Docker Community Forums

Share and learn in the Docker community.

Dockerd listening on forwarded port

docker

(Chris2018abcxxx) #1
  • Issue type question about networking

  • OS Version/build Ubuntu 18.04.1 LTS,

  • App version Docker 18.06.1~ce~3-0~ubuntu

  • Steps to reproduce

  • git clone "https://github.com/sebastianbrosch/docker-stack-web-server.git"

  • docker swarm init

  • docker build -t php7.2-mysql ./service-php

  • docker stack deploy -c docker-compose.yml example

Why is dockerd listening on the Host Port 80 and why is there also an iptables rule forwarding to nginx? Is dockerd internally also forwarding? Is the iptables rule required?

dockerd is listening on port 80:

State                        Recv-Q                    Send-Q                                                Local Address:Port                                            Peer Address:Port 
LISTEN                       1                         128                                                               *:http                                                       *:*                         users:(("dockerd",pid=703,fd=35)) 

root       703     1  0 08:29 ?        00:01:34 /usr/bin/dockerd -H fd://

Additionally, there’s an iptables rule forwarding to the container:

	Chain DOCKER-INGRESS (2 references)
	pkts bytes target     prot opt in     out     source               destination         
	2   120 DNAT       tcp  --  any    any     anywhere             anywhere             tcp dpt:http to:	172.18.0.2:80
	1947  120K RETURN     all  --  any    any     anywhere             anywhere  

docker-compose.yml:

version: "3"

services:
  nginx-example:
    image: nginx:1.13-alpine
    ports:
      - "80:80"
    volumes:
      - ./www:/www
      - ./config/site.conf:/etc/nginx/conf.d/000-site.conf
  php-example:
    image: php7.2-mysql:latest
    volumes:
      - ./www:/www
  mysql-example:
    image: mysql:5.7
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"

Thank you in advance.


(Chris2018abcxxx) #2

you can delete this topic. seems to be a userland proxy, now called dockerd