Hello, I see the following error when starting a container on macOS (Monterey, Apple silicon):

% docker run --rm --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535
iptables v1.8.8 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Docker version:

Client:
 Cloud integration: v1.0.29
 Version:           20.10.22
 API version:       1.41
 Go version:        go1.18.9
 Git commit:        3a2c30b
 Built:             Thu Dec 15 22:28:41 2022
 OS/Arch:           darwin/arm64
 Context:           default
 Experimental:      true

Server: Docker Desktop 4.16.2 (95914)
 Engine:
  Version:          20.10.22
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.9
  Git commit:       42c8b31
  Built:            Thu Dec 15 22:25:43 2022
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.14
  GitCommit:        9ba4b250366a5ddde94bb7c9d1def331423aa323
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

macOS version: Monterey 12.5.1

This used to work at some point in the past for me, so I'm not sure what changed.

I have a docker swarm composed of several nodes. I have a HAProxy running as a service in Swarm.
I want to setup LetsEncrypt on one of the hosts node. But for that I need HAProxy to redirect the authorization requests to the certbot which runs in standalone mode on one of the hosts node.
Any Idea how can I do it ?

$ cat docker-compose.yml

version: '2'

networks:
  some-net:
    driver: bridge

services:
  # On host do: curl http://localhost:8888 and you get result
  nginx-for-test:
    image: nginx
    ports:
      - "8888:80"

  dockerhost:
    image: qoomon/docker-host
    cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
    restart: on-failure
    networks:
      - some-net
  test:
    image: appropriate/curl
    command: ["curl" , "http://dockerhost:8888"]
    networks:
      - some-net

docker-compose up output:

Attaching to dockerhost_dockerhost_1, dockerhost_nginx-for-test_1, dockerhost_test_1
dockerhost_1      | Docker Host: 172.22.0.1 (default gateway)
test_1            |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
test_1            |                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed to connect to dockerhost port 8888: Host is unreachable
dockerhost_test_1 exited with code 7

Hi. Using your docker image for several apps running on my server on different ports to use them within docker environment.

But how can I forward not only to a port on host but to an arbitrary external ip?

My home pc is running some webserver application and is connected to my server via wireguard vpn! Once logged in remotely on my server I can reach the webserver of my home pc on the lan ip address assigned by wireguard. So connection is working and established between those two computers.

What I want to achieve is to reach my homeserver via my vps servers TLD i.e. home.mydomain.com (SSL encrypted with the help of nginx-proxy and the letsencrypt companion). What I am missing is some option to "expose" not only a port but an IP address.

How can I proceed now? Thanks for any help and push to the right direction.

For some reason, only on the cloud Ubuntu 20.04 VMs that I create myself, sometimes docker-host does not start.

Also this issue never happens on GitHub CI or MacOS.

I have it set to always restart in the docker-compose file:

docker-host:
  depends_on:
    - proxy
    - pgadmin
    - db
    - flower
    - queue
    - backend
    - backend_stream
    - celeryworker
    - frontend
    - tailscale
    - headscale
  image: qoomon/docker-host
  cap_add:
    - net_admin
    - net_raw
  mem_limit: 8M
  restart: always

I can sometimes manually start it after the fact but if this is running CI it will cause failures. The only thing I can think of is the container is trying to start and then backing off and finally stopping. Unfortunately there is nothing in the logs to show any reason why it failed to start.

Do you have any idea why this would happen or if there is a way to make sure it will definitely start no matter what?

Perhaps I need to give it a little sleep before hand?

I cannot make the gateway work properly.
I've read #21 and bound my app to the host ip 172.20.0.1 (resulting from docker network inspect bridge --format='{{( index .IPAM.Config 0).Gateway}}').

Relevant part of docker-compose.yml is:

version: '3'
services:
    my-api-gateway:
        image: qoomon/docker-host
        cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
        # mem_limit: 4M
        restart: on-failure
    web:
        image: my-webapp-ui
        ports:
        - "80:80"

Then I start the java api mvn spring-boot:run which listens on 172.20.0.1 port 8080.

From the host shell:

$ curl http://172.20.0.1:8080/management/health
{
  "status" : "UP"
}

From the goomon/docker-host container:

$ docker-compose exec my-api-gateway sh
# curl http://172.20.0.1:8080/management/health
{
  "status" : "UP"
} 

From the linked container:

$  docker-compose exec web sh
# curl http://my-api-gateway:8080/management/health
curl: (7) Failed to connect to my-api-gateway port 8080: Operation timed out

What's wrong in my config?

