I'm not sure if I've misunderstood something here, but it seems like it's only possible to set port mappings by creating a new container from an image. Is there a way to assign a port mapping to an existing Docker container?
How do I assign a port mapping to an existing Docker container?
Asked Answered
Using iptables may work like this answer Exposing a Port on a Live Docker Container –
Jannery
I suspect this is by design. Docker is trying to force you to be "repeatable" and the container is a type of "system of record." Anything you do as step that doesn't affect the container would be an easily lost manual step. Said another way: You want your container to represent all the configuration that's necessary to operate. So if you want to open a new port, then you need to create a new container. –
Champignon
Old question and I'm not answering it, but I would like to say that maybe you and people upovting this question and answers may have completely misunderstood the concept of docker. Docker are for stateless application, that can scale up or down many times. You should never persist something inside the container for a production enviroment that can't be recreated, if you need to persist, map the directories. Docker is not something like a "light vm", maybe what you are looking for is linuxcontainers.org, lxd is based on docker concept but with a "light vm" in mind. –
Euripus
just in case this might help, it is possible to use the "Kitematic" tool to add port mapping to already running containers. This should imply that there must be docker command to do exactly the same thing but with a little googling :) Good luck –
Batson
You can change the port mapping by directly editing the hostconfig.json file at
/var/lib/docker/containers/[hash_of_the_container]/hostconfig.json or /var/snap/docker/common/var-lib-docker/containers/[hash_of_the_container]/hostconfig.json if you installed Docker as a snap.
You can determine the [hash_of_the_container] via the docker inspect <container_name> command and the value of the "Id" field is the hash.
- Stop the container (
docker stop <container_name>). - Stop docker service (per Tacsiazuma's comment)
- Change the file.
- Restart your docker engine (to flush/clear config caches).
- Start the container (
docker start <container_name>).
So you don't need to create an image with this approach. You can also change the restart flag here.
P.S. You may visit https://docs.docker.com/engine/admin/ to learn how to correctly restart your docker engine as per your host machine. I used sudo systemctl restart docker to restart my docker engine that is running on Ubuntu 16.04.
Perfect... There was no need to create an image with this approach –
Propound
When docker stops, it seem to overwrite your changes, so 2. stop docker, 3. change file, 4. start docker engine –
Lookin
I have tried the above and it works. For more details see: mybrainimage.wordpress.com/2017/02/05/… –
Incorrigible
It's important to stop container, stop docker engine and change both
hostconfig.json and config.v2.json to make this work. Use link provided by @Incorrigible to see the details. –
Celery Important to remember to restart the docker engine with (service docker restart) after changing the hostconfig.json file, otherwise the file will revert back. –
Melesa
Yes
service docker stop before making any changes to the hostconfig.json file. It kept getting overwritten until I stopped everything first. –
Allynallys this should be the accepted answer. Damn, so docker is caching the config and overwrites it through that cache.. –
Gingili
worked for me, just one thing if using docker app on mac, follow instructions here to get to /var/lib/docker/containers folder: https://mcmap.net/q/55463/-where-is-var-lib-docker-on-mac-os-x, basically run
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty Once you get the tty running you can navigate to /var/lib/docker –
Bartholemy Great! The workflow should be: - Stop containers - Stop Docker - Modify hostconfig.json - Start Docker - Start container I didn't have to modify the config.v2.json file. –
Stickpin
for windows, can any one please share me the location of conatiners folder.? –
Kela
if the port was not exported from the machine you have also to add it to the
config.v2.json file, the syntax is like "ExposedPorts":{"8080/tcp":{}}, usually after AttachStderr –
Synonym Docker Desktop no longer has these config files. –
Slier
@Kela Why not use linux when docker is better working on it? –
Tessin
Id of the container is different than directory name. Look at https://mcmap.net/q/54005/-how-do-i-assign-a-port-mapping-to-an-existing-docker-container –
Chishima
On a separate note, this is also a great way to add mounts to an existing container. –
Snorkel
@Vijay, docker files location on Windows under WSL2: #65546608 –
Cremate
I think that the answer is missing the syntax of port forwarding, in hostconfig.json add configuration as these
"PortBindings": {"3306/tcp": [{"HostIp": "","HostPort": "3306"}]}, –
Toehold I could add a new port binding but I couldn't change an existing bounded port! –
Kwiatkowski
@Kela For me, Windows Server had docker container config files here:
C:\ProgramData\docker\containers. I had to shutdown the entire docker service, save changes, and then start the docker service, otherwise docker would revert my changes. (I made my change to both hostconfig.json and config.v2.json but I don't know if that's necessary.) –
Beaux Thank you for your suggestions. I wrote a python script to automate this process. github.com/yixinNB/container-cli –
Burghley
I'm also interested in this problem.
