My query is regarding the ‘expose’ port option in the docker-compose. As per documentation this will only expose the port within the docker network and external applications running in the host machine will not be able to access this.
But I am finding that this assumption is not true and we can access this port if used with the IP address of the container instead of localhost.
The sample docker-compose.yml looks like below:
services: httpserver: hostname: httpserver build: context: . command: bash -c "/etc/init.d/apache2 start ; sleep 100000" expose: - 80
After starting this up, if I use : wget http://localhost:80 it doesn’t work.
But if I give : wget http://172.19.0.2:80 where 172.19.0.2 is the docker assigned IP address, it works and gets the index page.
The Dockerfile is
FROM debian EXPOSE 80 RUN apt-get update; apt-get install -y apache2
I would like to understand if there is a way to block this port so that it is accessible only to containers within the compose and not accessible to other applications running in the host machine.