Bobcares

How to expose docker ports to make your containers externally accessible

by | Dec 26, 2016

Virtualization using Docker containers has gained popularity in application hosting, owing to its light-weight design and fast-deployment features.

Docker architecture is in such a way that the containers can connect to the outside world by default. But you cannot access the container directly from outside.

While disabling external access is a good security measure, there maybe many instances where you need to access the container data from outside, such as application testing, website hosting and so on.

Setup and manage your Docker system

GET IN TOUCH WITH THE DOCKER EXPERTS NOW!

 

To allow external access to Docker containers, you would have to expose their ports by mapping a container’s port to an external port in the host. Today we’ll see how to expose docker ports to make them accessible from the internet.

 

What is port binding in Docker?

Suppose you want to run an NginX web server application in your Docker container. You can install the nginx image and start a container but you cannot directly access it from outside network.

Docker containers have an internal network and each container is associated with an IP address that can be accessed from the Docker host machine.

Being internal IP, this IP cannot be used to access the containers from external network. But the Docker host machine’s main IP is accessible from outside.

For a webserver application, you’d obviously need to enable user access to it from the external network. So, the solution we use is to bind the internal port 80 of the Docker container to a port on the host machine, say 9000.

With this port forwarding or port binding feature, users can access the webserver at container port 80 using the host machine port 9000. Users may not even notice this backend forwarding while accessing the webserver.

[ Are your spending too much time managing your Docker containers? Our Docker experts take care of your infrastructure and ensure its smooth functioning. ]

 

How to expose docker ports during container creation

Exposing Docker ports can be done using the ‘-p’ option with ‘docker run’ command to bind the port when launching the container:

docker run -d -p 9090:80 -t nginx

This command will create a container with the image ‘nginx’ and bind the container’s port 80 to the host machine’s port 9090.

You can verify this using ‘docker ps‘ command:

 

docker port expose - create container

Expose Docker port during container creation

 

To see the port bindings of a specific container, use the ‘docker inspect [container-id]’ command:

 

docker port expose - binding ports

Port bindings of container

 

Once the port exposure is complete and the container is up and running, the internal port 80 of the container can be accessed using the host machine IP and port, at http://host-ip-address:9090/ .

[ Running a Docker infrastructure doesn’t have to be hard, or costly. Get world class Docker management services at affordable pricing. ]

 

How to expose multiple docker ports

We saw how mapping one container port to one host port is done during container creation. But this one-one mapping may not be feasible in the case of a multiple container setup where it is not practical to allot one host port dedicated to a container.

In such instances, it is possible to map a range of ports in the docker host to a container port, using the command:

docker run -d -p 7000-8000:4000 web-app 

This would bind port 4000 in the container to a random port between 7000 and 8000 on the host, depending upon the port that is available in the host at that time.

To update Docker regarding the ports that the container listens on, the parameter ‘EXPOSE’ can be set in Dockerfile:

EXPOSE <CONTAINERPORT>

Expose Docker port to a single host interface

By default, the ‘-p’ flag will bind the specified port to all the network interfaces on the host machine. But this may not be required in all scenarios and there may be cases where need to restrict the port binding to a single interface – say, localhost – only.

This can be done by mapping the container port to the host port at a particular interface, as follows:

docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT -t image

The command ‘docker port [container-id]’ can be used to see the port mapping of a particular container.

 

docker port expose - Identify container port mapping

Verify container port mapping

 

Expose docker ports randomly during build time

To randomly map any network port inside a container to a port in the Docker host, the ‘-P’ option can be used in ‘docker run’:

 docker run -d -P webapp 

To see the port mapping for this container, you can use ‘docker ps’ command after creating the container.

 

Docker port expose - container ports

Docker container ports

Summary

Today we saw how to make the Docker containers accessible from outside, using the ‘docker port expose’ method. But port mapping is not a trivial task and should be done with utmost care to avoid conflicts.

Firewall rules would also have to be configured to block unauthorized access and to ensure container security. The ports assigned for containers would vary depending on the application running in it and the business purpose served.

If you’d like to know how to manage your Docker system and to get the best out of them for your business, we’d be happy to talk to you.

 

Do you provide Docker hosting services?

Wish you had more time to focus on your business? Let us help you.

Our engineers will assist you to setup, monitor and manage your Docker infrastructure 24/7.

GET IN TOUCH WITH THE EXPERTS NOW!

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

2 Comments

  1. larrybud

    how do you go the other way: To access a port outside of a docker container on another machine?

    Reply
    • Hiba Razak

      Hi,
      Please contact our support through live chat(click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF