Bootstrap FreeKB - Docker - Open ports in a container using the -p or --publish option
Docker - Open ports in a container using the -p or --publish option
Updated:   |  Docker articles

When creating a container using the docker run command, the -p or --publish option can be used to declare the ports that will be used between the Docker server and the container, which adds a rule to iptables to allow the port.

In this example, a container is created using the my-org/my-image:0.0.1 image, and a port mapping is created with port 12345 in the Docker container to HTTP port 80 on the Docker host.

docker run --publish 12345:80 --name my-container my-org/my-image:0.0.1

 

The docker container ls command should have the following, which shows a port mapping from port 12345 in the Docker container to port 8080 on the Docker host, with both IPv4 and IPv6.

~]$ sudo docker container ls -a
CONTAINER ID   IMAGE                   COMMAND                  CREATED         STATUS         PORTS                                     NAMES
36b88john.doe   my-org/my-image:0.0.1   "/entrypoint.sh /sta…"   4 seconds ago   Up 3 seconds   10.11.12.13:12345->80/tcp, :::12345->80/tcp   my-container

 

The iptables --list --numeric command should show the port is allowed on the Docker host.

~]# iptables --list --numeric
Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  10.11.12.13/0            172.17.0.3           tcp dpt:80

 

In this example, the my-org/my-image:0.0.1 image is a dummy testing app that simply returns Hello World, thus cURL can be used to see if the app in the container returns Hello World using the container port 12345.

~]$ curl localhost:12345
Hello World

 

IP address 0.0.0.0 can be included if you only want to use IPv4.

docker run --publish 0.0.0.0:12345:80 --name my-container my-org/my-image:0.0.1

 

The docker container ls command should have the following, which shows a port mapping from port 12345 in the Docker container to port 8080 on the Docker host, with only IPv4.

~]$ sudo docker container ls -a
CONTAINER ID   IMAGE                   COMMAND                  CREATED         STATUS         PORTS                     NAMES
36b88john.doe   my-org/my-image:0.0.1   "/entrypoint.sh /sta…"   4 seconds ago   Up 3 seconds   0.0.0.0:8080->12345/tcp   my-container

 

If the container already exists, the docker update command can be used and create a port mapping between the container and the Docker host.

sudo docker update --publish 172.17.0.1:8080:172.20.0.1:1337 my-container

 

It is also noteworthy that a port can be exposed when building an image from a Dockerfile. This does NOT add a rule to iptables to allow the port, meaning you will still need to use the -p or --publish option when using the docker run command to create the container from the image.

EXPOSE 1337/tcp

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 81d3e9 in the box below so that we can be sure you are a human.