Reputation: 743
Docker container doesn't expose ports when --net=host is mentioned in the docker run command
I have a CentOS docker container on a CentOS docker host. When I use this command to run the docker image docker run -d --net=host -p 8777:8777 ceilometer:1.x the docker container get host's IP but doesn't have ports assigned to it.
If I run the same command without "--net=host" docker run -d -p 8777:8777 ceilometer:1.x docker exposes the ports but with a different IP. The docker version is 1.10.1. I want the docker container to have the same IP as the host with ports exposed. I also have mentioned in the Dockerfile the instruction EXPOSE 8777 but with no use when "--net=host" is mentioned in the docker run command.
Upvotes: 74
Views: 99905
Answers (6)
Reputation: 1744
My OS is Linux but for me, the problem was using the docker rootless.
and I believe Rootless Docker does not support the --network host mode the same way traditional Docker does. This is because rootless Docker uses user namespaces and other mechanisms that can affect networking capabilities.
Ports exposed by containers in rootless Docker might not be directly accessible from the host in the same way. This is due to the differences in how networking is handled.
so when you want to use --net=host or --network=host run your docker command with sudo
or delete your rootless docker
systemctl stop docker.service
dockerd-rootless-setuptool.sh uninstall --force
systemctl start docker.service
and add your user to docker group
sudo usermod -aG docker $USER
sudo chown root:docker /var/run/docker.sock
sudo chown -R root:docker /var/run/docker
now you have access to the docker command without sudo and you are able to use --network=host.
if you have any problem accessing Docker without sudo uninstall your Docker and install it again but this time make it rootless by adding it to the docker group.
Upvotes: 1
Reputation: 7738
I was confused by this answer. Apparently my docker image should be reachable on port 8080. But it wasn't. Then I read
https://docs.docker.com/network/host/
To quote
The host networking driver only works on Linux hosts, and is not supported on Docker for Mac, Docker for Windows, or Docker EE for Windows Server.
That's rather annoying as I'm on a Mac. The docker command should report an error rather than let me think it was meant to work.
Discussion on why it does not report an error
https://github.com/docker/for-mac/issues/2716
Not sure I'm convinced.
Updated 2024: As per comments and other answers there have been changes in this area. See Docker container doesn't expose ports when --net=host is mentioned in the docker run command
Upvotes: 179
Reputation: 5851
The host networking driver only works on Linux hosts, but is available as a Beta feature, on Docker Desktop version 4.29 and later. To enable this feature, navigate to the Features in Development tab in Settings, and then select Enable host networking.
Upvotes: 4
Reputation: 241
https://docs.docker.com/network/drivers/host/
tells us:
"Host networking is also supported on Docker Desktop version 4.29 and later for Mac, Windows, and Linux as a beta feature. To enable this feature, navigate to the Features in development tab in Settings, and then select Enable host networking."
And it works for me.
Upvotes: 1
Reputation: 11888
On Linux, I have always used --net=host when myapp needed to connect to an another docker container hosting PostgreSQL.
myapp reads an environment variable DATABASE in this example
Like Shane mentions this does not work on MacOS or Windows...
docker run -d -p 127.0.0.1:5432:5432 postgres:latest
So my app can't connect to my other other docker container:
docker run -e DATABASE=127.0.0.1:5432 --net=host myapp
To work around this, you can use host.docker.internal instead of 127.0.0.1 to resolve your hosts IP address.
Therefore, this works
docker run -e DATABASE=host.docker.internal:5432 -d myapp
Hope this saves someone time!
Upvotes: 23
Reputation: 28150
The docker version is 1.10.1. I want the docker container to have same ip as the host with ports exposed.
When you use --net=host it tells the container to use the hosts networking stack. So you can't expose ports to the host, because it is the host (as far as the network stack is concerned).
docker inspect might not show the expose ports, but if you have an application listening on a port, it will be available as if it were running on the host.
Upvotes: 36
Related Questions
- Copying files from Docker container to host
- How do I get into a Docker container's shell?
- How to copy files from host to Docker container?
- How to fix Docker: Got permission denied issue
- How to force Docker for a clean build of an image
- How to get a Docker container's IP address from the host
- How to mount a host directory in a Docker container
- What is the difference between "expose" and "publish" in Docker?