Reputation: 929
Docker/Podman make container reach localhost and reachable via localhost
I have an application A running locally on host, and application B running in a container. Application A listens to localhost:8080 and application B on localhost:8081.
When I run the container with
podman run -p 8081:8081 applicationB
Application A can send request to application B via localhost:8081. However, application B cannot reach application A, since a connection to localhost:8080 is refused.
Wen I instead run the container with:
podman run --network host applicationB
it is the opposite. Application B can reach application A via localhost:8080, but application A cannot send a request to application B via localhost:8081. When I try both -p 8081:8081 and --network host, I get the following error:
Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use
What can I do?
Upvotes: 1
Views: 2404
Answers (1)
Reputation: 312138
...and application B on localhost:8081
If application B is bound to localhost:8081 inside the container, then it is effectively useless (from outside the container). Anything bound to localhost in the container can only be accessed by clients running in the same container.
The best solution here is for the application inside the container to bind to 0.0.0.0:8081; then your port forward would work correctly. You could run something like this:
podman run -p 127.0.0.1:8081:8081 applicationB
Here, we're publishing (-p) container port 8081 only on 127.0.0.1:8081 on the host (so you can reach it at 127.0.0.1:8081 on your host, but it won't be available at <your host ip>:8081 to other machines on the network).
Wen I instead run the container with:
podman run --network host applicationBit is the opposite. Application B can reach application A via localhost:8080, but application A cannot send a request to application B via localhost:8081.
That is actually surprising; with --network host, both applications will have the same view of localhost, and you would expect connectivity to work just fine in both directions.I suspect that this actually works, but possibly something else is getting in the way. The output of ss -tln would show you whether or not something was listening on port 8081.
When I try both -p 8081:8081 and --network host, I get the following error:
Right, that's expected: when you're running the containerized application in the host network namespace, port publishing doesn't make any sense: if your application binds to port 8081, then that's it. It's listening on host port 8081.
Upvotes: 2
Related Questions
- rootless podman quadlet webserver not reachable from host
- Podman container cannot connect to Windows host
- Is it possible to list which ports in a Podman pod is bound to which container?
- How to enable inter container communication using podman-compose
- Containerized NodeJS application on podman not reachable