docker
docs: Add documentation for IP:HOST_PORT:CONTAINER_PORT syntax
Add explanation and examples for binding ports to specific network interfaces using the extended syntax. This addresses issue #22253.
Description
Added documentation for the extended port publishing syntax IP:HOST_PORT:CONTAINER_PORT, which was missing from the current documentation. This change improves the "Publishing and exposing ports" page by explaining how to bind container ports to specific network interfaces on the host machine.
The additions include:
- Clear explanation of the extended syntax format
- Step-by-step examples with CLI commands and expected output
- Common use cases highlighting security benefits
- Docker Compose examples showing practical application
- Added relevant networking resources in the Additional Resources section
This documentation helps users understand how to restrict container access to specific network interfaces, which is especially important for securing sensitive services like databases.
Related issues or tickets
Fixes #22253
Reviews
- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
Deploy Preview for docsdocker ready!
| Name | Link |
|---|---|
| Latest commit | 8ad69cc03ea6cb9186b80ad479b71f9b50f69f58 |
| Latest deploy log | https://app.netlify.com/sites/docsdocker/deploys/6810c56a2456520008b45eeb |
| Deploy Preview | https://deploy-preview-22511--docsdocker.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @Antraxmin - thank you for working on this, it looks good.
As @akerouanton noted on the issue, a wider review of the port publishing documentation is needed. It's got quite complicated, and the documentation is incomplete and split between a few places. But, that shouldn't stop us from making this incremental improvement first.
In the meantime though ...
I think it'd be good to add a link from this new section to https://docs.docker.com/engine/network/packet-filtering-firewalls/#setting-the-default-bind-address-for-containers - it partially describes config param host_binding_ipv4 (which also works for IPv6 addresses!), and can be used to change the default from 0.0.0.0.
The "Important" note just above this new section hints at what's described in this new text, and links to another page with some of the same description - which might be confusing. Perhaps change change its last sentence to "See [Binding to specific network interfaces] below, and [learn more about published ports here]."?
Hi @Antraxmin - thank you for working on this, it looks good.
As @akerouanton noted on the issue, a wider review of the port publishing documentation is needed. It's got quite complicated, and the documentation is incomplete and split between a few places. But, that shouldn't stop us from making this incremental improvement first.
In the meantime though ...
I think it'd be good to add a link from this new section to https://docs.docker.com/engine/network/packet-filtering-firewalls/#setting-the-default-bind-address-for-containers - it partially describes config param
host_binding_ipv4(which also works for IPv6 addresses!), and can be used to change the default from0.0.0.0.The "Important" note just above this new section hints at what's described in this new text, and links to another page with some of the same description - which might be confusing. Perhaps change change its last sentence to "See [Binding to specific network interfaces] below, and [learn more about published ports here]."?
Hi @robmry , thank you for your review and suggestions! I'm happy to make those changes:
- Add a link to the packet filtering documentation in the "Binding to specific network interfaces" section to reference the
host_binding_ipv4configuration parameter. - Update the "Important" note to reference the new section and create a clearer connection between the content.
I completely understand this is just an incremental improvement while a more comprehensive review of port publishing documentation is pending. I hope this small addition helps users in the meantime.
If there's anything I misunderstood, please let me know. If there's no particular problem, I'll work on it in more detail!
@robmry
I've updated the PR with the requested changes: 8ad69cc
- Updated the "Important" note to reference the new section on binding to specific network interfaces, improving the connection between related content
- Added information about the
host_binding_ipv4configuration parameter with a link to the documentation about setting the default bind address
These changes should help users better understand the options available for controlling which network interfaces their container ports are bound to.
Let me know if any further adjustments are needed!
@robmry Oops, you already approved this PR, but I accidentally hit the request review button. Please ignore the second request. My mistake!
@robmry Oops, you already approved this PR, but I accidentally hit the request review button. Please ignore the second request. My mistake!
No worries! We'll need a review from Docker's docs team, and I think they're a bit short-handed at the moment.
Thanks for the pull request. We'd like to make our product docs better, but havenβt been able to review all the suggestions. As our docs have also diverged, we do not have the bandwidth to review and rebase old pull requests.
If the updates are still relevant, review our contribution guidelines and rebase your pull request against the latest version of the docs, then mark it as fresh with a /remove-lifecycle stale comment.
If not, this pull request will be closed in 30 days. This helps our maintainers focus on the active pull requests.
Prevent pull requests from auto-closing with a /lifecycle frozen comment.
/lifecycle stale
![docker-robot[bot] avatar](https://avatars.githubusercontent.com/in/336660?v=4 "Published by a pub.dev verified publisher"){kind=small}