Docker Community Forums

Share and learn in the Docker community.

Unable to block port access

(Kkarun) #1

My query is regarding the ‘expose’ port option in the docker-compose. As per documentation this will only expose the port within the docker network and external applications running in the host machine will not be able to access this.

But I am finding that this assumption is not true and we can access this port if used with the IP address of the container instead of localhost.

The sample docker-compose.yml looks like below:

version: ‘3’


    hostname: httpserver
      context: .
    command: bash -c "/etc/init.d/apache2 start ; sleep 100000"
      - 80

After starting this up, if I use : wget http://localhost:80 it doesn’t work.
But if I give : wget where is the docker assigned IP address, it works and gets the index page.

The Dockerfile is

FROM debian
RUN apt-get update; apt-get install -y apache2

I would like to understand if there is a way to block this port so that it is accessible only to containers within the compose and not accessible to other applications running in the host machine.