Docker Community Forums

Share and learn in the Docker community.

How to do port mapping to local ip address only? (

(Eduard Camaj) #1


there is no option on to run a service (container) with port mapped to

If you write it like that, it tries to map it to 127, which is wrong.

Any ideas?


(Luc Heinrich) #2

I have the same problem. I want/need to access a container from the node itself but Docker only seems to allow mapping ports either between multiple containers or between a container and the outside world.

Actually, that’s only one part of my problem, what I really want is being able to create an SSH tunnel between my local machine and a container running on a Docker Cloud node.

Any idea ?

(Think) #3

ssh tunnel sounds like you want to misuse docker as a virtual machine. Why not directly use a virtual machine instead?

also cannot understand why you want to deploy something public and then access it just from your machine? Once it’s deployed public, access it the public way. Otherwise deploy it private.

(Luc Heinrich) #4

My stack is composed of 5 containers and only one of them is publicly accessible, all the others are private (database, caches, misc services, etc). I am trying to access one of the private ones, which I would obviously like to keep private. The SSH tunnel would be the icing on the cake because it would allow me to use a local GUI management tool rather than SSHing to the node and be limited to the CLI.

But reasons aside, this is something that should be possible since Docker has options to map ports and bind to localhost, which the Docker Cloud interface apparently doesn’t allow for some unknown reason.

The workaround I am currently using is to manually SSH to the node then manually run a TCP proxy container there (currently using demandbase/docker-tcp-proxy) with a port mapped and bound to localhost. This allows access to the private container both from the node and remotely using an SSH tunnel.

(Oninoshiko) #5

I’m in a similer boat as @Lucsky. what I really want is a want is a way to say something like:

docker tunnel containername 8080:8081

and have it make it so anything going to localhost:8081 is then forwarded to whatever is on the dockercontainer’s 8080. As it stands, the only way I can achieve this effect is to include a full ssh daemon in the container, and expose it to the world. That seems both excessive, and a security risk for things that don’t need to be exposed.