Can't access publicly exposed Docker container port from external machine, only from localhost?

I have a Docker container running on my Ubuntu Linux 14.04 machine that exposes a port publicly:

docker run --name spacyapi -d -p 127.0.0.1:7091:7091 jgontrum/spacyapi:en

I can connect and execute commands against the server in the container without problem from the local machine. For example:

  • Pod “mysql” is forbidden: no API token found for service account default/default
  • Load generation for a Docker registry
  • Docker Linking in C# - What is best way to discover Environmental Variables Injected Through Linking
  • Running Asterisk and it's mysql database in different docker containers
  • Docker cloud builtin load balancing
  • Docker: change folder where to store docker volumes
  • curl http://localhost:7091/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    

    The command executes faithfully. However, if I try the same CURL command from an external machine I get a “connection refused” error:

    curl http://192.5.169.50:5000/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    curl: (7) Failed to connect to 192.5.169.50 port 7091: Connection refused
    

    Where 192.5.169.50 is the IP address of the box running the Docker container.

    I don’t think I need any iptables rules because I didn’t need to set any up for the Node.JS server running on the same box. All the other computers on my local network can access the Node.JS server just fine. But not the Docker container acting as a server.

    How can I fix this?

  • Can Kubernetes be used like Docker Compose?
  • How to pull signed docker images using dockerode NodeJS API
  • How to check the configuration of an app deployed on docker container
  • Docker terminology confusion
  • docker unit test setup
  • Python psycopg2 - Work with large data
  • 2 Solutions collect form web for “Can't access publicly exposed Docker container port from external machine, only from localhost?”

    You didn’t publicly publish your port with this flag:

    -p 127.0.0.1:7091:7091
    

    That flag says to publish on the host 127.0.0.1 interface (localhost), port 7091 to the containers port 7091. The only way to reach that port is to be on the host and connect to the loopback interface.

    To publicly publish the port, remove the IP from that flag:

    -p 7091:7091
    

    or explicitly publish to all interfaces with:

    -p 0.0.0.0:7091:7091
    

    The latter format is identical to the first one as long as you haven’t overridden your docker daemon settings with dockerd --ip x.x.x.x or setting the ip value in your /etc/docker/daemon.json file.

    I don’t think the container’s IP is 192.5.169.50. Try doing docker inspect <container-uid> | grep IPAddress to check what the IP of the container is. I believe it should be something like 172.17.0.X.

    Also you could just do docker run -d --network=host <image> which stacks the container on top of the host network.

    Container are just something on top of the host, the host is the one that is actually communicating with the outside.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.