Can't access publicly exposed Docker container port from external machine, only from localhost?

I have a Docker container running on my Ubuntu Linux 14.04 machine that exposes a port publicly:

docker run --name spacyapi -d -p 127.0.0.1:7091:7091 jgontrum/spacyapi:en

I can connect and execute commands against the server in the container without problem from the local machine. For example:

  • Error response from daemon: Container f88566c370dd is not running
  • How to substitute variable value in “docker run” command
  • Jenkins Docker Plugin does not seem to be provisioning slave containers for Jenkins builds
  • How do I use Liblas in python in docker without error?
  • Could not launch environment: Application version is unusable and cannot be used with an environment
  • How to create “RegistryAuth” for Private Registry Login Credentials
  • curl http://localhost:7091/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    

    The command executes faithfully. However, if I try the same CURL command from an external machine I get a “connection refused” error:

    curl http://192.5.169.50:5000/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
    curl: (7) Failed to connect to 192.5.169.50 port 7091: Connection refused
    

    Where 192.5.169.50 is the IP address of the box running the Docker container.

    I don’t think I need any iptables rules because I didn’t need to set any up for the Node.JS server running on the same box. All the other computers on my local network can access the Node.JS server just fine. But not the Docker container acting as a server.

    How can I fix this?

  • Post “docker run” commands
  • Setup private docker registry with OAUauthentication (with specific namespace for each user)
  • Docker : How to run grunt-open?
  • Which Tensorflow Docker image to use?
  • Access Token for Dockerhub
  • For every build , how to spin up Jenkins slave container that has a docker host on it
  • 2 Solutions collect form web for “Can't access publicly exposed Docker container port from external machine, only from localhost?”

    You didn’t publicly publish your port with this flag:

    -p 127.0.0.1:7091:7091
    

    That flag says to publish on the host 127.0.0.1 interface (localhost), port 7091 to the containers port 7091. The only way to reach that port is to be on the host and connect to the loopback interface.

    To publicly publish the port, remove the IP from that flag:

    -p 7091:7091
    

    or explicitly publish to all interfaces with:

    -p 0.0.0.0:7091:7091
    

    The latter format is identical to the first one as long as you haven’t overridden your docker daemon settings with dockerd --ip x.x.x.x or setting the ip value in your /etc/docker/daemon.json file.

    I don’t think the container’s IP is 192.5.169.50. Try doing docker inspect <container-uid> | grep IPAddress to check what the IP of the container is. I believe it should be something like 172.17.0.X.

    Also you could just do docker run -d --network=host <image> which stacks the container on top of the host network.

    Container are just something on top of the host, the host is the one that is actually communicating with the outside.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.