb/my.cnf.d",
                            "Target": "/etc/my.cnf.d"
                        }
                    ],
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Configs": [
                        {
                            "File": {
                                "Name": "/etc/my.cnf",
                                "UID": "0",
                                "GID": "0",
                                "Mode": 292
                            },
                            "ConfigID": "okla3dba2a6jstqd909jtk6hg",
                            "ConfigName": "getstartedlab_my.cnf"
                        }
                    ],
                    "Isolation": "default"
                },
                "Resources": {},
                "RestartPolicy": {
                    "Condition": "on-failure",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {
                    "Platforms": [
                        {
                            "Architecture": "amd64",
                            "OS": "linux"
                        }
                    ]
                },
                "Networks": [
                    {
                        "Target": "6e8mpxsm9xi3mfnihny0nwiqr",
                        "Aliases": [
                            "mariadb"
                        ]
                    }
                ],
                "ForceUpdate": 0,
                "Runtime": "container"
            },
            "Mode": {
                "Replicated": {
                    "Replicas": 1
                }
            },
            "UpdateConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "RollbackConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "EndpointSpec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 3306,
                        "PublishedPort": 3306,
                        "PublishMode": "ingress"
                    }
                ]
            }
        },
        "Endpoint": {
            "Spec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 3306,
                        "PublishedPort": 3306,
                        "PublishMode": "ingress"
                    }
                ]
            },
            "Ports": [
                {
                    "Protocol": "tcp",
                    "TargetPort": 3306,
                    "PublishedPort": 3306,
                    "PublishMode": "ingress"
                }
            ],
            "VirtualIPs": [
                {
                    "NetworkID": "ktub04rx2lr2h3jrmcf40qf91",
                    "Addr": "10.255.1.142/16"
                },
                {
                    "NetworkID": "6e8mpxsm9xi3mfnihny0nwiqr",
                    "Addr": "10.0.0.3/24"
                }
            ]
        }
    }
]

From remote client I can telnet 192.168.0.124 port 80 or 3306. Now I have a fool question if I can make nginx and mariadb container use my host network interface eth0 192.168.0.124 for listening ?
If I add “bind-address = 192.168.0.124” into my.cnf , I cannot access to test.mydomain.com/abc.php → “bind-address = Warning: mysqli::__construct(): (HY000/2002): Connection refused in /opt/www/test/abc.php on line 7
Connection failed: Connection refused” , I cannot telnet 192.168.0.124 3306 from remote client anymore.
If I change listen “192.168.0.124:80;” in test.conf , stop and start stack again, nginx service cannot be started

docker service ls
ID                  NAME                      MODE                REPLICAS            IMAGE               PORTS
qmi9t9p8d1gh        getstartedlab_mariadb     replicated          1/1                 mariadb:latest      *:3306->3306/tcp
6zjrc9px5yzx        getstartedlab_php-fpm70   replicated          1/1                 php-fpm70:latest    *:9003->9003/tcp
b0l9e235850g        getstartedlab_web         replicated          0/1                 nginx:latest        *:80->80/tcp, *:443->443/tcp

Please give me some advice, thank you very much.

I tried with docker-compose.yml

networks:
  webnet:
    ipv4_address: 192.168.0.124

but it doesn’t work

docker stack deploy -c docker-compose.yml getstartedlab
ipv4_address Additional property ipv4_address is not allowed

Can anyone give me some help ?