I’m using a docker compose file, and I have everything running just fine, containers talking to each other as needed, NPM reverse proxying everything via a duckdns subdomain… everything’s cool.

Problem is, I can still go to, for example, http://192.168.1.30:8080/ and get the services without http.

I’ve tried commenting out the ports in the compose file, which should make them only available on the internal network, I thought. But when I do that, the containers can no longer connect to each other.

Any advice for me?

Edit:

Thanks for the quick & helpful suggestions!

While investigating bridge networks, I noticed a mention that containers could only find each other on the default container bridge by container name, which I did not know. I had tried 127.0.0.1, localhost, the external IP, hostnames, etc but not container names.

In the end, the solution was just to use container names when telling each container how to find the others. No need for creating bridge networks or any other shenanigans.

Thank you!

  • vividspecter@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 months ago

    There’s likely a firewall on the system that hosts the docker services, and docker’s default bridge rules bypass it when publishing a port. And since the docker rules are prioritised, it can be quite difficult to override them in a reliable way. I personally wish that the default rules would just open a rule to the host, but there might be some complexity that I’m missing that makes that challenging.

    I personally use host networking to avoid the whole mess, but be aware you’ll have to change the internal ports for a bunch of services most likely, and that’s not always well-documented. And using the container name as the host name won’t work when referencing other containers, you’ll have to use e.g. localhost:<port number> even inside the network.

    You can do the bind to localhost thing that others have mentioned, as long as the reverse proxy itself is inside the docker network (likely there are workarounds if not).