Podman / Docker - expose port only to the localhost of the host machine

CaffeineFueled

2022/12/08

There are good reasons to expose a port of a docker container only to the localhost of the host machine. Security reasons or the use of a reverse proxy are only 2 of them (please don’t ask for more). And it is fairly easy.

It is a simple modification to the argument of the -p flag while when running podman run:

podman run -d -p 8080:80/tcp docker.io/library/httpd

From the manual:

-p, --publish strings Publish a container's port, or a range of ports, to the host (default [])

This is a quick example which sets up a web server. The first part before the colon - in this case 8080 - is the exposed port on the host machine, on which the container would be reachable. The second part after the colon - 80/tcp - is the used port within the container.

To limit the exposed port to the localhost of the host machine, just add the host loopback address in front of the host part like: 127.0.0.1:. The new command would then be:

podman run -d -p 127.0.0.1:8080:80/tcp docker.io/library/httpd

That’s it.




Most recent Articles:
  • Notice Board 003: Progress is Progress
  • How to: Cisco ISE backup to SFTP repository with public key authentication
  • Dummy IP & MAC Addresses for Documentation & Sanitization
  • Deploying ISSO Commenting System for Static Content using Docker
  • Generate a Vanity v3 Hidden Service Onion Address with mkp224o