Skip to content

docs: Add documentation for IP:HOST_PORT:CONTAINER_PORT syntax #22511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs: Add documentation for IP:HOST_PORT:CONTAINER_PORT syntax #22511

wants to merge 2 commits into from

Conversation

Antraxmin
Copy link

@Antraxmin Antraxmin commented Apr 29, 2025
edited
Loading

Add explanation and examples for binding ports to specific network interfaces using the extended syntax. This addresses issue #22253.

Description

Added documentation for the extended port publishing syntax IP:HOST_PORT:CONTAINER_PORT, which was missing from the current documentation. This change improves the "Publishing and exposing ports" page by explaining how to bind container ports to specific network interfaces on the host machine.

The additions include:

  • Clear explanation of the extended syntax format
  • Step-by-step examples with CLI commands and expected output
  • Common use cases highlighting security benefits
  • Docker Compose examples showing practical application
  • Added relevant networking resources in the Additional Resources section

This documentation helps users understand how to restrict container access to specific network interfaces, which is especially important for securing sensitive services like databases.

Related issues or tickets

Fixes #22253

Reviews

  • Technical review
  • Editorial review
  • Product review

@Antraxmin
docs: Add documentation for IP:HOST_PORT:CONTAINER_PORT syntax
91abbc3 
Add explanation and examples for binding ports to specific network interfaces using the extended syntax. This addresses issue docker#22253.
@github-actions github-actions bot added the area/get-started Relates to get started and onboarding docs label Apr 29, 2025
@netlify Netlify
Copy link

netlify bot commented Apr 29, 2025
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 8ad69cc
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/6810c56a2456520008b45eeb
😎 Deploy Preview https://deploy-preview-22511--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@robmry
Copy link
Contributor

robmry commented Apr 29, 2025

Hi @Antraxmin - thank you for working on this, it looks good.

As @akerouanton noted on the issue, a wider review of the port publishing documentation is needed. It's got quite complicated, and the documentation is incomplete and split between a few places. But, that shouldn't stop us from making this incremental improvement first.

In the meantime though ...

I think it'd be good to add a link from this new section to https://docs.docker.com/engine/network/packet-filtering-firewalls/#setting-the-default-bind-address-for-containers - it partially describes config param host_binding_ipv4 (which also works for IPv6 addresses!), and can be used to change the default from 0.0.0.0.

The "Important" note just above this new section hints at what's described in this new text, and links to another page with some of the same description - which might be confusing. Perhaps change change its last sentence to "See [Binding to specific network interfaces] below, and [learn more about published ports here]."?

@Antraxmin
Copy link
Author

Antraxmin commented Apr 29, 2025
edited
Loading

Hi @Antraxmin - thank you for working on this, it looks good.

As @akerouanton noted on the issue, a wider review of the port publishing documentation is needed. It's got quite complicated, and the documentation is incomplete and split between a few places. But, that shouldn't stop us from making this incremental improvement first.

In the meantime though ...

I think it'd be good to add a link from this new section to https://docs.docker.com/engine/network/packet-filtering-firewalls/#setting-the-default-bind-address-for-containers - it partially describes config param host_binding_ipv4 (which also works for IPv6 addresses!), and can be used to change the default from 0.0.0.0.

The "Important" note just above this new section hints at what's described in this new text, and links to another page with some of the same description - which might be confusing. Perhaps change change its last sentence to "See [Binding to specific network interfaces] below, and [learn more about published ports here]."?

Hi @robmry , thank you for your review and suggestions!
I'm happy to make those changes:

  • Add a link to the packet filtering documentation in the "Binding to specific network interfaces" section to reference the host_binding_ipv4 configuration parameter.
  • Update the "Important" note to reference the new section and create a clearer connection between the content.

I completely understand this is just an incremental improvement while a more comprehensive review of port publishing documentation is pending. I hope this small addition helps users in the meantime.

If there's anything I misunderstood, please let me know. If there's no particular problem, I'll work on it in more detail!

@robmry
Copy link
Contributor

robmry commented Apr 29, 2025

Thank you @Antraxmin - that sounds great, much appreciated.

@Antraxmin
Copy link
Author

Antraxmin commented Apr 29, 2025
edited
Loading

@robmry

I've updated the PR with the requested changes: 8ad69cc

  1. Updated the "Important" note to reference the new section on binding to specific network interfaces, improving the connection between related content
  2. Added information about the host_binding_ipv4 configuration parameter with a link to the documentation about setting the default bind address

These changes should help users better understand the options available for controlling which network interfaces their container ports are bound to.

Let me know if any further adjustments are needed!

robmry
robmry approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@robmry robmry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thank you!

@Antraxmin Antraxmin requested a review from robmry April 30, 2025 10:21
@Antraxmin
Copy link
Author

@robmry Oops, you already approved this PR, but I accidentally hit the request review button. Please ignore the second request. My mistake!

@robmry
Copy link
Contributor

robmry commented Apr 30, 2025

@robmry Oops, you already approved this PR, but I accidentally hit the request review button. Please ignore the second request. My mistake!

No worries! We'll need a review from Docker's docs team, and I think they're a bit short-handed at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robmry robmry Awaiting requested review from robmry

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/get-started Relates to get started and onboarding docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing <IP>:<host_port>:<container_port> explaination docker-compose
2 participants
@Antraxmin @robmry