adamant-kite-43734
05/20/2023, 12:53 AMfast-garage-66093
05/20/2023, 1:04 AMfast-garage-66093
05/20/2023, 1:05 AMdocker run -d --name nginx --restart=always -p 127.0.0.1:8080:80 nginx
fast-garage-66093
05/20/2023, 1:05 AM80
just on localhost and not any external interfacerapid-napkin-54569
05/20/2023, 1:15 AMfast-garage-66093
05/20/2023, 1:21 AMrapid-napkin-54569
05/20/2023, 1:22 AMfast-garage-66093
05/20/2023, 2:21 AM0.0.0.0
, so there isn't really a way to prevent a user from doing this intentionally. You could configure Rancher Desktop not to bind to it, but the user could undo this, if they really wanted to.fast-garage-66093
05/20/2023, 2:22 AM127.0.0.1
to 0.0.0.0
themselves, independent of what RD might do.rapid-napkin-54569
05/20/2023, 9:23 PMfast-garage-66093
05/20/2023, 10:38 PM$ docker run -d --name nginx --restart=always -p 127.0.0.1:8080:80 nginx
$ curl -s 127.0.0.1:8080 | grep title
<title>Welcome to nginx!</title>
$ curl -s 192.168.17.20:8081 | grep title
# Next command in a different shell; it needs to remain running
$ socat tcp-listen:8081,reuseaddr,fork tcp:localhost:8080
$ curl -s 192.168.17.20:8081 | grep title
<title>Welcome to nginx!</title>
fast-garage-66093
05/20/2023, 10:39 PMsocat
is not part of macOS, but you can do the same thing with mkfifo
and `nc`; it is just a little more work. But it shows that as an unprivileged user you can easily forward any port from 127.0.0.1
to 0.0.0.0
if you really want to.fast-garage-66093
05/20/2023, 10:41 PM127.0.0.1
instead of 0.0.0.0
. But that would break docker compatibility. Not sure if it is worth spending effort on.fast-garage-66093
05/20/2023, 10:44 PMfast-garage-66093
05/20/2023, 10:54 PMrapid-napkin-54569
05/23/2023, 2:39 AM