Make docker container only accessible from a certain IP

Question

Right now, when I bind a docker container port to a port on my computer, it can be accessed through every IP address belonging to my computer.

I know this since I tried connecting to the port through another computer using my Docker host's static LAN ip address.

I want to restrict that specific container to be accessible exclusively by my docker host (127.0.0.1 or localhost). When I change my web server's IP to localhost, it becomes inaccessible from my docker host (probably because that makes it local to the container, not the host).

How can I make a docker container local to the host?

Answer 1

If you run the container like this it will be accesable only from 127.0.0.1

docker run --rm -it -p 127.0.0.1:3333:80 httpd

--rm: I use it for testing it removing the container after exit.
-it: interactive tty.
-p: port mapping, map 3333 on the host to 80 in the container and restrict access only from localhost.

The docker-compose equivalent would be:

services:
  db:
    ports:
      - "127.0.0.1:80:80"