Exploring Docker Networking – Ports and Forwarding

Now I’m going to docker inspect the container.  I’m cutting out a lot of the result because it is long and detailed (tons of good info here, just not what I’m focusing on).

"Config": {
 "Hostname": "4d5d54275890",
 "Domainname": "",
 "User": "",
 "AttachStdin": false,
 "AttachStdout": false,
 "AttachStderr": false,
 "ExposedPorts": {
 "80/tcp": {}
 }, 
<...snip...>
"Networks": {
 "bridge": {
 "IPAMConfig": null,
 "Links": null,
 "Aliases": null,
 "NetworkID": "951ef0c50a232a271874f2fd38273c4590dc0810bef36c302002b1763fdfbae7",
 "EndpointID": "f2dea1699188703f4a1d95815efc4e81bb81923438cf3802763f32d9d01001b0",
 "Gateway": "172.17.0.1",
 "IPAddress": "172.17.0.2",

As we’ve seen before, I didn’t specify the network so it attached by default to the bridge network.  And it automatically was assigned an IP address from the IPAM system (172.17.0.2) and a gateway (172.17.0.1).  Up top you can also see an exposed port of 80, which hopefully you know is http.

Now, how do I access my webserver?  Is it running on port 80?  Well let’s netstat and see what we see.  For those unfamiliar to netstat, I’m basically asking it to show me all active/listening TCP and UDP ports on the server.

[root@dockernet2 ~]# netstat -natu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.206:22 10.0.0.10:59964 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN

So, no it is not listening on port 80.  Or at least, I can’t see the port on my host.  But remember with bridge networking the container network is actually separate from my host network.  What’s running on the container?

[root@dockernet2 ~]# nmap 172.17.0.2

Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-03 21:56 EDT
Nmap scan report for 172.17.0.2
Host is up (0.0000060s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
80/tcp open http

Why, port 80 is open on the container!  Lucky us because that’s what we need to connect to for the web server.  Let’s try a curl:

[root@dockernet2 ~]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
 body {
 width: 35em;
 margin: 0 auto;
 font-family: Tahoma, Verdana, Arial, sans-serif;
 }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

OK great, there is the NGINX web server.  But we have a problem, right?  I mean, maybe you want the website to only be accessible from the host, but I want to hit it from my laptop browser.  No problem, we’ve got that covered.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s