Skip to content
Reach docker containers from the host machine on macOS and Windows where the bridge interface is not available
JavaScript Shell Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Docker Network Exposer


Using Docker on a non-Linux host has its own shortcomings. Due to the way networking is implmeneted in Docker for Mac/Windows, no bridge interface is created on the host. That makes it impossible to access containers in a user-defined bridge from the host machine (as one would do in Linux) without exposing containers' ports.

Docker Network Exposer (DNE) aims to boost developers' productivity by doing the following:

  1. Running an OpenVPN server that makes it possible to seamlessly access a Docker network from the host machine.
  2. Generating an additional hosts file that can be used by Dnsmasq to resolve Docker container names on the host machine.


  1. Docker 18.06.0+ with docker-compose 1.22.0+
  2. An OpenVPN client (such as Tunnelblick or the official client)
  3. Dnsmasq 2.48+


Add the following service definition to your docker-compose.yml:

  image: fardjad/docker-network-exposer
  init: true
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - /path/to/store/openvpn/client-config:/etc/openvpn/client-config
    - /path/to/store/dnsmasq/addn-hosts:/opt/docker-network-hosts/addn-hosts
    - '1194:1194'

And adjust volume mappings for the following directories:

  1. /etc/openvpn/client-config:

    DNE will generate an OpenVPN client config in this directory. The generated config should be imported into the OpenVPN client software.

  2. /opt/docker-network-hosts/addn-hosts:

    A hosts file will be written to this directory and gets removed once DNE container is (gracefully) stopped. One can optionally run a Dnsmasq server on the host machine, configure it to forward queries to some upstream servers, instruct it to use the additional hosts files in the abovementioned directory, and finally configure the host machine to resolve DNS queries through Dnsmasq (a minimal example config can be found here).

    NOTE: Dnsmasq service needs to receive a SIGHUP signal in order to reload the settings.

Once Dnsmasq is configured and the host machine is connected to the VPN, containers on the same Docker network as DNE will be accessible by their names, ids and aliases.

Environment Variables

When exposing more than one Docker network at once, you'll most likely want to override the following environment variables:

  1. OVPN_NETWORK_CIDR: This variable defaults to and specifies the OpenVPN subnet to draw client addresses from. A different subnet must be chosen for each Docker network.

  2. OVPN_PORT: Defaults to 1194 and specifies the port that OpenVPN server listens on. The chosen value will also be used as the port number in the generated OpenVPN client config file.

A full list of overridable environment variables can be found here.

Related Projects / Alternatives



You can’t perform that action at this time.