I'd like to run a Docker container which only exposes it's ports INTERNALLY within the docker instance on the said host. This means I do NOT want it public.
Hows does one do this from the command line? The code below opens it publicly.
docker run -p 27017:27017 --name mongo mongo
Best Answer
If you execute:
Then docker interprets that as:
Which means that the port is accessible from the host, but also externally.
You can verify that by running
nmap -p 27017 <host IP>
from a different machine against your host. Port 27017 should show up as 'open'.If you execute:
Then the port is only accessible from the host.
You can verify that by running
nmap -p 27017 <host IP>
from a different machine against your host. Port 27017 should show up as 'closed'.Finally, if you execute:
Then all ports will be local to the container.
Again, you can verify that by running
nmap
on your host against the container:nmap -p 27017 <container IP>
. Port 27017 should show up as 'closed'.