Exposing container ports


i am trying to run an application with the remote docker executor.
This is located at tcp://aaa.bbb.ccc.ddd:2376 and my setup via testcontainers https://www.testcontainers.org will try to start a postgres + localstack instance. Testcontainers will then use i.e. tcp://aaa.bbb.ccc.ddd:34512 to contact the psql database. The port has been mapped in docker by testcontainers but the other container, that does the build in the remote docker, cannot access it.
Is there a way to make this work?
I now have to use the machine executor as suggested in the testcontainers docs https://www.testcontainers.org/supported_docker_environment/continuous_integration/circle_ci/
This is quite slow though and it might have a higher price attached to it in the future.


If you have a server in your docker section that is trying to connect back into the build server, or to another remote container, then yes, this is most unlikely to work. Those container are meant to be security isolated.

The way I have solved this in the past is to forget about remote Docker executors and run Docker-in-Docker instead. Use Docker Compose inside your build container to spin up all the services you need; you are not allowed to open any ports, but instead you can create a test container and run your tests from there. Using Docker internal networking, this will have a view of all the other containers in the Compose network without opening up any ports to the outside (i.e. your build server).