Failed to run docker-compose 3.3

version: "3.3"

services:

  dockerhost:
    image: qoomon/docker-host
    cap_drop:
    - NET_ADMIN
    - NET_RAW
    deploy:
      resources:
        limits:
          memory: 4M
      restart_policy:
        condition: on-failure
    environment:
      - PORTS=0:1024,9000

dockerhost_1 | multiport: Could not determine whether revision 1 is supported, assuming it is.
dockerhost_1 | Docker Host Gateway: 193.164.64.2
dockerhost_1 | iptables v1.6.2: can't initialize iptables table `nat': Permission denied (you must be root)
dockerhost_1 | Perhaps iptables or your kernel needs to be upgraded.

I'm trying to run this on Docker Toolbox v18.09.3 on Windows but am unable to get the image to boot successfully. I've struggling to debug this, would you be able to advise how I might debug this further?

I start the container:

$ docker run --name 'dockerhost' --cap-add=NET_ADMIN --cap-add=NET_RAW --restart on-failure -d qoomon/docker-host

And docker ps reports the container is constantly restarting. Docker logs reports:

$ docker logs dockerhost
Docker Host: 172.17.0.1 (default gateway)
iptables: No chain/target/match by that name.
Docker Host: 172.17.0.1 (default gateway)
iptables: No chain/target/match by that name.
...

$ docker -v
Docker version 18.09.3, build 774a1f4eee

Disabling the entrypoint and attaching, I found the first call to iptables fails

iptables --table nat --insert PREROUTING --protocol tcp --match multiport --dports 0:65535 --jump DNAT --to-destination 172.17.0.1

Appears tables are empty:

/ # iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

This is similar to #21

I followed the README but I still dont get any visible output on the terminal which listens with nc.

version: '3.7'

networks:
  backend:
    driver: bridge

services:
  host.docker.internal:
    image: qoomon/docker-host
    cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
    restart: on-failure
    networks:
      - backend

  tcp_message_emitter:
    depends_on: [ host.docker.internal ]
    image: alpine
    command: [ "sh", "-c", "while :; do date; sleep 1; done | nc 'host.docker.internal' 2323 -v"]
    networks:
      - backend

$ docker-compose -f docker-compose.yml up -d
Creating network "docker-compose_backend" with driver "bridge"
Creating docker-compose_host.docker.internal_1 ... done
Creating docker-compose_tcp_message_emitter_1  ... done

# i have more networks but I only show the relevant one
$ docker network ls
NETWORK ID          NAME                          DRIVER              SCOPE
a5aa8ca04a22        docker-compose_backend        bridge              local

$ sudo docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' docker-compose_host.docker.internal_1
172.28.0.2
$ sudo ufw allow from 172.28.0.2 proto tcp to any port 2323
Rules updated

All of the following nc commands on the host give no output:

$ nc 127.0.0.1 2323 -lk
$ nc 0.0.0.0 2323 -lk

$ docker network inspect docker-compose_backend --format='{{( index .IPAM.Config 0).Gateway}}'
172.28.0.1
$ nc 172.28.0.1 2323 -lk

Unfortunately I didnt find the problem myself so far, maybe you have some ideas.

I’m trying to get my head around the setup of Docker-Host but struggling. I’m attempting to get home assistant running locally on my Mac via docker but as per the instructions —net:host doesn’t seem to work on macOS: https://www.home-assistant.io/docs/installation/docker/

Any support setting docker-host up for Home-Assistant would be great.

I followed https://medium.com/@sam_ngu/connecting-to-docker-host-mysql-from-docker-container-linux-ubuntu-766e526542fd to connect to my host MySQL database.

Inside the other container, I could ping the dockerhost container.

My project is using Prisma as a DB access layer, and pointed to the DB via URL like this:
mysql://user:password@dockerhost:3306/schema.

But when I tried to access the DB. I ended up getting this error:
"Can't reach database server at 'dockerhost':'3306'. Please make sure your database server is running at 'dockerhost':'3306'"

All the configurations are set up as mentioned in the above medium article, like the firewall, DB user, etc.

dockerhost:
  image: qoomon/docker-host
  cap_add:
    - NET_ADMIN
    - NET_RAW
  restart: on-failure
  networks:
    - internal

The dockerhost container log is also showing no error.

Docker Host: 172.22.0.1 (default gateway)
Forwarding ports: 0:65535

I would be so happy to get any solution 😃 from you guys.
Thank you

I'm trying to set up a reverse nginx proxy so that I can password protect a Tensorboard instance running on the host on port 7005.

If I run Tensorboard with --host=127.0.0.1, the Docker container gets a connection refused error when trying to access http://docker-host:7005.

