How can I expose a Docker container port only to localhost so that it is also accessible via an ssh tunnel?

Hopefully straightforward. I know how to bind to the host only with

-p 127.0.0.1:$HOSTPORT:$CONTAINERPORT

The issue I’m encountering is that doing this preventing me from accessing the mapped host port over an ssh tunnel to the docker host.

  • Change Java “SecureRandom” in Dockerfile
  • Cannot connect to neo4j database on Docker container
  • rolling deployment for docker containers behind load balancer
  • Docker-Compose won't volume my php.ini file
  • Failed to connect to containerd
  • How to get a list of components and related assets out of Nexus3?
  • Is there way to do this without having to block the port upstream from the docker host somewhere?

  • Git to docker export
  • Vagrant+Docker: The container started never left the “stopped” state
  • Dockerized Kibana externalizing logs
  • Set locale in Docker container
  • X11 fowarding from Windows into Docker
  • Docker image/container not updating
  • One Solution collect form web for “How can I expose a Docker container port only to localhost so that it is also accessible via an ssh tunnel?”

    Just make the target of your ssh tunnel localhost or 127.0.0.1.

    ssh -L local-port:127.0.0.1:container-port docker-host
    

    Would forward your local-port to localhost:container-port on docker-host. No need to expose the container port to the external network.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.