55

I have a CentOS docker container on a CentOS docker host. When I use this command to run the docker image docker run -d --net=host -p 8777:8777 ceilometer:1.x the docker container get host's IP but doesn't have ports assigned to it.

If I run the same command without "--net=host" docker run -d -p 8777:8777 ceilometer:1.x docker exposes the ports but with a different IP. The docker version is 1.10.1. I want the docker container to have the same IP as the host with ports exposed. I also have mentioned in the Dockerfile the instruction EXPOSE 8777 but with no use when "--net=host" is mentioned in the docker run command.

the
  • 21,007
  • 11
  • 68
  • 101
arevur
  • 553
  • 1
  • 4
  • 7
  • What is the question here? – cantSleepNow Feb 23 '16 at 20:13
  • "doesn't have ports assigned to it": how do you determine that? – VonC Feb 23 '16 at 20:14
  • 1
    You determine what ports the docker is using by netstat or you can use docker port – arevur Feb 23 '16 at 23:28
  • 5
    The flag `--net=host` shares the host interface with the container. Hence, if you don't start a service that listens to any port, no port will be "published", as there is no need for it. The `-p` flag is useless, if the host interface is shared because all needed port will be directly "published" on the host interface. In other words: the ports-space between host and containers are share when `--net=host` is used. – Auzias Feb 24 '16 at 07:18

3 Answers3

155

I was confused by this answer. Apparently my docker image should be reachable on port 8080. But it wasn't. Then I read

https://docs.docker.com/network/host/

To quote

The host networking driver only works on Linux hosts, and is not supported on Docker for Mac, Docker for Windows, or Docker EE for Windows Server.

That's rather annoying as I'm on a Mac. The docker command should report an error rather than let me think it was meant to work.

Discussion on why it does not report an error

https://github.com/docker/for-mac/issues/2716

Not sure I'm convinced.

Shane Gannon
  • 6,770
  • 7
  • 41
  • 64
  • 13
    Can't quite believe this is still the case in M$ Windows (docker-compose version 1.24.1, docker server version 19.03.2), well done for reading the manual and reiterating the crucial information. – Tyeth Sep 24 '19 at 23:00
  • 11
    Kudos to you for noting it here. It's really annoying that it's not working for Mac – tuan.dinh Aug 16 '20 at 03:28
32

The docker version is 1.10.1. I want the docker container to have same ip as the host with ports exposed.

When you use --net=host it tells the container to use the hosts networking stack. So you can't expose ports to the host, because it is the host (as far as the network stack is concerned).

docker inspect might not show the expose ports, but if you have an application listening on a port, it will be available as if it were running on the host.

dnephin
  • 25,944
  • 9
  • 55
  • 45
  • 5
    Shouldn't these ports show up when you do netstat then? To test this I ran: docker run -it --rm --net container:cass1 poklet/cassandra cqlsh And don't see the "ExposedPorts" but netstat shows nothing either – kisna Nov 23 '16 at 03:14
  • Yes and yes. You do not see the port in inspect. But if it works and your process works netstat or lsof show the port `sudo lsof -i | grep LISTEN` -> `node 1799 199 12u IPv6 247434980 0t0 TCP *:3443 (LISTEN)` – Björn Feb 07 '17 at 09:51
  • and what if I run with docker-compose? I tried remove the ports with no lack :-( – ItayB Feb 10 '17 at 11:06
12

On Linux, I have always used --net=host when myapp needed to connect to an another docker container hosting PostgreSQL.

myapp reads an environment variable DATABASE in this example

Like Shane mentions this does not work on MacOS or Windows...

docker run -d -p 127.0.0.1:5432:5432 postgres:latest

So my app can't connect to my other other docker container:

docker run -e DATABASE=127.0.0.1:5432 --net=host myapp

To work around this, you can use host.docker.internal instead of 127.0.0.1 to resolve your hosts IP address.

Therefore, this works

docker run -e DATABASE=host.docker.internal:5432 -d myapp

Hope this saves someone time!

rjdkolb
  • 10,377
  • 11
  • 69
  • 89