As @Thasmo mentioned, port forwardings can be specified ONLY with docker run (and docker create) command.
Other commands, docker start does not have -p option and docker port only displays current forwardings.
To add port forwardings, I always follow these steps,
stop running container
docker stop test01commit the container
docker commit test01 test02NOTE: The above,
test02is a new image that I'm constructing from thetest01container.re-run from the commited image
docker run -p 8080:8080 -td test02
Where the first 8080 is the local port and the second 8080 is the container port.
What if I want to keep the test01 name? –
Malva
@Malva - as was described in Luca's answer - https://mcmap.net/q/54005/-how-do-i-assign-a-port-mapping-to-an-existing-docker-container you can keep the existing of a container by creating an image of it, deleting the current container,
test01, and then recreate it using the previously saved image. –
Optometrist Anyone know if there is an open issue with Docker to allow port specification (--publish) with
docker start? –
Berte And what happens with the volumes in this scenario? –
Refutative
@AndrewSavinykh the volumes will not be transferred to the new container. However, you can link them manually:
docker inspect test01 and search for the mounts section, where you will find your volumes, that were mounted. You can then mount them in the run command: docker run -p 8080:8080 -v 401959be5b03e750500a543e858dc021a5b98c96d10c7c595e4b100edca513d0:/data/db -td test02 –
Internist This is a terrible solution, I have no idea how it managed to earn 250 upvotes. Maybe those how upvoted didn't know what kind of mess this solution causes. Yes, it's terrible, and it is equal to starting a new container running on a different port. –
Prohibitive
@Arrrr Perhaps you'd like to leave a better answer? I'm sure we'd all appreciate if you told us the much better way to do this. –
Elodiaelodie
@Arrrr This answer is useful when you have a heavy container that takes a long time to get in that state, then you realize that you need to open some ports.... –
Whipstall
@Arrrr - this may indeed not be a general 'best practice'. As a tactical work round, for a persistent Linux container on Windows with clashing ports, which is what I'm using it for, it's pretty much the only way to move my work forward. –
Thyrotoxicosis
This is NOT a solution. You will lose the contents of the container. –
Vaccinate
@Vaccinate how ? –
Pinette
@Vaccinate the files were persisted for me when I tried this -- what exactly are you referring to? –
Stubble
Can I commit new docker image not stopping existing image? –
Infallibilism
I did this with jenkins and I had to redo everything, ahaha this only ports the configuration of the container but not the content, good thing I did not delete my container yet ahaha –
Nippur
"and the second 8080 is the container port" it's a precious info! :) thanks –
Quartis
This actually makes you loose content of your container, terrible solution –
Highland
Persisting contents of a container should be made by using volumes. –
Mersey
This is such a great workaround, thank you! :) –
Clambake
You can change the port mapping by directly editing the hostconfig.json file at
/var/lib/docker/containers/[hash_of_the_container]/hostconfig.json or /var/snap/docker/common/var-lib-docker/containers/[hash_of_the_container]/hostconfig.json if you installed Docker as a snap.
You can determine the [hash_of_the_container] via the docker inspect <container_name> command and the value of the "Id" field is the hash.
- Stop the container (
docker stop <container_name>). - Stop docker service (per Tacsiazuma's comment)
- Change the file.
