Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to access host port from docker container

I have a docker container running jenkins. As part of the build process, I need to access a web server that is run locally on the host machine. Is there a way the host web server (which can be configured to run on a port) can be exposed to the jenkins container?

EDIT: I'm running docker natively on a Linux machine.

UPDATE:

In addition to @larsks answer below, to get the IP address of the Host IP from the host machine, I do the following:

ip addr show docker0 | grep -Po 'inet \K[\d.]+' 
like image 726
Tri Nguyen Avatar asked Jul 09 '15 18:07

Tri Nguyen


2 Answers

When running Docker natively on Linux, you can access host services using the IP address of the docker0 interface. From inside the container, this will be your default route.

For example, on my system:

$ ip addr show docker0 7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default      link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff     inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0        valid_lft forever preferred_lft forever     inet6 fe80::f4d2:49ff:fedd:28a0/64 scope link         valid_lft forever preferred_lft forever 

And inside a container:

# ip route show default via 172.17.0.1 dev eth0  172.17.0.0/16 dev eth0  src 172.17.0.4  

It's fairly easy to extract this IP address using a simple shell script:

#!/bin/sh  hostip=$(ip route show | awk '/default/ {print $3}') echo $hostip 

You may need to modify the iptables rules on your host to permit connections from Docker containers. Something like this will do the trick:

# iptables -A INPUT -i docker0 -j ACCEPT 

This would permit access to any ports on the host from Docker containers. Note that:

  • iptables rules are ordered, and this rule may or may not do the right thing depending on what other rules come before it.

  • you will only be able to access host services that are either (a) listening on INADDR_ANY (aka 0.0.0.0) or that are explicitly listening on the docker0 interface.


If you are using Docker on MacOS or Windows 18.03+, you can connect to the magic hostname host.docker.internal.


Lastly, under Linux you can run your container in the host network namespace by setting --net=host; in this case localhost on your host is the same as localhost inside the container, so containerized service will act like non-containerized services and will be accessible without any additional configuration.

like image 26
larsks Avatar answered Sep 22 '22 02:09

larsks


For all platforms

Docker v 20.10 and above (since December 14th 2020)

On Linux, add --add-host=host.docker.internal:host-gateway to your Docker command to enable this feature. (See below for Docker Compose configuration.)

Use your internal IP address or connect to the special DNS name host.docker.internal which will resolve to the internal IP address used by the host.

To enable this in Docker Compose on Linux, add the following lines to the container definition:

extra_hosts: - "host.docker.internal:host-gateway" 

For macOS and Windows

Docker v 18.03 and above (since March 21st 2018)

Use your internal IP address or connect to the special DNS name host.docker.internal which will resolve to the internal IP address used by the host.

Linux support pending https://github.com/docker/for-linux/issues/264

MacOS with earlier versions of Docker

Docker for Mac v 17.12 to v 18.02

Same as above but use docker.for.mac.host.internal instead.

Docker for Mac v 17.06 to v 17.11

Same as above but use docker.for.mac.localhost instead.

Docker for Mac 17.05 and below

To access host machine from the docker container you must attach an IP alias to your network interface. You can bind whichever IP you want, just make sure you're not using it to anything else.

sudo ifconfig lo0 alias 123.123.123.123/24

Then make sure that you server is listening to the IP mentioned above or 0.0.0.0. If it's listening on localhost 127.0.0.1 it will not accept the connection.

Then just point your docker container to this IP and you can access the host machine!

To test you can run something like curl -X GET 123.123.123.123:3000 inside the container.

The alias will reset on every reboot so create a start-up script if necessary.

Solution and more documentation here: https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds

like image 174
Janne Annala Avatar answered Sep 22 '22 02:09

Janne Annala