How to use Docker container to access host network

Recently, a system was deployed, using nginx as a reverse proxy, where nginx is run in docker:

$ docker run -d --name nginx $PWD:/etc/nginx -p 80:80 -p 443:443 nginx:1.15

The API service that needs to be proxied runs on port 1234 of the host machine. The relevant configuration of nginx.conf is as follows:

server {
 ...

 location /api {
  proxy_pass http://localhost:1234
 }
 ...
}

As a result, when I accessed it, I found that it always reported a 502 Bad Gateway error, and the error log showed that it could not connect to the upstream.

Come to think of it, there seems to be something wrong with localhost in nginx.conf. Since nginx is running in a docker container, this localhost is the localhost of the container, not the localhost of the host.

At this point, the problem that this article aims to solve arises: How to access the host network from the container? There are several ways to search the Internet:

Use host IP

When installing Docker, a virtual gateway docker0 will be installed on the host. We can use the IP address of the host on docker0 instead of localhost.

First, use the following command to query the host IP address:

$ ip addr show docker0
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
  link/ether 02:42:d5:4c:f2:1e brd ff:ff:ff:ff:ff:ff
  inet 172.17.0.1/16 scope global docker0
    valid_lft forever preferred_lft forever
  inet6 fe80::42:d5ff:fe4c:f21e/64 scope link
    valid_lft forever preferred_lft forever

It can be found that the host machine's IP is 172.17.0.1, so changing proxy_pass http://localhost:1234 to proxy_pass http://172.17.0.1:1234 can solve the 502 Bad Gateway error.

However, the host machine's IP address is different in different systems. For example, it is usually 172.17.0.1 in Linux and 192.168.65.1 in macOS. This IP address can also be changed. Therefore, using IP to configure nginx.conf cannot be used across environments.

Using host network

When the Docker container is running, there are three types of networks available for configuration: host, bridge, and none. The default is bridge, which means bridge network, connected to the host in bridge mode; host is the host network, which means sharing the network with the host; none means no network, and the container will not be able to connect to the Internet.

When the container uses the host network, the container and the host share the network, so that the host network can be accessed in the container, and the localhost of the container is the localhost of the host.

Use --network host in docker to configure the host network for the container:

$ docker run -d --name nginx --network host nginx

In the above command, there is no need to use -p 80:80 -p 443:443 to map ports as before, because the container shares the network with the host, and the exposed ports in the container are equivalent to the exposed ports on the host.

Using the host network does not require modifying nginx.conf, and localhost can still be used, so it is more versatile than the previous method. However, since the host network is not as isolated as the bridge network, the security of using the host network is not as high as that of the bridge.

Summarize

This article proposes two methods: using the host IP and using the host network to access the host network from the container. Both methods have their own advantages and disadvantages. Using the host IP has better isolation, but poor versatility; using the host network has good versatility, but brings the risk of exposing the host network.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.