Friday, January 27, 2017

Port Forwarding to Reach a Docker Instance

I have a docker instance running on a server that I can SSH into, but I am working remotely and would like to access its services. There are ways to set up something running in Docker so that it passes through and exposes the port from the host machine, but who wants to go through some complicated setup for something you are developing temporarily? I just want to be able to reach the web server that is exposed to the host computer without going through too much effort.

First I need to ensure that my docker container is running. I type sudo docker ps to confirm that it is running and look at the list of exposed ports to confirm that the port I need is 8088.

Next I need to confirm the ip address. There are lots of ways to do this, but just typing sudo docker network inspect bridge shows me the containers running and their IP addresses. I confirm that the IP address I need is From the host machine, I can access the exposed ports on that address all I want, but these are not necessarily visible to other computers on the network. And they are definitely not visible outside of my local network.

I can also confirm all of this by connecting to my host via ssh and running nmap This lists the open ports on that container, and I can see that there is a http service on an open TCP port at 8088.

What I want is to submit requests to localhost and have the requests forwarded to the container. SSH allows this with port forwarding. For the sake of clarity (and to demonstrate that the local port and remote port don't need to match) I am going to use a local port of 8999, so that web requests submitted to 8999 are passed through my encrypted SSH connection and sent to as if they are coming from the host machine.

To accomplish this, open a terminal and type:

ssh -nNT -L 8999:

The first set of options (-nNT) tell ssh that we are not sending any commands here or using an interactive shell. The next option (-L) tells it to map the ports. The next group has the local port to be used, the target server to contact, and the port to use on that target server. The last bit is the username and server that I am contacting which will pass along these requests.

The command will just sit there, but ports are being listened to and mapped behind the scenes. All the communication between your local computer and the server you connected to with SSH is encrypted, and your local network sees nothing but the communication between the two servers, not the further communication to the target server. Go to a browser and type http://localhost:8999 and the web page at will be brought up as if you were connected locally. To break the connection, just hit ctrl-c in the terminal window.

UPDATE: You can also share multiple ports in a single command. Just repeat the -L PORT:ADDRESS:PORT as many times as needed.

No comments:

Post a Comment