Podman / Docker - expose port only to the localhost of the host machine
There are good reasons to expose a port of a docker container only to the localhost of the host machine. Security reasons or the use of a reverse proxy are only 2 of them (please don't ask for more). And it is fairly easy.
It is a simple modification to the argument of the -p flag while when running podman run:
podman run -d -p 8080:80/tcp docker.io/library/httpd
From the manual:
-p, --publish strings Publish a container's port, or a range of ports, to the host (default [])
This is a quick example which sets up a web server. The first part before the colon - in this case 8080 - is the exposed port on the host machine, on which the container would be reachable. The second part after the colon - 80/tcp - is the used port within the container.
To limit the exposed port to the localhost of the host machine, just add the host loopback address in front of the host part like: 127.0.0.1:. The new command would then be:
podman run -d -p 127.0.0.1:8080:80/tcp docker.io/library/httpd
That's it.
E-Mail
hello@ittavern.com
More reading:
- 04.02.2024 Adding a trash can to Linux with trash-cli
- 20.01.2024 Bandwidth Measurement using netcat on Linux
- 14.01.2024 Getting started with rsync - Comprehensive Guide
- 10.01.2024 Cron Jobs on Linux - Comprehensive Guide with Examples
- 22.11.2023 SSH Server Hardening Guide v2