Restrict published port to a specific container with Docker

I have two Docker images :

  • a tomcat image, exposing the port 8080
  • a mysql image, exposing the port 3306

I run two containers using these images, linking mysql with tomcat :

  • How to build a cassandra cluster with docker on a windows machine?
  • Docker build “Could not resolve 'archive.ubuntu.com'” apt-get fails to install anything
  • How do you run `apt-get` in a dockerfile behind a proxy?
  • Dokku server hosts two sites with TLD's, both domains are landing on only one app
  • Socket connection into Docker initially succeeds then fails
  • MySQL is using way more memory that it is configured to within a Docker container
  • docker run -itd -p 3306:3306 --name mysql mysql
    docker run -itd -p 8080:8080 --link mysql:mysql --name tomcat tomcat
    

    When I do that, tomcat communication with mysql works fine, and my tomcat and mysql containers are available on the server host, respectively on ports 8080 and 3306.

    Now I would like the port 3306 to be closed on the server host and only available for the tomcat container. How can I do that?

  • New device node created on host does not get reflected in Docker container when using --device flag
  • Using git clone in a Dockerfile Produces empty working directory
  • Auth0 OWIN API not validating JWT token when published via Docker Container on AWS EC2
  • Jenkins on GCE not building
  • How to run bash function in Dockerfile
  • What are the possibilities to debug a docker swarm?
  • One Solution collect form web for “Restrict published port to a specific container with Docker”

    In that case you can simply skip the -p parameter like:

    docker run -itd --name mysql mysql
    docker run -itd -p 8080:8080 --link mysql:mysql --name tomcat tomcat
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.