21 lines
1.1 KiB
Markdown
21 lines
1.1 KiB
Markdown
# Podman / Docker - expose port only to the localhost of the host machine
|
|
|
|
There are good reasons to expose a port of a docker container only to the localhost of the host machine. Security reasons or the use of a reverse proxy are only 2 of them (please don't ask for more). And it is fairly easy.
|
|
|
|
It is a simple modification to the argument of the `-p` flag while when running `podman run`:
|
|
|
|
`podman run -d -p 8080:80/tcp docker.io/library/httpd`
|
|
|
|
From the manual:
|
|
|
|
`-p, --publish strings Publish a container's port, or a range of ports, to the host (default [])`
|
|
|
|
This is a quick example which sets up a web server. The first part before the colon - in this case `8080` - is the exposed port on the host machine, on which the container would be reachable. The second part after the colon - `80/tcp` - is the used port within the container.
|
|
|
|
To limit the exposed port to the localhost of the host machine, just add the host loopback address in front of the host part like: `127.0.0.1:`. The new command would then be:
|
|
|
|
`podman run -d -p 127.0.0.1:8080:80/tcp docker.io/library/httpd`
|
|
|
|
That's it.
|
|
|
|
---
|