I create a docker image for openvpn. But when I use docker inspect command to get config from this image, I always see this setting in ContainerConfig:
"ContainerConfig": {
"Hostname": "cfd8618fa650",
"ExposedPorts": {
"11194/tcp": {}
},
This is not good because every time I run this image, it will expose port 11194 automatically even I didn't want to. Does any one know how to remove this config ?
Pay attention that 11194 is the default OpenVpn port, so it's quite normal that it's exposed by Docker.
Anyway, if you have the Dockerfile, obviously you can build a new image removing the EXPOSE 11194 line from Dockerfile itself.
But if you run an image directly pulling it from a repo, or you can't remove the container, the port will be exposed, but you can bind it to a specific ip.
Because port mapping -p format can be
ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
you can bind the host port to a single host (e.g. localhost) instead to all the world, for example
docker run -p 127.0.0.1:11194:11194 ...
So port 11194 (or whatever port number you assign locally) will be reachable from localhost only.
Otherwise you can close the port by iptables or other firewall.
The site Docker and IPtables explains well docker port binding, iptables forwarding rules, etc.