- Restart your docker engine (to flush/clear config caches).
- Start the container (
docker start <container_name>).
So you don't need to create an image with this approach. You can also change the restart flag here.
P.S. You may visit https://docs.docker.com/engine/admin/ to learn how to correctly restart your docker engine as per your host machine. I used sudo systemctl restart docker to restart my docker engine that is running on Ubuntu 16.04.
Perfect... There was no need to create an image with this approach –
Propound
When docker stops, it seem to overwrite your changes, so 2. stop docker, 3. change file, 4. start docker engine –
Lookin
I have tried the above and it works. For more details see: mybrainimage.wordpress.com/2017/02/05/… –
Incorrigible
It's important to stop container, stop docker engine and change both
hostconfig.json and config.v2.json to make this work. Use link provided by @Incorrigible to see the details. –
Celery Important to remember to restart the docker engine with (service docker restart) after changing the hostconfig.json file, otherwise the file will revert back. –
Melesa
Yes
service docker stop before making any changes to the hostconfig.json file. It kept getting overwritten until I stopped everything first. –
Allynallys this should be the accepted answer. Damn, so docker is caching the config and overwrites it through that cache.. –
Gingili
worked for me, just one thing if using docker app on mac, follow instructions here to get to /var/lib/docker/containers folder: https://mcmap.net/q/55463/-where-is-var-lib-docker-on-mac-os-x, basically run
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty Once you get the tty running you can navigate to /var/lib/docker –
Bartholemy Great! The workflow should be: - Stop containers - Stop Docker - Modify hostconfig.json - Start Docker - Start container I didn't have to modify the config.v2.json file. –
Stickpin
for windows, can any one please share me the location of conatiners folder.? –
Kela
if the port was not exported from the machine you have also to add it to the
config.v2.json file, the syntax is like "ExposedPorts":{"8080/tcp":{}}, usually after AttachStderr –
Synonym Docker Desktop no longer has these config files. –
Slier
@Kela Why not use linux when docker is better working on it? –
Tessin
Id of the container is different than directory name. Look at https://mcmap.net/q/54005/-how-do-i-assign-a-port-mapping-to-an-existing-docker-container –
Chishima
On a separate note, this is also a great way to add mounts to an existing container. –
Snorkel
@Vijay, docker files location on Windows under WSL2: #65546608 –
Cremate
I think that the answer is missing the syntax of port forwarding, in hostconfig.json add configuration as these
"PortBindings": {"3306/tcp": [{"HostIp": "","HostPort": "3306"}]}, –
Toehold I could add a new port binding but I couldn't change an existing bounded port! –
Kwiatkowski
@Kela For me, Windows Server had docker container config files here:
C:\ProgramData\docker\containers. I had to shutdown the entire docker service, save changes, and then start the docker service, otherwise docker would revert my changes. (I made my change to both hostconfig.json and config.v2.json but I don't know if that's necessary.) –
Beaux Thank you for your suggestions. I wrote a python script to automate this process. github.com/yixinNB/container-cli –
Burghley
If by "existing" you mean "running", then it's not (currently) possible to add a port mapping.
You can, however, dynamically add a new network interface with e.g. Pipework, if you need to expose a service in a running container without stopping/restarting it.
This should be the top answer. Succinct and it addresses OP's question which none of the others do! Sometimes a negative result is a result! –
Cobnut
Editing hostconfig.json seems to not working now. It only ends with that port being exposed but not published to host. Commiting and recreating containers is not the best approach to me. No one mentioned docker network?
