• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle


  • You’re not exposing anything unless your router/firewall explicitly allows it.

    0.0.0.0 just means “all addresses on this host”. So binding to 0.0.0.0:80 means “listen on every IP address, TCP port 80”

    So say you have a Linux box, and it has 4 network interfaces: 127.0.0.1 (localhost), 192.168.1.101 (main local network), 192.168.1.201 (second local network), and 172.16.10.1 (docker network).

    If you run a service on the Linux box, and specify that it listens on 0.0.0.0:80, that service will bind to all of those addresses, and be accessible via 127.0.0.1:80, both 192 addresses, and the docker network address.

    Now, if you run that same configuration in a docker container without the “-p host:container”, it will bind to the address given it in the docker network and only that address.

    If you run that same container with the -p host:container, it will bind to and listen on all network addresses.

    I hope that’s understandable, I’m kinda out of it today so I hope I’m not too incoherent!