Search code examples
dockervirtual-machinedisplayportforwardingxserver

Docker : how to (reverse) forward port to allow access to the host's localhost:PORT?


I want to enable a docker VM to connect to a port on the localhost of the host starting docker on windows.

docker proposes port forwarding but IMHO only to expose a docker's VM port to the host running the VM.

It's also possible to map a hostname to an IP address when starting docker, but again, that is only seen on the VM. So neither of the following options help:

docker run \ 
    --add-host host:127.0.0.1 \
    -p 6000:6000 \
    OTHER_ARGUMENTS

My current purpose is to expose the XServer port running on the Windows host to the VM . My current solution is to find a Windows host IP, but when the network changes that IP is no longer valid and the XServer is apparently not listening on the new IP.
This happens when the computer hibernates and is on a new network when it wakes up.

By comparison, ssh provides the -L and -R options that allows to forward an IP/port either way.
A possible solution could be to start the container in detached mode, ssh to it and setup the port forwarding, and do all the other work in another docker run.
Another possible solution is to setup a NAT server (I didn't try).
Using host.docker.internal in the VM may be a solution - I start testing this to see if it holds over time. It does work for the initial connection (I set DISPLAY to host.docker.internal:0.0). (host-gateway may need more investigation).
Run without isolation (option --net host). Not tested.

So my question is, what method(s) are there to allow the docker VM to access a port on the Windows HOST's localhost addresses (127.0.X.X) .

A less general question is: how to setup the DISPLAY/Xserver on a Windows host and docker runs so that they always work, even after changing networks.

Note that my host OS is Windows 10 (this might be easier to do on *nix).


Solution

  • Amongst the possibilities suggested, at least on windows, the best solution is to set DISPLAY to host.docker.internal:0.0 .

    docker can be launched by setting this option directly:

       docker -e DISPLAY=host.docker.internal:0.0 <OTHERARGUMENTS>
    

    I verified that `` connects to the localhost by lauching a netcat session.

    On the windows host (using cygwin), I started:

    nc -l 127.0.0.1 3000
    

    And I could connect to it from the VM by using:

    telnet host.docker.internal 3000
    

    When starting the netcat deamon using

    nc -l 169.254.11.167 3000
    

    the telnet to the localhost did not succeed from the VM, telnet 169.254.11.167 3000 was required.

    Therefore, host.docker.internal (which is 168.168.65.2 inside the VM I tested), corresponds the localhost on the Windows host (and not the local host of the WSL instance running the docker container).

    Note:

    • host.docker.internal may no longer resolve if you have personalised the daemon's dns server (you can check this in <HOME>/.docker/daemon.json.