问题
I have a service running inside a docker-container, which by default only binds to localhost.
I could reconfigure / reprogram this service to bind to all interfaces, but this might have security implications in other contexts. Is there any way to expose a service bound to localhost inside a docker container?
回答1:
I ended up using socat inside the docker container, to proxy any tcp connections on the relevant port-number coming in on the public interface, to the private interface.
For example, this can be added to the docker-container run-script to proxy a service bound on localhost:3000 to the :3000, where it can be EXPOSED and --linked like any other service. Make sure to install socat inside the container.
socat TCP4-LISTEN:3000,bind=`hostname -I | tr -d '[:space:]'`,fork TCP4:localhost:3000 &
Please note; I am using hostname -I | tr -d '[:space:]' to discover the ip of the docker container. Since normally docker containers have only one public ip, this works well.
来源:https://stackoverflow.com/questions/40383804/how-to-expose-a-service-running-inside-a-docker-container-bound-to-localhost