Exposing a port on a live Docker container

2018-06-05 18:41:59

I'm trying to create a Docker container that acts like a full-on virtual machine. I know I can use the EXPOSE instruction inside a Dockerfile to expose a port, and I can use the -p flag with docker run to assign ports, but once a container is actually running, is there a command to open/map additional ports live?

For example, let's say I have a Docker container that is running sshd. Someone else using the container ssh's in and installs httpd. Is there a way to expose port 80 on the container and map it to port 8080 on the host, so that people can visit the web server running in the container, without restarting it?

You cannot do this via Docker, but you can access the container's un-exposed port from the host machine.

if you have a container that with something running on its port 8000, you can run

wget http://container_ip:8000

To get the container´s ip address, run the 2 commands:

docker ps

docker inspect container_name | grep IPAddress

Internally, Docker shells out to call iptables when you run an image, so maybe some variation on this will work.

to expose the container's port 8000 on your localhosts port 8001:

 iptables -t nat -A  DOCKER -p tcp --dport 8001 -j DNAT --to-destination 172.17.0.19:8000

One way you can work this out, is to setup another container with the port mapping you want, and compare the output of the iptables-save command (though, I had to remove some of the other options that force traffic to go via the docker proxy).

NOTE: this is subverting docker, so should be done with the awareness that it may well create blue smoke

Another alternative, is to look the (new? post 0.6.6?) -P option - which will use random host ports, and then wire those up.

with 0.6.5, you could use the LINKs feature to bring up a new container that talks to the existing one, with some additional relaying to that container´s -p flags? (I have not used LINKs yet)

with docker 0.11? you can use docker run --net host .. to attach your container directly to the host's network interfaces (ie, net is not name-spaced) and thus all ports you open in the container are exposed.

Here's what I would do:

Commit the live container.

Run the container again with the new image, with ports open (I'd recommend mounting a shared volume and opening the ssh port as well)

sudo docker ps 
sudo docker commit <containerid> <foo/live>
sudo docker run -i -p 22 -p 8000:80 -m /data:/data -t <foo/live> /bin/bash

Here's another idea. Use SSH to do the port forwarding; this has the benefit of also working in OS X (and probably Windows) when your Docker host is a VM.

docker exec -it <containterid> ssh -R5432:localhost:5432 <user>@<hostip>

链接地址: http://www.djcxy.com/p/18184.html

上一篇: 在Docker容器中运行不同的Linux操作系统？

下一篇: 在活动的Docker容器上公开端口