Forward host port to docker container

A simple but relatively insecure way would be to use the --net=host option to docker run.

This option makes it so that the container uses the networking stack of the host. Then you can connect to services running on the host simply by using "localhost" as the hostname.

This is easier to configure because you won't have to configure the service to accept connections from the IP address of your docker container, and you won't have to tell the docker container a specific IP address or host name to connect to, just a port.

For example, you can test it out by running the following command, which assumes your image is called my_image, your image includes the telnet utility, and the service you want to connect to is on port 25:

docker run --rm -i -t --net=host my_image telnet localhost 25

If you consider doing it this way, please see the caution about security on this page:

https://docs.docker.com/articles/networking/

It says:

--net=host -- Tells Docker to skip placing the container inside of a separate network stack. In essence, this choice tells Docker to not containerize the container's networking! While container processes will still be confined to their own filesystem and process list and resource limits, a quick ip addr command will show you that, network-wise, they live “outside” in the main Docker host and have full access to its network interfaces. Note that this does not let the container reconfigure the host network stack — that would require --privileged=true — but it does let container processes open low-numbered ports like any other root process. It also allows the container to access local network services like D-bus. This can lead to processes in the container being able to do unexpected things like restart your computer. You should use this option with caution.

Your docker host exposes an adapter to all the containers. Assuming you are on recent ubuntu, you can run

ip addr

This will give you a list of network adapters, one of which will look something like

3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UPlink/ether 22:23:6b:28:6b:e0 brd ff:ff:ff:ff:ff:ffinet 172.17.42.1/16 scope global docker0inet6 fe80::a402:65ff:fe86:bba6/64 scope link   valid_lft forever preferred_lft forever

You will need to tell rabbit/mongo to bind to that IP (172.17.42.1). After that, you should be able to open connections to 172.17.42.1 from within your containers.

You could also create an ssh tunnel.

docker-compose.yml:

---version: '2'services:  kibana:    image: "kibana:4.5.1"    links:      - elasticsearch    volumes:      - ./config/kibana:/opt/kibana/config:ro  elasticsearch:    build:      context: .      dockerfile: ./docker/Dockerfile.tunnel    entrypoint: ssh    command: "-N elasticsearch -L 0.0.0.0:9200:localhost:9200"

docker/Dockerfile.tunnel:

FROM buildpack-deps:jessieRUN apt-get update && \    DEBIAN_FRONTEND=noninteractive \    apt-get -y install ssh && \    apt-get clean && \    rm -rf /var/lib/apt/lists/*COPY ./config/ssh/id_rsa /root/.ssh/id_rsaCOPY ./config/ssh/config /root/.ssh/configCOPY ./config/ssh/known_hosts /root/.ssh/known_hostsRUN chmod 600 /root/.ssh/id_rsa && \    chmod 600 /root/.ssh/config && \    chown $USER:$USER -R /root/.ssh

config/ssh/config:

# Elasticsearch ServerHost elasticsearch    HostName jump.host.czerasz.com    User czerasz    ForwardAgent yes    IdentityFile ~/.ssh/id_rsa

This way the elasticsearch has a tunnel to the server with the running service (Elasticsearch, MongoDB, PostgreSQL) and exposes port 9200 with that service.