I am very new to using docker. I have been used to using dedicated VM’s and hosting the applications within the servers OS.
When hosting multiple applications/services that require the same port, is it best practice to spin up a whole new docker server or how should I go about the conflicts?
Ie. Hosting multiple web applications that utilize 443.
Thank you!
Use a single reverse proxy on that one port… it can then route the requests to the various back ends.
You probably want something that’s Docker-native like Traefik or Caddy.
Thank you! I am using Caddy and was able to define a unique random port for the other containers and access this via reverse proxy!
If the containers are all in the same network. You dont need to expose a port.
Lets assume you create a docker network called
reverse_proxyand add all your contaiers that you want to be accessed by the reverse proxy to that network (including caddy).Then you can address all containers through the hostname in you caddy file and the port would be the default configurated port from the container.
So in the end you just expose the caddy container and nothing more.
I didn’t know this, very handy thanks
That wouldn’t work if multiple containers use the same port (eg. 8000), right?
Without a docker network, I can just map
8001:8000and don’t have that issue.Yes, it’d work just fine because each container listens on port 8000 of their own IP address, not the docker server’s IP address. Caddy/Traefik just redirects traffic to that port.
Okay, thanks! Maybe I’ll try it in the future.
I’ve just posted a little example. I’d recommend doing it this way. No more thinking about what port is allready exposed etc
In addition to Caddy being apart of the
reverse_proxynetwork. Would I also have to add it to theBridgenetwork so that I can utilize the machine IP that docker is hosted on for port forwarding 443?Caddy would have the bridge proxy network and the port 443 exposed.
version: "3.7" networks: proxy-network: external: true # needs to be created manually bevor running (docker create network proxy-network) services: caddy: image: caddy container_name: caddy restart: unless-stopped ports: - 80:80 - 443:443 volumes: - ./data:/data - ./config:/config - ./Caddyfile:/etc/caddy/Caddyfile:ro networks: - proxy-networkOther services:
version: "3.7" networks: proxy-network: external: true services: app: image: app container_name: app restart: unless-stopped volumes: - ./app-data:/data networks: - proxy-networkCaddy can now talk to the app with the apps container_name.
Caddyfile:
homepage.domain.de { reverse_proxy app:80 }So the reverse proxy network is an extra network only for containers that need to be exposed.
That’s the cool thing about docker you can just map a different external port.
https://docs.docker.com/network/
So if you look at the first flag it mentions: -p 8080:80
This means it’s mapping external port 8080 to the internal port 80. You can change the 8080 to anything you want so you don’t have conflicts.
I have done what you mentioned and used a random port internally and kept 443 as the listening port. I am using Caddy to then direct the traffic reverse proxy it.
Thank you so much!
Just FYI, we may be using “internally” differently, but you can’t change the port number to the right of the “:” That’s usually a fixed port needed for the container (the internal docker port).
I think you are using “internal” to mean your local network port though, but in Dockers case it would be the “external port” (external to docker).
Flow would be: Proxy → External Docker Port (8080, can be variable) → Internal Docker Port (80, fixed per docker container)
Probably getting overly picky with wording, but wanted to make sure you knew that the inernal docker port can’t be changed, just the mapping.
Hi there,
thats an interesting question. I suppose it depends on what you need to do.
If you can, divert the ports in the run command or compose file with -p 4430:443 (run) Or Ports:
- 4430:443
Then you tell the apps that need this port to use that one instead.
Thats the easiest solution I know of.
If you want a more elegant solution, you use custom domains with a reverse proxy like npm (nginx proxy manager).
You spin up npm and start defining hosts like cloud.yourhomedomain.com and define those over your dns if possible (router or in my case, pihole)
Docker is a universe of itself and you can invest hundreds of hours and still feel like a noob (good game mechanic btw, easy go get into, hard to master).
Hit me up if you need more info. Get familiar with stack overflow and the likes because you will need em. :)
Good luck
This is the correct answer.
I run several containers that offer up http/s and they obviously can’t all use 80/443. Just adjust the left side of that port setting and you’re good.
That plus a reverse proxy for offering these services up over the public internet, if you choose to do so, is a killer pair.
One addition to this: I actually run those in my private setup since I have highly sensitive data on there. Even if you’re not opening them, reverse proxy works wonders. :)
Thanks a ton! I did not realize you could have a different listing port vs internally used port.
I have done what you mentioned and used a random port internally and kept 443 as the listening port. I am using Caddy to then direct the traffic reverse proxy it.
Thanks again!
You are very welcome! Let me know if you need anything else.