The Docker container is, however, able to access http://docker-host:7005 with Tensorboard launched with--host=0.0.0.0, but then I have Tensorboard exposed without any password protection.

TL;DR Is it possible to have docker-host access applications bound to 127.0.0.1?

docker-compose.yml

version: '3'
services:
  docker-host:
    image: qoomon/docker-host
    cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
    restart: on-failure

  nginx:
    image: nginx:latest
    container_name: nginx_reverse_proxy
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./.htpasswd:/etc/nginx/.htpasswd
    depends_on:
      - docker-host
    ports:
      - 7004:7004

nginx.conf

events { worker_connections 1024; }

http {
  server {
    listen 7004;

    server_name localhost;

    location / {
      proxy_pass http://docker-host:7005;
      auth_basic "Basic auth";
      auth_basic_user_file /etc/nginx/.htpasswd;
    }
  }
}

Could you please explain how to setup correctly connection from container to Docker API or host port 2375 in Linux machine.

1. I have opened port 2375 to connect to Docker API in /lib/systemd/system/docker.service:
   ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://127.0.0.1:2375
2. My docker-compose.yml is:

version: '3.7'
services:
  web:
    image: some_image
    restart: unless-stopped
    command: python manage.py runserver 0.0.0.0:80
    volumes:
      - ./:/usr/src/app/
    ports:
      - 80:80
    depends_on:
      - docker-host
    networks:
      - app-network
    env_file:
      - ./.env
  docker-host:
    image: qoomon/docker-host
    cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
    restart: on-failure
    networks:
      - app-network

networks:
  app-network:
    driver: bridge

3. After that I connect to container via sudo docker exec -it web_1 bash
4. Run command inside container curl -X GET host.docker.internal:2375/containers/json and get an error curl: (6) Could not resolve host: host.docker.internal

Where am I wrong?

Should this work for connecting to a database on the host?
I have a mysql db on my host. When i run your container I am able to ping the "dockerhost" from my other containers. But when I go to connect to the database, I get an error. I'm using R, so it's fine if you're not familiar with the program.

command line:

root@3fb860760a17:/# ping dockerhost
PING dockerhost (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: icmp_seq=0 ttl=64 time=0.178 ms

in R:

> DB<-dbConnect(MySQL(), user = 'buko-user', password ='buko-access',
+                 dbname = 'buko', host = '172.18.0.3')
Error in .local(drv, ...) : 
  Failed to connect to database: Error: Can't connect to MySQL server on '172.18.0.3' (107)

Can we have an option if user provides a docker socket, auto determine (if needed) the host ip within container.
removing the need for manually following on host
docker network inspect bridge --format='{{( index .IPAM.Config 0).Gateway}}'

In my current network configuration happens that getent ahostsv4 "host.docker.internal" returns a list of public IP which by no mean are related to my environment.

As a workaround I've forced DOCKER_HOST to the value returned by docker network inspect bridge --format='{{( index .IPAM.Config 0).Gateway}}'.

I am trying to setup communication from a docker container to a port on the host.
The port is managed by sam local (https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-start-lambda.html)

sam local listen on port 3001 by default.
For the sake of testing, I also run nc -p 2323 -lk in a separate terminal.

• hitting http://localhost:2323/ from a browser show information in the nc terminal
• hitting http://localhost:3001/ from a browser show information in the sam local terminal

running

docker run --rm \
  --link 'docker-host' \
  -it alpine nc 'docker-host' 2323 -v

allow me to communicate with the host, so it seems docker-host is correctly setup.

however...
running

docker run --rm \
  --link 'docker-host' \
  -it alpine nc 'docker-host' 3001 -v

simply returns... without any message...
like if the port was not open...
and of course the exit code is 1 so not very useful...

This drives me nuts... so any help would be greatly appreciated...

I am running it on Ubuntu
and the firewall is configured to let everything pass: sudo ufw allow from xx.xx.xx.xx

Also, when running nc localhost 3002 -v on host machine (where sam local is started) it works:
Connection to localhost 3002 port [tcp/*] succeeded!

Hello,

there are already many supported platforms but missing linux/ppc64le. Can you add it, please?

Hello, I've been using your image for some time. I really appreciate what your hard work. It was big help for me.
But lately I've discovered you can use

services:
  name:
    [...]
    extra_hosts:
      - host.docker.internal:host-gateway

Is there use of docker-host if we can do this?
I guess docker-host gives ability to forward only specific ports but maybe it would be good to add this extra_hosts alternative to readme, what do you think?

The docker-host container always stops after a few hours/days and don't restart automatically.

