Saturday, April 17, 2021

Docker Expose Port Understanding Port Mapping and Port Forwarding

 In this, we will discuss an experiment on Docker Container Network port exposed or published. A Netcat command utility will be used to make an echo server. which will be read the message on one socket and the other end sends the message to the terminal.


Docker expose ports
Understanding Port forwarding in Docker Containers


Background on Docker Port

Docker container ports by default mapping to host ports.

The -P option will bind the container exposed ports (EXPOSE command in Dockerfile) to random available ports of the host.

We can bind any port of the container even though it is not pre-defined with EXPOSE ones. For this, you can use -p (lower case) with host port followed by a colon (:) container port 

Note: This experiment can be successful on ubuntu:14.04 image only. Because other than that ubuntu images don't support nc and host.docker.internal to look into the docker network.

Here we have four use cases:

  1. Two ports open to run the echo server 
  2. Container access host network
  3. Dynamically port mapping
  4. Expose Port using TCP/UDP protocol

To understand more on docker network isolation with namespaces, Open 3 terminal set to view all 3 on a single screen.

Docker expose ports
Examples of Docker container port 



USE CASE 1: TWO PORTS EXPOSED - USED AS ECHO-SERVER 

In this case, let's use three terminals  on the same screen

Terminal 1: 

# Create a container as echo-server with expose of 2 different ports 
docker run --rm -ti --name echoserver \
 -p 5000:5000 -p 5001:5001  \
 ubuntu:14.04 /bin/bash
# Inside the container pipe between two ports
nc -lp 5000 | nc -lp 5001
To validate this experiment, how this netcat command will be used to communicate betwen two ports inside the container they work as echoserver.

Now open the Terminal 2 window and send the text message to localhost with 5000 will be forward to localhost with 5001

Terminal 2: Run the nc command as shown

nc localhost 5000
Vybhava Technologies gives knowledge on Docker

Terminal 3: Now open the third terminal and run the nc command with 5001 port this will be in waiting state

nc localhost 5001

Here you can observe that Terminal 3 having output automatically displaying the same message that you entered and send in Terminal 2 where the docker container acted as echo server

Docker Expose port forwarding
Docker Port Fortwarding withing container


USE CASE 2: Containers using host network - host.docker.internal/host IP 

Terminal 1 remain the same as we have done it earlier in this Blog post 

Terminal 2: 

Note: Docker version 20.x supports following --add-host option way to communicate with host network from container.
docker run -it --name echoclient1 \
--add-host=host.docker.internal:host-gateway \
ubuntu:14.04 bash

#inside contianer 

nc host.docker.internal 5000
echo message here

Terminal 3: Now run the ubuntu container

docker run -it --name echoclient2 \
--add-host=host.docker.internal:host-gateway \
ubuntu:14.04 bash

#inside contianer 

nc host.docker.internal 5001
container Communicate with Host
Expose port used by Sender and Receiver container


Observe that in terminal 2 write message same will displayed into the terminal 3 

USE CASE 3: Dynamically port mapping to exposed container ports 

The port inside the container is fixed port

The port on the host machine or VM is chosen from the available unused ports 

This allows many containers to run programs with fixed ports 

this often is used with service discovery programs 


Terminal 1: 

docker run --rm -ti \
-p 5000 -p 5001 --name echoserver \
ubuntu:14.04 bash

#inside container 

nc -lp 5000|nc -lp 5001


Terminal 2:

docker port echoserver


#shows port mappings 

nc localhost hostport1


#change hostport1

Enter a message to echo

Terminal 3:

nc localhost hostport2

#change hostport2

Now in this case you can observe that text automatically sends the message to Terminal 3 where netcat ready to display on to your terimal with the open port 


USE CASE 4: USING Export Port with a Protocol TCP or UDP

docker run -p host-port:container-port/protocol 

# protocal can be tcp or udp 

Terminal

docker run --rm -ti -p 8888/udp \
--name echoserver ubuntu:14.04 bash

Here we have not used any host-port to forward it so Docker engine will help us to select the random port from host machine available ports.


Terminal 2:

First check the port to which it is bind from the container
docker port echoserver


Use the random port to send the message from localhost.
nc -u localhost mapport1-from-above
hello from udp

Now here observe that message send back to the terminal running container.

Docker container echoserver run netcat with UDP
Expose UDP Port for docker container


Reference: 

  1. Docker official document port link
  2. Discuss on host docker internal 
  3. Play with NetCat on ubuntu  

.

No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)