Expose containers with the same port outside the swarm

Hello everyone,

I try to find a good solution to provide application containers to clients.

Those containers could be postgresql containers and I would like that all the clients could get access from outside the swarm to those containers thanks to URL:5432.

So the problem here is that all the clients can access to their container with the same port and the only thing changing is the URL…
For example:
Client 1 => a:5432
Client 2 => b:5432
On the same swarm.

Thanks a lot !

if you in swarm map one port to the outside, then it is accessible from all clients.

so if you map 5432 to outside, you could equally access client1:5432 and client2:5432.
The traffic will be than proxied to the place where the service is running. Transparent for the user.


Thank you for your answer but I know that and the problem here is that client1:5432 and client2:5432 will give access to the same service.

In my case every client has the its own service soclient1:5432 => service1 and client2:5432 => service2 where app1 and app2 are two services on the swarm.


I think there’s a few ways to go about doing this, but none might be quite seamless or feasible:

  1. On your services, use the long syntax for publishing your ports, and explicitly set the value of “mode” to “host”. In that way, you can have at most one serviceport per swarm node (as opposed to the one service port per swarm cluster that you have now).

  2. Publish different ports on your duplicated services, and then run a separate set of Load Balancers/Proxies in front of your infrastructure that responds to client:5432 and forwards the requests to their respective published ports. Of course those load balancers/proxies must have their own IP addresses as you can’t expose multiple of the same port on a single IP address (how would it know where to send them?)


Thanks for this reply!
publishing your ports, and explicitly set the value of “mode” to “host”
will fix the issue I have too!
Great to know that in a Swarm, ports can still be bound to a host instead of the cluster (default).
Life will really get better when docker version 17.06.0-ce is released.
Bug was fixed: https://github.com/moby/moby/issues/31249