How to make Docker container accessible to other network machines through IP?

Question

I need to create some docker containers that must be accessed by other computers at the same network.

Problem is that when I create the container, Docker gets IP addresses valid only within the host machine.

I already took a look at Docker documentation (Networking) but nothing has worked.

If I run ifconfig on my machine my IP address is 172.21.46.149. When I go inside the container (Ubuntu) and run ifconfig the IP address is 172.17.0.2. I need Docker to get, for example, 172.21.46.150.

How can I do it?

Would it be OK if your container would directly bind host port to communicate? — Auzias, Feb 29 '16 at 15:26

score 2 · Answer 1 · answered Feb 29 '16 at 15:18

2

You have to create a bridge on your host and assign that bridge to the container. This may help you: https://jpetazzo.github.io/2013/10/16/configure-docker-bridge-network/

answered Feb 29 '16 at 15:18

Harald Weber

41
3

score 2 · Answer 2 · answered Mar 01 '16 at 07:12

Multi-host access involves an overlay network with service discovery.
See docker/networking:

An overlay network requires a key-value store. The store maintains information about the network state which includes discovery, networks, endpoints, IP Addresses, and more.
The Docker Engine currently supports Consul, etcd, ZooKeeper (Distributed store), and BoltDB (Local store) key-value store stores.
This example uses Consul.

If if your your nodes (the other computers across the same network) runs their docker daemon with a reference to that key-value store, they will be able to communicate with containers from other nodes.

DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=consul://<NODE-0-PRIVATE-IP>:8500/network --cluster-advertise=eth0:2375"

You just need to create an overlay network:

 docker network create -d overlay --subnet=10.10.10.0/24 RED

(it will be available in all computers because of the key-value store)

And run your containers on that network:

docker run -itd --name container1 --net RED busybox

score 1 · Answer 3 · edited May 23 '17 at 12:32

1

Docker containers can easily be accessed by other network node when a container:port is published through a host:port.

This is done using the -p docker-run option. Here is the sum-up of the man-page ($man docker-run gives more details and example that I won't copy/paste):

   -p, --publish=[]
      Publish a container's port, or range of ports, to the host.

See the doc online. This question/answer could be interesting to read too.

Basically:

docker run -it --rm -p 8085:8080 my_netcat nc -l -p 8080

Would allow LAN nodes to connect to the docker-host-ip:8085 and discuss with the netcat command.

edited May 23 '17 at 12:32

Community

1
1

answered Feb 29 '16 at 15:39

Auzias

3,638
14
36

Problem with this solution is that when I grow my environment things will get a bit messy I think as long as I will have many many containers... – Lucas Rezende Feb 29 '16 at 18:28
Well... You may want to edit your question to make it clearer then. Do you actually need all the containers on the same LAN as the host LAN? I understand the many-container-reason but I doubt the host will run more than 65k containers (creating a lack of socket to bind). Remember that a Docker best practice is the ["Caas"](https://stackoverflow.com/questions/35610995/consul-and-tomcat-in-the-same-docker-container#comment58922618_35610995) and according to the CaaS the container (supposed to run a single service) should need one port only, two or three in exceptional multi-ports-service cases. – Auzias Mar 01 '16 at 07:00

How to make Docker container accessible to other network machines through IP?

3 Answers3

Linked