Reputation: 16287
Can access docker container from host but that should not be possible?
I have cloned this project:
https://github.com/andfanilo/vue-hello-world
and made a dockerfile for it:
FROM node:10
RUN apt install curl
# make the 'app' folder the current working directory
RUN mkdir /app
# copy project files and folders to the current working directory (i.e. 'app' folder)
COPY . /app
WORKDIR /app
RUN npm install
CMD [ "npm", "run", "serve" ]
I build and run it with:
FRONTEND_IMAGE='frontend-simple-image'
FRONTEND_CONTAINER_NAME='frontend-simple-container'
docker build -t ${FRONTEND_IMAGE} .
docker rm -f ${FRONTEND_CONTAINER_NAME}
docker run -it --name ${FRONTEND_CONTAINER_NAME} ${FRONTEND_IMAGE}
It builds and runs successfully:
And I can access it on my host browser:
Which is all good except I would not expect that I could access from my host browser according to:
https://docs.docker.com/config/containers/container-networking/
By default, when you create a container, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host. Here are some examples.
So why does it work (accessing the web application from my host browser) without adding e.g -p 8080:8080 to docker run??
Upvotes: 4
Views: 279
Answers (1)
Reputation: 167
It's all working fine. To access the website you are using 172.17.0.2 which belongs to the initial Docker bridge network 172.17.0.0/16. It's a basic network in which all containers are being created if you won't specify any other network.
Because bridge is a network created on your host machine you can freely access it using direct IP address. But if you will try to access the Vue app through localhost:8080 or 127.0.0.1:8080 you shouldn't be able to connect, as you are using a different network. After adding -p 8080:8080 the behavior should change and an app will be accessible through localhost.
Basically an "outside world" from Docker documentation means a network beyond the ones assigned to the container, so in your case, an "outside world" is anything but 172.17.0.0/16.
You can read more about container communications here.
Upvotes: 6
Related Questions
- Cannot access docker host from macos
- How to access host machine from Docker container?
- Docker: Unable to access container's internal IP from host
- docker-machine: Can't access container's web server from host
- Access host machine in Docker Container on Ubuntu 18.04
- Cannot access server running in container from host
- How to let docker container access host network port
- Access host via docker container
- Error accessing host port from docker container on ubuntu
- Unable to connect to Docker container from host