Docker：连接到容器（不暴露端口）

Question

First things first: I did use the search, both Google and SO.

Task

Trying to connect a MongoGUIClient from my Host (OSX) to the MongoDB inside my container.

What did I do?

1. Version: docker run --name some-mongo -d mongo
2. Version: docker run --name some-mongo -d -p 127.0.0.1:27017:27017 mongo

What's the problem?

Using the 2. version I am able to connect from the host without any further problems. But that means I need to expose that port on my system which I do not want to do.

What I am trying to achieve

I want to use the 1. version given above, without exposing ports and then do docker inspect to get the container ip (which in my case is 172.17.0.2 ) and then I want to connect to 172.17.0.2:27017 but that does not work and that is the problem .

What am I doing wrong here? Is there a conceptual mistake of mine? I just want to connect to that container sub network without exposing ports. Is that not possible?

Answer 1

Even if you could contact directly your container, it exposed port would only be visible by other containers, not by your docker host (xhyve VM) or your actual host (Mac).

So a mapping is still needed.
You could then try and use the XHyve Alpine VM IP but... this thread mentions a couple of current (Q4 2016) limitations preventing to do that.

That is why the current application example only shows access through localhost.

From this thread :

Currently the only way to access containers is by exposing a port.
There is no docker0 on the Mac.

Answer 2

Use defreitas/dns-proxy-server . Then you can access the container with its hostname.

Example:

# First run DPS
$ docker run --rm --hostname dns.mageddo \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf \
defreitas/dns-proxy-server

# Then run the container
$ docker run --hostname some-mongo --name some-mongo -d mongo

You can check if it works using netcat:

$ nc -z some-mongo 27017
$ echo $?
0