Yugabyte docker container on overlay network blocks port forwarding

General
1

Hello,

I have found a strange behavior related to Yugabyte running on docker swarm overlay network. I know the issue is Yugabyte related as I have compared with the standard nginx container and it does not have the issue.

I have managed to boil the issue down to the following. Consider the following docker compose file:

# docker-compose.yml

name: test

networks:

  net1:
    name: net1
    driver: overlay
    attachable: true

  net2:
    name: net2
    driver: overlay
    attachable: true

services:

  yugabyte:
    image: yugabytedb/yugabyte:2025.1.0.1-b3
    container_name: name1
    hostname: host1
    networks:
      - net1
    restart: always
    command: [ "bin/yugabyted",
               "start",
               "--background=false",
               "--advertise_address=name1",
               "--cloud_location=cloud1.region1.zone1" ]
    ports:
      - 7000:7000
      - 7100:7100
      - 9000:9000
      - 9100:9100
      - 15433:15433
      - 5433:5433
      - 9042:9042

  nginx:
    image: nginx:latest
    container_name: name2
    hostname: host2
    networks:
      - net2
    restart: always
    ports:
      - 10080:80

To recreate the issue I am having, run the following:

  • docker swarm init
  • docker compose up -d

When the two containers are up and running, test the port forwarding from the host:

  • curl -v 192.168.120.244:10080
  • curl -v 192.168.120.244:7000

You will see that the connection into nginx on port 10080 is successful, while the connection into yugabyte on port 7000 fails (“Connection refused”):

curl -v 192.168.120.244:10080
*   Trying 192.168.120.244:10080...
* Connected to 192.168.120.244 (192.168.120.244) port 10080 (#0)
> GET / HTTP/1.1
> Host: 192.168.120.244:10080
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.29.1
< Date: Fri, 03 Oct 2025 20:45:02 GMT
< Content-Type: text/html
< Content-Length: 615
< Last-Modified: Wed, 13 Aug 2025 14:33:41 GMT
< Connection: keep-alive
< ETag: "689ca245-267"
< Accept-Ranges: bytes
<
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host 192.168.120.244 left intact

curl -v 192.168.120.244:7000
*   Trying 192.168.120.244:7000...
* connect to 192.168.120.244 port 7000 failed: Connection refused
* Failed to connect to 192.168.120.244 port 7000: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.120.244 port 7000: Connection refused

However, if I try to access the Yugabyte UI from inside the container with docker exec -it name1 curl -v 10.0.2.2:7000, it works fine.

My questions:

  • Why is the Yugabyte container blocking the port forwarding as set in the compose specification?
  • Is it possible to fix this somehow?