Remove port binding from an existing docker container

Question

Currently I have a container created with

docker run --detach --name gitlab_app --restart=always --publish 192.168.0.200:80:80 --publish 192.168.0.200:22:22 --volumes-from gitlab_data gitlab_image

I want to remove both port bindings 80 and 22 from the image. Is it possible to remove port binding from an existing docker container?

NB: It is okay to take the container offline for removing the binding.

Answer 1

If its ok for the container to be offline why not just remove and run again without the port switches?

If you do need to do this without deleting containers you could just modify the underlying iptables changes.

# Will list the rules
iptables -L

# Will delete the rule you want to remove
iptables --delete [chain] <Rule definition>

In general your data should always be in one of 3 places

1. A data only container that can be linked with a restarted service container.
2. A volume defined in your service container than can be linked with a new container to take backups. See here for an example.
3. In a host mounted volume so that you can restart containers and mount the same location into new containers.

With one of these three approaches restarting services becomes easily and this should be standard as micro-services should be designed such that they can go down and recover often. These approaches will also speed up your application as the default union file system is slower than normal file systems which are used for volumes.

If you need to recover data from a container where you did not plan volumes properly you can use the docker export functionality to export the state of your container. Then import it into a new container with a host mounted volume. Copy your critical data from inside the container to the volume.