Docker Community Forums

Share and learn in the Docker community.

Introducing docker stealthmode and need for detemining ip-address of xhyve VM


(Rick Peters) #1

One of the nice things about using docker-machine and boot2docker is that it makes the difference between the docker-daemon and the localhost machine very clear. This helps later on when you start deploying your containers to a remote environment. Yes it adds complexity for the (beginning) user, however in the long run you will have to learn how it works anyway.

I like the transparency of the native docker implementation, it’s very easy however it does introduce direct (security) risks because exposed ports are by default exposed on you machine and thus on the network on which your connected?

I tried putting docker for mac more in a stealthmode by using pinata set native/port-forwarding false and that works fine.

But now I very much need to be able to know the ip-address of the local xhyve vm and since docker.local is not available anymore and wasn’t always stable in earlier beta’s I just would like a command for determining the address reliably.

something like pinata get native/ip-address would be great.

As a workaround I added some tips together and now use:

export DOCKER_VM_IP=`docker run --rm --net host alpine ip addr show eth0 | sed -En "s/^.*inet (.+)\/.*$/\1/p"`

but that’s to difficult in my opinion and dependent on running a container. Nice part is that it also works when using docker-machine and having a docker TLS connection configured.


(Rob Landers) #2

This is true in docker, in linux. If you need to run a container that binds to a specific interface:

docker run -p 127.0.0.1:5000:5000 to limit it to one interface. However, localhost to the daemon is not localhost to your machine

Hopefully they can fix this soon…