How can I expose a Docker container port only to localhost so that it is also accessible via an ssh tunnel?

Hopefully straightforward. I know how to bind to the host only with

-p 127.0.0.1:$HOSTPORT:$CONTAINERPORT

The issue I’m encountering is that doing this preventing me from accessing the mapped host port over an ssh tunnel to the docker host.

  • Understanding Dockerfile CMD/ENTRYPOINT
  • is there a way to obtain ip of linked container using link alias?
  • Docker consumer on AWS while using RabbitMQ
  • How can I edit my image tags on docker hub?
  • Guide to Kubernetes Manifests: Good Resources/Docker Run options
  • is it possible to run shell script and then node app.js inside docker container
  • Is there way to do this without having to block the port upstream from the docker host somewhere?

  • External endpoint of Kubernetes dashboard
  • How to setup dinghy for docker on Ubuntu 16.04?
  • Map ports so you can access docker running apps from OSX host
  • fuser returns Cannot Permission denied
  • Unable to make JMX connection remotely when application running under docker
  • Sharing a configuration file to multiple docker containers
  • One Solution collect form web for “How can I expose a Docker container port only to localhost so that it is also accessible via an ssh tunnel?”

    Just make the target of your ssh tunnel localhost or 127.0.0.1.

    ssh -L local-port:127.0.0.1:container-port docker-host
    

    Would forward your local-port to localhost:container-port on docker-host. No need to expose the container port to the external network.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.