0
sariel
4y

Why in the fuck does everyone expose specific ports in Dockerfiles?

If I wanted to expose the port, I would fucking expose it.

Currently can't run my home infra platform because I'm running two separate instances of Maria DB on the same private internal network. These are two databases for two separate applications.

Why don't I run them on one? Because they're two separate fucking applications.

Why the fuck can I not do this when I used to be able to do it a week ago.

Stop exposing your fucking ports in your fucking Dockerfiles.

This shit is getting so bad, I'm just about to throw my towel in on all fucking containers and just install everything in multiple VM environments.

I am God damn appalled that after 8 years of using docker, core concepts like a port exposure is being leveraged as a way to somehow circumvent poor security practices.

You want a secure container environment? Expose your own goddamn ports.

Fuck you Maria DB, and fuck you docker.

Comments
  • 4
    Exposing a port of a docker container is only an information for the user of the image to tell, which port might be published. Please notice the difference between expose and publish.

    Exposed ports are just shown in the docker Damon (docker PS). They do nothing at all except for documentation reasons.

    Published ports are accessible from the host machine or anyone else who can access the given ip. You can of course run as many databases as you like but you have to define separated ports for each (-p 3306:3306; -p 3307:3306;...). To get a published port you have to tell docker that you want to have one or more of them and if you publish a port which is not exposed docker will expose it automatically.

    Personally I do not publish the port of any database since the database is normally in the same virtual docker network and publishing is not necessary when accessing a service from inside the docker network.
  • 3
    @bosi exactly what you said. When using docker-compose it's easy af.

    Just give your multiple MySQL containers different service names like db-1,db-2. Then you can just tell your application to connect MySQL to db-1 (you literally set 'db-1' as the target for the database URL. Docker automatically sets up hostname a and domain resolution for your containers) and it works.
Add Comment