Can't access publicly exposed Docker container port from external machine, only from localhost?

I have a Docker container running on my Ubuntu Linux 14.04 machine that exposes a port publicly:

docker run --name spacyapi -d -p 127.0.0.1:7091:7091 jgontrum/spacyapi:en

I can connect and execute commands against the server in the container without problem from the local machine. For example:

  • Docker - failed to connect to running image
  • Mongodb on samba shared directory
  • Cannot seem to install Google Cloud Managed VMs
  • what's the best way to let kubenetes pods communicate with each other?
  • Cannot load c:/php/php5apache2_4.dll into server: The specified module could not be found
  • Docker, redirecting to virtualbox port
  • curl http://localhost:7091/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    

    The command executes faithfully. However, if I try the same CURL command from an external machine I get a “connection refused” error:

    curl http://192.5.169.50:5000/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    curl: (7) Failed to connect to 192.5.169.50 port 7091: Connection refused
    

    Where 192.5.169.50 is the IP address of the box running the Docker container.

    I don’t think I need any iptables rules because I didn’t need to set any up for the Node.JS server running on the same box. All the other computers on my local network can access the Node.JS server just fine. But not the Docker container acting as a server.

    How can I fix this?

  • How can RabbitMQ clusters recognise Docker's container restarts?
  • Unable to run docker image: mountpoint for blkio not found
  • How to give non-root user in Docker container access to a volume mounted on the host
  • Docker-Squash command not working
  • Docker LVM support
  • Multiservice application in Teamcity - composing branches
  • 2 Solutions collect form web for “Can't access publicly exposed Docker container port from external machine, only from localhost?”

    You didn’t publicly publish your port with this flag:

    -p 127.0.0.1:7091:7091
    

    That flag says to publish on the host 127.0.0.1 interface (localhost), port 7091 to the containers port 7091. The only way to reach that port is to be on the host and connect to the loopback interface.

    To publicly publish the port, remove the IP from that flag:

    -p 7091:7091
    

    or explicitly publish to all interfaces with:

    -p 0.0.0.0:7091:7091
    

    The latter format is identical to the first one as long as you haven’t overridden your docker daemon settings with dockerd --ip x.x.x.x or setting the ip value in your /etc/docker/daemon.json file.

    I don’t think the container’s IP is 192.5.169.50. Try doing docker inspect <container-uid> | grep IPAddress to check what the IP of the container is. I believe it should be something like 172.17.0.X.

    Also you could just do docker run -d --network=host <image> which stacks the container on top of the host network.

    Container are just something on top of the host, the host is the one that is actually communicating with the outside.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.