What is the point of the docker-proxy process? Why is a userspace tcp proxy needed?

docker iptables

Solution 1:

Apparently there are some edge cases without a better workaround (for now):

  • localhost<->localhost routing
  • docker instance calling into itself via its published port
  • and possibly more

https://github.com/docker/docker/issues/8356

UPDATE: Since 1.7.0 (2015-06-16) the userland proxy can be disabled in favor of hairpin NAT using the daemon’s --userland-proxy=false flag.

Related

HP plan to restrict access to ProLiant server firmware - consequences?
What's the difference between "Turn Off" and "Shutdown" in Hyper-V
Authentication is required to manage system services or units.
Can I build my own Extended Validation SSL certificate?
How do I enable apache modules from the command line in RedHat?
Is using SOFTFAIL over FAIL in the SPF record considered best practice?
Random TCP RST's on certain websites, what's going on?
How is DNS lookup configured for OSX Mountain Lion?
How can one send commands to the "inner" ssh session?
FTP/FTPS/SFTP/SCP - Speed comparison [closed]
How do I know if a DLL is registered?
Virtualization for Linux (VMware vs VirtualBox vs KVM vs ...)? [closed]