docker-compose 暴露远程容器上的端口

Question

I run my docker-compose service remotely on another physical machine on my local network via -H=ssh://user@192.168.0.x .

I'm exposing ports using docker-compose:

    ports:
      - 8001:8001

However, when I start the service, the port 8001 is not exposed to my localhost. I can ssh into the machine running the container, and port 8001 is indeed listening there.

How do I instruct docker-compose to tunnel this port from the remote machine running the container, to my local docker client?

Answer 1

Docker doesn't have the ability to do this. But from your ssh client's point of view, the container is no different from any other program running on the remote host, and you can use the ssh -L option to forward a local port to the remote system.

# Tell ssh to forward local port 8001 to remote port 8001
ssh -L 8001:localhost:8001 user@192.168.0.x \
  # Incidentally the remote port happens to be via a Docker container
  docker run -p 127.0.0.1:8001:8001 ...

Whenever you set DOCKER_HOST or use the docker -H option, you're giving instructions to a remote Docker daemon which interprets them relative to itself. docker -H... -v... mounts a directory on the same system as the Docker daemon into a container; docker -H... -p... publishes a port on the same system as the Docker daemon. Docker has no ability to somehow take into account the content or network stack of the local system when doing this.

(The one exception is docker -H... build , which actually creates a tar file of the local directory and sends it across the network to use as the build context, so you can have a remote Docker daemon build an image of a local source tree.)