Notting relevant in the logs:
Docker Host: 172.18.0.1 (default gateway),

Hi,

I've been using this repository for the last two months, and the last night I updated it, giving me an error when using it with docker-compose. The error is:

Docker Host Gateway: ::1
iptables v1.6.2: Port `:1' not valid

I've checked the last changes of this repo, and I've found that the command getent hosts docker.for.mac.localhost | cut -d' ' -f1 gives as an output ::1 whereas getent hosts docker.for.mac.host.internal | cut -d' ' -f1 gives no output

Because of this, the next section

if [ -n "$GATEWAY_MAC" ]; then
    GATEWAY=$GATEWAY_MAC
fi  

assigns $GATEWAY_MAC to $GATEWAY (although this IP is not valid). This simple addition is enough to solve this problem:

GATEWAY_MAC="$(getent hosts docker.for.mac.localhost | cut -d' ' -f1)"
if [ -n "$GATEWAY_MAC" ] && [ "$GATEWAY_MAC" != "::1" ]; then
    GATEWAY=$GATEWAY_MAC
fi 

If you don't mind, I will make a pull request to this solution so everybody can use this docker without having problems

Thank you for this repository, it is a pleasure to find this tools until docker.for.linux.host.internal is available 😄

Running: Docker for Mac
Version: Docker version 20.10.12, build e91ed57

We have a compose file with half a dozen dependencies which take between 0.2 and 0.4 seconds to shut down on average. The docker-host container takes 10.2 seconds to shut down, significantly outweighing all other containers. Is there a reason for this lengthy shut down time?

It seems to reliably take 10.2 - 10.3 seconds to shut down. Almost as if it's taking the 'normal shut down time' and adding precisely 10 seconds somewhere.

I did not know the best way to contact you so I hope that creating an 'issue' here is OK.

I just posted this StackOverflow question and I wondered if docker-host might be a solution to my situation. Could I please ask you to take a look?

Thank you.
-Allan

Hello
I want to connect to a postgres DB on my local machine through a container
im using docker compose v3

docker-compose.yml

version: '3.5'

services:
  dockerhost:
    build:
      context: ../
      dockerfile: ./docker/files/host.dockerfile
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: on-failure
    networks:
      - backend
  backend_app:
    container_name: agenda_api_app_dev
    build:
      context: ../
      dockerfile: ./docker/files/app.dockerfile
    volumes:
      - ../:/var/www/
    networks:
      - backend
    depends_on:
      - dockerhost
  backend_server:
    container_name: agenda_api_server_dev
    build:
      context: ..
      dockerfile: ./docker/files/server.dockerfile
    volumes:
      - ../public:/var/www/public
      - ../storage/logs/:/var/log/nginx
    ports:
      - ${APP_PORT}:80
    depends_on:
      - backend_app
    networks:
      - backend
networks:
  backend:
    driver: bridge

host.dockerfile

FROM qoomon/docker-host:latest

When executed shows dockerhost as unknown . What it could be ?

Im active if you want more info

The container does not work on rootless docker with linux. It tries to connect to the gateway ip just fine but somehow this ip leads no where. My knowledge of slirp4netns is simply not enough to figure it out.

I have been using the DOCKER_HOST variable with the public ip of the host os as a workaround.

Daemon logs:

/user.slice/user-1000.slice/[email protected]/app.slice/docker.service
             ├─  3114 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --port-driver=builtin --copy->
             ├─  3147 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --port-driver=builtin --co>
             ├─  3173 slirp4netns --mtu 65520 -r 3 --enable-sandbox --enable-seccomp 3147 tap0
             ├─  3181 dockerd
             ├─  3237 containerd --config /run/user/1000/docker/containerd/containerd.toml --log-level info
             ├─178725 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8025 -container-ip 172.20.0.3 -container-port 8025
             ├─178731 docker-proxy -container-ip 172.20.0.3 -container-port 8025 -host-ip 127.0.0.1 -host-port 8025 -proto tcp
             ├─178740 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip :: -host-port 8025 -container-ip 172.20.0.3 -container-port 8025
             ├─178746 docker-proxy -container-ip 172.20.0.3 -container-port 8025 -host-ip ::1 -host-port 8025 -proto tcp

Docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
  compose: Docker Compose (Docker Inc., v2.2.3)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 18
  Running: 6
  Paused: 0
  Stopped: 12
 Images: 154
 Server Version: 20.10.14
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  rootless
  cgroupns
 Kernel Version: 5.17.5-76051705-generic
 Operating System: Pop!_OS 22.04 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 62.51GiB
 Name: pop-os
 ID: XXXXXXXXXXXXXXXXXXXX
 Docker Root Dir: /home/freek/.local/share/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Hello, we are using Docker Host on our Macs with Docker Compose. One of the developers on my team did a docker-compose pull this afternoon and then docker-compose up and docker-host started exiting immediately with the following error:

[ERROR] docker-host container needs Linux capabilities NET_ADMIN and NET_RAW
  e.g 'docker run --cap-add=NET_ADMIN --cap-add=NET_RAW ...'

