![]() So unless your container is talking to itself, you always listen on 0.0.0.0 with the application you are running inside the container. That includes blocking port forwarding from the docker host and container-to-container networking. If you need to prevent others outside of your docker host from reaching the port, configure that restriction when publishing the port on the docker run cli. If you listen on localhost inside the container, nothing outside the container can connect to your application. ![]() From 18.03 onwards our recommendation is to connect to the special DNS name, which resolves to the. So when you configure mysql to listen on 127.0.0.1, there's no way to reach it from outside of the container's networking namespace. The host has a changing IP address (or none if you have no network access). If you leave off the ip, docker will publish the port on all interfaces on the host. that configures a listener on the docker host interface 127.0.0.1 port 1234, and forwards it to the container namespace port 5678 (that container must be listening on 0.0.0.0). The second network namespace is on your docker host. ![]() If you listen on localhost inside the container, nothing outside the container can connect to your application. With docker port forwarding, there are two network namespaces you need to keep track of.
0 Comments
Leave a Reply. |