Make docker use IPv4 for port binding

As @daniel-t points out in the comment: github.com/docker/docker/issues/2174 is about showing binding only to IPv6 in netstat, but that is not an issue. As that github issues states:

When setting up the proxy, Docker requests the loopback address '127.0.0.1', Linux realises this is an address that exists in IPv6 (as ::0) and opens on both (but it is formally an IPv6 socket). When you run netstat it sees this and tells you it is an IPv6 - but it is still listening on IPv4. If you have played with your settings a little, you may have disabled this trick Linux does - by setting net.ipv6.bindv6only = 1.

In other words, just because you see it as IPv6 only, it is still able to communicate on IPv4 unless you have IPv6 set to only bind on IPv6 with the net.ipv6.bindv6only setting. To be clear, net.ipv6.bindv6only should be 0 - you can run sysctl net.ipv6.bindv6only to verify.

Setting net.ipv6.conf.all.forwarding=1 will fix the issue.

This can be done on a live system usingsudo sysctl -w net.ipv6.conf.all.forwarding=1

2021 Update:

Currently docker binds to both IPv4 and IPv6 by default.

If you want to explicitly "Make docker use IPv4 for port binding" (as in, have it only bind on the IPv4 port) add 0.0.0.0: before the ports in the -p/--publish option(s), like so:

$ docker run --publish "0.0.0.0:80:80" --publish "0.0.0.0:443:443" --detach nginx

The result will look like this when you're done:

$ docker psCONTAINER ID   IMAGE   COMMAND                  CREATED          STATUS         PORTS                                      NAMES2459bd225751   nginx   "/docker-entrypoint.…"   4 seconds ago    Up 2 seconds   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   jovial_yonath

The netstat results will look like this:

$ sudo netstat -tulnpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State    PID/Program nametcp        0      0 0.0.0.0:443   0.0.0.0:*       LISTEN   22676/docker-proxytcp        0      0 0.0.0.0:80    0.0.0.0:*       LISTEN   22698/docker-proxy

You can browse or curl to the device to make sure it works, of course.

If you don't add the "0.0.0.0", it will bind on both IP versions, and the PORTS will read 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, which may not be desirable for security, console spam or predictability reasons.