I then did a docker-compose pull and docker-compose up on my machine and got the same error. I then looked at the previous Docker tags and pinned my version in Docker Compose to 2.5.4. docker-compose up and no error.

Below is a before an after of the service for docker-host in our Docker Composes.

  # This exits immediately 
  docker-host:
    container_name: products-docker-host
    image: qoomon/docker-host
    cap_add:
      - NET_ADMIN
      - NET_RAW

  # This works
  docker-host:
    container_name: products-docker-host
    image: qoomon/docker-host:2.5.4
    cap_add:
      - NET_ADMIN
      - NET_RAW

What is weird is that your newest release appears to be just a documentation change (nifty little star graph!) so maybe something changed in the base image?

Is there a particular license, for usage, associated to this?

I am trying to use the bridged network d_backend to communicate between nc listening on the host service and a docker container emitting messages.

This is the network

$ sudo docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
fdc454526116        d_backend           bridge              local

$ sudo docker network inspect d_backend --format='{{( index .IPAM.Config 0).Gateway}}'
172.22.0.1

On the host I bind nc to that ip:

nc 172.22.0.1 2323 -lk

This is my docker-compose.yml

version: '3.5'

services:

  dockerhost:
    image: qoomon/docker-host
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: on-failure
    networks:
      - backend

  tcp_message_emitter:
    image: alpine
    depends_on:
      - dockerhost
    command: [ "sh", "-c", "while :; do date; sleep 1; done | nc 'dockerhost' 2323 -v"]
    networks:
      - backend

networks:
  backend:
    driver: bridge

I run this (within folder d so that the correct network is used)

/home/foo/d$ sudo docker-compose up
Starting d_dockerhost_1 ... done
Starting d_tcp_message_emitter_1 ... done
Attaching to d_dockerhost_1, d_tcp_message_emitter_1
dockerhost_1           | Docker Host: 172.22.0.1 (default gateway)

I would expect to see a date on the host every second, but I don't. Any ideas?

I have this kind of error if i let the mem_limit to 4M
memory.memsw.limit_in_bytes:%20device%20or%20resource%20busy

I have no issue at all if i increase to 8M

Just wanted to document this in case anyone else makes the silly mistake of running this container within network mode host.

This meant that all the iptables commands are run on the host, breaking anything network related such as SSH.

Even after stopping the docker container, the iptables changes persist.

Luckily I was able to revert the changes after following this answer on Serverfault:
https://serverfault.com/a/633623/155147

After resetting the iptables, you will also need to restart Docker itself.

Hi, sorry for dumb question but I dont not follow how this should be used.. If we should add dockerhost per docker-compose.yml or it should run as standalone container somewhere on the host..

I have a docker-compose file for guacamole and want to be able to access host from that container (it is a web ui to VNC machine, and want to VNC the host). What are the steps please? Imagine I freshly installed docker and docker compose and pulled docker-compose.yml file:

version: '2.0'

# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
  guacnetwork_compose:
    driver: bridge

# services
services:
  # guacd
  guacd:
    container_name: guacamole.508.guacd
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw
  # postgres
  postgres:
    container_name: guacamole.508.postgres
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole
      POSTGRES_PASSWORD: ***********************
      POSTGRES_USER: guacamole
    image: postgres
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:ro
    - ./data:/var/lib/postgresql/data:rw

  # guacamole
  guacamole:
    container_name: guacamole.508
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: ***********************
      POSTGRES_USER: guacamole
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
    - 50880:8080/tcp
    restart: always

Any hints will be appreciated, thanks!

Hi,

How would I go about defining a host to point to docker-host? Essentially in my docker compose yaml I would like to define it like this..

    extra_hosts:
      - "localhost.acme.org:$DOCKER_HOST"

Hi, it would be very nice if you could also build your image for ARM. Thank you!

Hey,

I'm trying to use your image to access a local service running on port 8080 from a running container. My setup is windows 8 with Docker Toolbox, so unfortuantely I have to go through virtualbox. I'm starting the container like so:

docker run -d --name dockerhost  --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host

Then I'm trying

ping dockerhost

but it's not working. I'm assuming that's because it's not exposing any ports, but I would've expected the ping to be routed to my local Windows 8 OS. The ip returned that's being returned inside the docker-host container is the ip of the docker0 interface on the VM.
I must be missing something, maybe you can help out.

Thanks