🚀 DevOps & SRE Certification Program 📅 Starting: 1st of Every Month 🤝 +91 8409492687 🔍 Contact@DevOpsSchool.com

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Docker

Docker Tutorials: Working with Ports in Docker Containers

October 3, 2022 Leave a Comment

Port expose and publish has to happen when a container is created. Just stop the existing container and create a new one in its place with the added expose and/or publish options.

By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers. Each outgoing connection will appear to originate from one of the host machine’s own IP addresses thanks to an iptables masquerading rule on the host machine that the Docker server creates when it starts:

[code]$ sudo iptables -t nat -L -n

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all — 172.17.0.0/16 0.0.0.0/0[/code]

The Docker server creates a masquerade rule that lets containers connect to IP addresses in the outside world. If you want containers to accept incoming connections, you will need to provide special options when invoking docker run. There are two approaches.

How to map ports to containers?
Approach 1
First, you can supply -P or –publish-all=true|false to docker run
or
EXPOSE line in the image’s Dockerfile
or
–expose <port> commandline flag and maps it to a host port somewhere within an ephemeral port range.

Approach 2
Mapping can be specified explicitly using -p SPEC or –publish=SPEC option. It allows you to particularize which port on docker server – which can be any port at all, not just one within the ephemeral port range – you want mapped to which port in the container.

How to EXPOSE Port on running container?

Mehtod 1 – Using docker commit
Commit your current container to a new image and then do a docker run specifying the new port range and the new image name.

[code]$ docker stop containerID
$ docker commit containerID newImageName:tag
$ docker run -d –name db -p 8091-8094:8091-8094 -p 11210:11210 newImageName:tag[/code]

Method 2 – using iptables

[code]HOST> iptables -t nat -A DOCKER -p tcp –dport 443 -j DNAT –to-destination 172.17.0.2:443
HOST> iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp –source 172.17.0.2 –destination 172.17.0.2 –dport https
HOST> iptables -A DOCKER -j ACCEPT -p tcp –destination 172.17.0.2 –dport https[/code]

Docker Tutorials Fundamental To Advanced-2021 Crash Course:- https://bit.ly/3hOIbTB

Subscribe
Notify of
guest


0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x