Fix Exposed port in docker container (mariadb/mysql 3306) even with firewall

How to fix exposed port in docker container – in this case mysql/mariadb on standard 3306 port

Docker is very complex, the point is that it baypass your firewall, for example I have csf but docker makes a chain of forwarding ports so that containers are able to communicate with each other.
The idea is NOT to run container like this:
docker run -p 3306:3306 blabla/blabla-mariadb
you SHOULD run it like so:
docker run -p 127.0.0.1:3306:3306 blabla/blabla-mariadb
same goes for .yml file not this:
ports:
– “3306:3306”
but this:
ports:
– “127.0.0.1:3306:3306”

Now to fix our mistakes:
IF you have running container you should:
1. docker stop mariadb (or whatever name)
2. docker commit mariadb mariadb1
3. docker run -p 127.0.0.1:3306:3306 -td mariadb1

IF you need the same image name you can do it like this:
1. docker ps

docker ps to see active containers
docker ps

write down container id in this case b7b7ad5f1314
2. docker inspect b7b7ad5f1314
docker inspect
docker inspect

writhe down ID
in this case b7b7ad5f13145f1446c112bab9b40370620d3a163032b833d87edf996f36ae56
3. cd /var/lib/docker/containers/b7b7ad5f13145f1446c112d3a163032b833d87edf996f36ae56
goto container id from above
4. docker stop b7b7ad5f1314
stop container
5. nano hostconfig.json
in port bindings you should have something similar to:
“PortBindings”:{“3306/tcp”:[{“HostIp”:””,”HostPort”:”3306″}]}
6. place 127.0.0.1 at HostIp
so would look something like this:
port binding
port binding

7. sudo systemctl restart docker
8. docker start b7b7ad5f1314

Test is with telnet ( if you don’t know how we have a tutorial Test if docker container has exposed port)

Last modified: August 28, 2017