Using the uppercase -P command line option will force Docker to bind all exposed ports in a container's image to the host.
When you connect an existing container to a different network using docker network connect , you can use the --ip or --ip6 flags on that command to specify the container's IP address on the additional network. In the same way, a container's hostname defaults to be the container's ID in Docker.
As @daniel-t points out in the comment: github.com/docker/docker/issues/2174 is about showing binding only to IPv6 in netstat
, but that is not an issue. As that github issues states:
When setting up the proxy, Docker requests the loopback address '127.0.0.1', Linux realises this is an address that exists in IPv6 (as ::0) and opens on both (but it is formally an IPv6 socket). When you run netstat it sees this and tells you it is an IPv6 - but it is still listening on IPv4. If you have played with your settings a little, you may have disabled this trick Linux does - by setting net.ipv6.bindv6only = 1.
In other words, just because you see it as IPv6 only, it is still able to communicate on IPv4 unless you have IPv6 set to only bind on IPv6 with the net.ipv6.bindv6only setting. To be clear, net.ipv6.bindv6only should be 0 - you can run sysctl net.ipv6.bindv6only
to verify.
Setting net.ipv6.conf.all.forwarding=1
will fix the issue.
This can be done on a live system using
sudo sysctl -w net.ipv6.conf.all.forwarding=1
Currently docker binds to both IPv4 and IPv6 by default.
If you want to explicitly "Make docker use IPv4 for port binding" (as in, have it only bind on the IPv4 port) add 0.0.0.0:
before the ports in the -p
/--publish
option(s), like so:
$ docker run --publish "0.0.0.0:80:80" --publish "0.0.0.0:443:443" --detach nginx
The result will look like this when you're done:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2459bd225751 nginx "/docker-entrypoint.…" 4 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp jovial_yonath
The netstat results will look like this:
$ sudo netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 22676/docker-proxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22698/docker-proxy
You can browse or curl
to the device to make sure it works, of course.
If you don't add the "0.0.0.0", it will bind on both IP versions, and the PORTS
will read 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
, which may not be desirable for security, console spam or predictability reasons.
ISSUE RESOVLED:
USE docker run -it -p 80:80 --name nginx --net=host -d nginx
that's issue we face with VM some time instead of bridge network try with host that will work for you
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN -
By default, docker uses AF_INET6 sockets which can be used for both IPv4 and IPv6 connections. This causes netstat to report an IPv6 address for the listening address.
From RedHat https://access.redhat.com/solutions/3114021
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With