The best solution would be using reversed proxy within the same network
Create a new network if your previous container not in any named ones.
docker network create my_networkJoin your existing container to the created network
docker network connect my_network my_existing_containerStart a reversed proxy service(e.g. nginx) publishing the ports you need, joining the same network
docker run -d --name nginx --network my_network -p 9000:9000 nginxOptionally remove the default.conf in nginx
docker exec nginx rm /etc/nginx/conf.d/default.confCreate a new nginx config
server { listen 9000; location / { proxy_pass http://my_existing_container:9000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }Copy the config to nginx container.
docker cp ./my_conf.conf nginx:/etc/nginx/conf.d/my_conf.confRestart nginx
docker restart nginx
Advantages: To publish new ports, you can safely stop/update/recreate nginx container as you wish without touching the business container. If you need zero down time for nginx, it is possible to add more reversed proxy services joining the same network. Besides, a container can join more than one network.
Edit:
To reverse proxy non-http services, the config file is a bit different. Here is a simple example:
upstream my_service {
server my_existing_container:9000;
}
server {
listen 9000;
proxy_pass my_service;
}
It's amazing and practical, but for enterprise systems this approach seems to be obfuscating. It's much more better to let a single system controls the workflow. –
Rosiarosicrucian
@Rosiarosicrucian Well for enterprise systems or projects, I think this solution is better than recreating(causes down time) or hacking hostconfig.json file(at least not officially introduced). The extra container just exposes your business container's internal port, rather than makeing any changes to it. –
Sedative
Awesome approach. I needed to configure nginx differently for my container to work behind a proxy, but seems like the correct way to do things. Works for blue-green deployment too. –
Telles
Nice approach! I think using TCP proxy like
socat could be even easier. –
Oresund I like
reproxy because it's easier to configure: docker create -p EXTERNAL_PORT:8080 --name reproxy_container --network NETWORK_NAME umputun/reproxy --static.enabled --static.rule=*,^/(.*),http://ORIGINAL_CONTAINER:INTERNAL_PORT/$1 –
Botsford @Botsford looks nice, and quite clear. umputun/reproxy github site is also quite informative. but it seems it works only for http(s), while
nginx from the answer covers a bit more cases. nevertheless, reproxy seems a nice addition to the toolset –
Precatory If you are not comfortable with Docker depth configuration, iptables would be your friend.
iptables -t nat -A DOCKER -p tcp --dport ${YOURPORT} -j DNAT --to-destination ${CONTAINERIP}:${YOURPORT}
iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp --source ${CONTAINERIP} --destination ${CONTAINERIP} --dport ${YOURPORT}
iptables -A DOCKER -j ACCEPT -p tcp --destination ${CONTAINERIP} --dport ${YOURPORT}
This is just a trick, not a recommended way. This works with my scenario because I could not stop the container.
Note: you can use the -D flag to remove/revert/delete a rule from iptables; which will be necessary if you ever remove the container and wish to use the port.
this is a great answer ! Thank you! If I want to map
DOCKER_PORT to MACHINE_PORT, which parts should be changed ? –
Chuckchuckfull Note docker wil not know about this manual addition. SO entries are not removed when you later restart the service with the docker exposing the ports properly. So when anything changes, be sure to check iptables very carefully. Especially look for duplicate entries! –
Collencollenchyma
Great answer. Don't forget to make changes in the host file of the computer accessing the docker from the local network for the needed application. –
Groark
do I have to run all three commands or just one? –
Herbert
It would be nice to share a way to remove these as well. –
Congest
In Fujimoto Youichi's example test01 is a container, whereas test02 is an image.
Before doing docker run you can remove the original container and then assign the container the same name again:
$ docker stop container01
$ docker commit container01 image01
$ docker rm container01
$ docker run -d -P --name container01 image01
(Using -P to expose ports to random ports rather than manually assigning).
Please be aware. you will LOSE all of your data, depending on the application inside. –
Carmelo
@Carmelo - in what case? This commits the container to an image, which saves all your data in the container to an image. Any volumes or mounts the original container used will of course still be there, since they're separate from containers and images. So I don't follow. –
Marucci
I tried this. and it removes all my databases successfully :/ –
Secant
Data can be stored on a volume.. Try inspecting the container for volumes
docker inspect container01 before removing, keep the volume name and mount it when running a new container –
Donnell @Marucci "Any volumes or mounts the original container used will of course still be there, since they're separate from containers and images." - You're very close to following: yes, data in a volume or mount will be fine. But if data is not in a volume or mount, it will be lost - and data is not always in volumes or mounts, thus data will sometimes be lost. –
Edifice
@Edifice No, any data in
container01 not in a volume or mount or the original image, will be saved in image01. Thus the confusion. I guess the data may be lost, in the general sense of losing your keys somewhere in a room, but not lost forever. You just have to know a bit about docker to find it. –
Marucci If you run docker run <NAME> it will spawn a new image, which most likely isn't what you want.
