snippetMinor
How to access a container/service port in swarm without publishing the port to the outside world?
Viewed 0 times
swarmwithoutthecontainerhowpublishingserviceoutsideworldport
Problem
It is possible to docker-compose to forward a port to the container from
In docker swarm this does not work and the published port is visible from the internet.
How then can I access the container port only from localhost without opening the port to the internet?
I tried configuring iptables to deny connection to port
localhost only, by writing the desired ports configure in docker-compose.yml, e.g. 127.0.0.1:8080:80.In docker swarm this does not work and the published port is visible from the internet.
How then can I access the container port only from localhost without opening the port to the internet?
I tried configuring iptables to deny connection to port
iptables -A INPUT -p tcp --dport 5432 -j DROP, but because of the settings from docker for iptables, that didn't work.Solution
The container can be accessed via the ip which belongs to the
I was able to find out the ip address of the container on the
This way the container can be accessed from
Trying to find out the ip address via
docker_gwbridge interface.I was able to find out the ip address of the container on the
docker_gwbridge interface by running the ifconfig command in the container itself:$ docker exec ifconfig
This way the container can be accessed from
host machine for example by 172.18.0.2:5432, without having to publish port 5432.Trying to find out the ip address via
docker inspect (or or ) in swarm services did not lead to the desired result, because the ip from the docker_gwbridge interface was not displayed there. And the "internal" ip (something like 10.0.4.6) was not available from host machine.Context
StackExchange DevOps Q#15473, answer score: 2
Revisions (0)
No revisions yet.