Restrict published port to a specific container with Docker

I have two Docker images :

  • a tomcat image, exposing the port 8080
  • a mysql image, exposing the port 3306

I run two containers using these images, linking mysql with tomcat :

  • what is the most efficient way to maintain a tagged and latest docker image version
  • docker compose with build --pull option
  • Kubernetes Docker OS parameters vs Host OS parameters
  • docker pull manifest unknown blob errors
  • Error using mount command within Dockerfile
  • DNS settings don't work in Docker CE
  • docker run -itd -p 3306:3306 --name mysql mysql
    docker run -itd -p 8080:8080 --link mysql:mysql --name tomcat tomcat
    

    When I do that, tomcat communication with mysql works fine, and my tomcat and mysql containers are available on the server host, respectively on ports 8080 and 3306.

    Now I would like the port 3306 to be closed on the server host and only available for the tomcat container. How can I do that?

  • Error when creating a NGINX reverse proxy on docker and sending a request to website in another container
  • How to run bower install inside a Dockerfile?
  • Mounting user SSH key in container
  • How to export a named docker volume on a Mac?
  • Application templates and instances manager for docker deployment?
  • How do I tag a local docker image with ansible docker_image module?
  • One Solution collect form web for “Restrict published port to a specific container with Docker”

    In that case you can simply skip the -p parameter like:

    docker run -itd --name mysql mysql
    docker run -itd -p 8080:8080 --link mysql:mysql --name tomcat tomcat
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.