If you want to change a current image do the following:
docker ps -a
Take the id of your target container and go to:
cd /var/lib/docker/containers/<conainerID><and then some:)>
Stop the container:
docker stop <NAME>
Change the files
vi config.v2.json
"Config": {
....
"ExposedPorts": {
"80/tcp": {},
"8888/tcp": {}
},
....
},
"NetworkSettings": {
....
"Ports": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
],
And change file
vi hostconfig.json
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "80"
}
],
"8888/tcp": [
{
"HostIp": "",
"HostPort": "8888"
}
]
}
Restart your docker and it should work.
This did not work for me on Docker version 17.09.0-ce. After I started the container config files got overwritten back to old values. –
Metalwork
restart docker service in host system @Metalwork –
Youth
this works! tks! 1.stop container, 2.change files, 3.restart docker, 4.start back container –
Pereira
Worked perfectly for me. Appreciate you went straight to the files examples. Couldn't been able to do it without you. –
Choong
Docker files location on Windows under WSL2: #65546608 –
Cremate
Not sure if you can apply port mapping a running container. You can apply port forwarding while running a container which is different than creating a new container.
$ docker run -p <public_port>:<private_port> -d <image>
will start running container. This tutorial explains port redirection.
Ye, so it seems it's only possible to set options like port mapping at container creation. –
Tights
FYI this answer isn't entirely correct.
docker run creates and starts a new container. It's equivalent to doing docker create followed by docker start. –
Nephritic To change HostPort of a container on Docker Desktop (on Windows 10 / MacOS)
# list all containers
$ docker ps -a
$ docker stop docker101tutorial
# Use grep to get id of container
$ docker inspect docker101tutorial | grep -i id
"Id": "sha256:fff0a4b22d6f3d2eb8d2748b8a8bbc9967ea87199988acee8e86ac70bce9c3eb",
# run plain ubuntu docker image with shell and change it's namespace to docker host
# https://mcmap.net/q/55465/-how-to-access-var-lib-docker-in-windows-10-docker-desktop/60411313#60411313
# https://forums.docker.com/t/the-location-of-images-in-docker-for-windows/19647/4
$ docker run -it --privileged --pid=host ubuntu nsenter -t 1 -m -u -i sh
# We want to find out the directory of docker101tutorial container. We are looking for:
# `"Image":"sha256:fff0a4b22d6f3d2eb8d2748b8a8bbc9967ea87199988acee8e86ac70bce9c3eb"`
# in /var/lib/docker/containers/*/config.v2.json
$ find /var/lib/docker/containers/ -name config.v2.json -exec grep -H fff0a4b22d {} \;
/var/lib/docker/containers/c1eda20b30f058bce9f8ece3b47a21641df5b399770e12ab57416a954d3c8bbf/config.v2.json
# edit it
$ vi /var/lib/docker/containers/c1eda20b30f058bce9f8ece3b47a21641df5b399770e12ab57416a954d3c8bbf/hostconfig.json
- Press
ifor insert mode. - Change
"HostPort":"80"to"HostPort":"8092" - Press
Escapeand write:wq. PressEnter. - Do not start/stop
docker101tutorialnow. Otherwise changes toHostPortwill be reverted. - Right click Docker Desktop tray icon and click Restart.
- In Docker Desktop's list of containers, look at your container. Displayed port should change to
8092. - Start your container. Now it will be mapped to port
8092on host.
Based on @holdfenytolvaj answer.
