I have a setup where I run all parts of my website in docker containers. My nginx that listens on port 80 and 443 run in a container.
363292a98545 scivm/nginx-django-scivmcom:latest /usr/bin/supervisord 12 days ago Ghost 0.0.0.0:40001->22/tcp, 88.198.57.112:443->443/tcp, 88.198.57.112:80->80/tcp lonely_feynmann
I want to set up a proxy to a service in another container. This container is bound to port 3000 on the host:
b38c8ef72d0a mazzolino/strider-dind:latest wrapdocker /usr/bin/ 41 minutes ago Up 41 minutes 0.0.0.0:3000->3000/tcp, 22/tcp, 27017/tcp distracted_einstein
My iptables on the docker host look like this:
root@Ubuntu-1204-precise-64-minimal /var/run # iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
From within the container, I am unable to connect to port 3000 on the host machine due to the iptables configuration.
I don't want to open port 3000 to the public internet.
Is there a way to open a direct bridge between the container and the host on port 3000?
Or should I modify my iptables to accept from the docker ip range?
Best Answer
All you need is Docker's link capabilities [deprecated]
Just get rid of all the complicated stuff you tried to do and start using named containers and then link them to each other.