If I ran a postgres container (docker run -d —network custom_net —publish 127.0.0.1:5433:5432 postgres) wouldn’t that be accessible only to the docker network and not from the host machine?
In your case the container wouldn't be able to be accessed from the outside anyway, because you specified the publiched ports as 127.0.0.1:5433:5432. However, if you publish the ports globally, you would still be able to access the container from the outside, like docker run -d —network custom_net —publish 5433:5432 postgres.
The thing is that Docker networks are public by default and connected to the host network. You would have to create your network with the --internal flag. But this would make it impossible to access Postgres even while you are on your host, because it now runs in a completely isolated network.
So, specifying your ports with 127.0.0.1:5432 is the most reliable and secure way.
(If I get it right), If I only want PostgreSQL to be accessible from the host machine I should not include a custom network and my docker run command should look like this. docker run -d --publish 127.0.0.1:5433:5432. If I want it to be accessible within the network or even outside, I should remove 127.0.0.1.
If I ran a postgres container (docker run -d —network custom_net —publish 127.0.0.1:5433:5432 postgres) wouldn’t that be accessible only to the docker network and not from the host machine?
In your case the container wouldn't be able to be accessed from the outside anyway, because you specified the publiched ports as
127.0.0.1:5433:5432
. However, if you publish the ports globally, you would still be able to access the container from the outside, likedocker run -d —network custom_net —publish 5433:5432 postgres
.The thing is that Docker networks are public by default and connected to the host network. You would have to create your network with the
--internal
flag. But this would make it impossible to access Postgres even while you are on your host, because it now runs in a completely isolated network.So, specifying your ports with 127.0.0.1:5432 is the most reliable and secure way.
(If I get it right), If I only want PostgreSQL to be accessible from the host machine I should not include a custom network and my docker run command should look like this.
docker run -d --publish 127.0.0.1:5433:5432
. If I want it to be accessible within the network or even outside, I should remove127.0.0.1
.Yes, that's correct.