This worked, I was trying to create a postgres service on WIndows 10, I had created the container with -p port publish, but for some strange reason it did not publish the port 5432. This worked. Any idea why this is happening? FYI - in the host file I added this to work "PortBindings":{"5432/tcp":[{"HostIp":"","HostPort":"5432"}] –
Freestyle
For some reason, grep on the latest Ubuntu does not recognize
--include option but it's possible to use the find command to do the same: find /var/lib/docker/containers/ -name config.v2.json -exec grep -H f7828c0aa {} \; –
Foolery How to start this debian container later? Can't start back in command line –
Vestibule
My two cents on this: on Windows 10 Home Edition I just tried to do this many times, and the port was simply never forwarded by Docker Desktop. I ended up installing an SSH server on Windows (the Cygwin SSH server in this case) and opening a reverse forwarding tunnel as mentioned on melchi's answer. Protip: on Windows you can open cmd.exe and use your workstation's WSL IP address (you can find it on Task Manager under the Ethernet labeled as "vEthernet (WSL)") as destination of your SSH from the container. –
Magalymagan
we an use handy tools like ssh to accomplish this easily.
I was using ubuntu host and ubuntu based docker image.
- Inside docker have openssh-client installed.
- Outside docker (host) have openssh-server server installed.
when a new port is needed to be mapped out,
inside the docker run the following command
ssh -R8888:localhost:8888 <username>@172.17.0.1
172.17.0.1 was the ip of the docker interface
(you can get this by running
ifconfig docker0 | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" " on the host).
here I had local 8888 port mapped back to the hosts 8888. you can change the port as needed.
if you need one more port, you can kill the ssh and add one more line of -R to it with the new port.
I have tested this with netcat.
Thank you for this suggestion, I ended up resorting to it after failing to connect to a Gitlab container on Docker Desktop for Windows 10 no matter what I did. –
Magalymagan
PORTAINER METHOD
If anyone is using portainer, I found this solution to be "Gui friendly and safe"
- Go to the container in Portainer
- Stop the container
- Select "Duplicate/Edit"
![enter image description here]()
- Add the needed ports and deploy.
- When asked if replace or cancel, select replace.
![List item]()
- Enjoy life
This method is used in the following YouTube video explaining vpn binding with docker (uses portainer) youtube.com/watch?v=vUyHGF1HMsw –
Congest
- Stop the docker engine and that container.
- Go to
/var/lib/docker/containers/${container_id}directory and edithostconfig.json - Edit
PortBindings.HostPortthat you want the change. - Start docker engine and container.
I had this situation with my container:
127.0.0.1:8050->8000
And I solved it with one iptalbes rule:
iptables -t nat -I DOCKER 1 -p tcp --dport ${HOST_PORT} -j DNAT --to-destination ${CONTAINER_IP}:${CONTAINER_PORT}
In this example HOST_PORT is 8050 and CONTAINER_PORT is 8000. To find CONTAINER_IP use docker inspect command.
To remove the iptables rule use this command:
iptables -t nat -D DOCKER 1
For Windows & Mac Users, there is another pretty easy and friendly way to change the mapping port:
download kitematic
go to the settings page of the container, on the ports tab, you can directly modify the published port there.
start the container again
I tried this approach. Kinematic applied the port mappings, indeed. Howeverto apply them, it re-created my container from the original image. So if you are afraid of loosing the changes made in the container itself, do not use this method. –
Rationalism
I preferred this, I get that it doesn't answer the question, and it creates a new container. But at least it works, and this SO result showed up during my search. +1 –
Coronation
How do I assign a port mapping to an existing Docker container ?
It's very Simple. There is two thing one is local server PORT like 800,8080 etc. on your machine and the second one is your container PORT which you want to map. Docker Port mapping
docker run -p 8080:8080 <Image ID>
To get Image Id you can use
docker ps
This does not answer the question since OP was asking whether an existing container could be re-assigned a new port. Using
run creates a new container. –
Salado © 2022 - 2024 — McMap. All rights reserved.