The docker compose reference, 3.2, defines port mode as the following: “mode: host for publishing a host port on each node, or ingress for a swarm mode port to be load balanced.” However, publishing ports using the host mode results in “connection refused” via netcat, etc. Note, the port can be connected to via localhost/127.0.0.1 from the machine on which the container is running and the service is listening on target port within the container. The container does appear to map the port correctly - 0.0.0.0:XXXX->YYYY/tcp - to the host at 0.0.0.0 and not 127.0.0.1 as verified by 'docker ps -a ’ and 'docker inspect '. The following is an example of a published port in the docker compose 3.2 file:
ports:
- target: 8912
published: 8912
protocol: tcp
mode: host
The overlay network is needed for normal service communication. The host ports are needed for external container monitoring software, e.g., which requires direct access to each container (not the service).
Why are the published ports to the host this not working as defined?
The following is the relevant docker info:
Server Version: 18.03.1-ce
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: odi9elwexmd6fqmkg02m4akic
Is Manager: false
Node Address: 10.0.0.14
Manager Addresses:
10.0.0.9:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.15.10-300.fc27.x86_64
Operating System: Fedora 27 (Atomic Host)