I have a container created (docker create) from an image which was using EXPOSE 22 in the Dockerfile
I start it via docker start <container name or ID> and access it via ssh.
I now need to expose one more port, of a service running in this container. I cannot recreate it, it has to have its startup parameters changed in order to expose that extra port. Is this possible?
I was hoping that docker start would allow for the same parameters as docker create or docker run but this is not the case.
Note: I know that the philosophy of docker is to create ephemeral containers. It is a fact of life that I have to deal with this heavily customized container (as opposed to recreating it)
You're implying you didn't use
docker-composeto start it, but a normaldocker run. I would look intodocker-compose, because then you could have stopped it, and started it again with a new config file. This allows for reproducible creation of a container. All the examples of just usingdocker runyou see everywhere don't help matters.In your particular case, I think all you have to do add an
iptablesrule. By default,dockerdmanipulates theiptablesrules to redirect traffic (it may even be the only thingEXPOSEdoes). If you doiptables -t nat -L -nyou can probably see how your ports were exposed. You can create a similar rule.This does mean that when you restart your server, the rule is gone again. You'll have to save your
iptablesstate. And this then also touches the inconvenience ofdockerdmanipulatingiptables. It's hard to manage next to other services touching iptables (like central configuration systems,fail2ban, or even a simple auto-save of your rules).you can open the port in the create command. to open port 80 for example one would run.
more info can be found on https://docs.docker.com/engine/reference/commandline/create/