10

I have a setup where I run all parts of my website in docker containers. My nginx that listens on port 80 and 443 run in a container. 

363292a98545 scivm/nginx-django-scivmcom:latest /usr/bin/supervisord 12 days ago Ghost 0.0.0.0:40001->22/tcp, 88.198.57.112:443->443/tcp, 88.198.57.112:80->80/tcp lonely_feynmann

I want to set up a proxy to a service in another container. This container is bound to port 3000 on the host:

b38c8ef72d0a mazzolino/strider-dind:latest wrapdocker /usr/bin/ 41 minutes ago Up 41 minutes 0.0.0.0:3000->3000/tcp, 22/tcp, 27017/tcp distracted_einstein

My iptables on the docker host look like this:

root@Ubuntu-1204-precise-64-minimal /var/run # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:8000 DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination

From within the container, I am unable to connect to port 3000 on the host machine due to the iptables configuration.

I don't want to open port 3000 to the public internet.

Is there a way to open a direct bridge between the container and the host on port 3000?

Or should I modify my iptables to accept from the docker ip range?

Improve this question

2 Answers 2

Reset to default
5

All you need is Docker's link capabilities [deprecated]

Just get rid of all the complicated stuff you tried to do and start using named containers and then link them to each other.

Improve this answer
4
  • I took a look at docker link capabilities but if I understand correctly it has some issues. 1. If the child is restarted it will get a new ip address. Then all the parents of that child would need to be restarted also to get the new environment varilabes. 2. I have to add logic to my application to read those environment variables in order to make connections. Commented Dec 25, 2013 at 7:13
  • A restarted container (docker restart your_container) should keep it's IP address. Only if you run a new container based on a given image, it will get a new IP (docker run -d image command). Commented Dec 29, 2013 at 15:07
  • 2
    That used to be true, but at least as of docker 1.0 a "docker restart" gives the container a new ip address. Just hit this in some scripts that relied on previous behavior of the ip not changing. Commented Jun 13, 2014 at 21:27
  • 1
    While I think this is probably the right thing for the OP to do, I came here looking for an answer to the question as put. i.e. how to link to a service on the host. Commented Dec 26, 2014 at 4:43
3

Elias's answer is correct, but the link is long and confusing. Here's a simple summary:

First, run the container to link to, and name it:

sudo docker run -d --name db training/postgres

Then run the other container, linking it to the first container:

sudo docker run -d -P --name web --link db:db training/webapp python app.py

The link from the first container to the second container is put into /etc/hosts. So you can use it like a hostname. For example:

sudo docker run --name web --link db:db training/webapp ping db
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.