From 299925f4c3847080b95f3bb84da256286431dc4d Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Mon, 3 Jul 2023 16:34:55 +0200
Subject: [PATCH] docs: document special host-gateway value for add-host
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
docs/reference/commandline/build.md | 12 ++++++++++-
docs/reference/commandline/dockerd.md | 19 +++++++++++++++++
docs/reference/commandline/run.md | 30 +++++++++++++++------------
3 files changed, 47 insertions(+), 14 deletions(-)
diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md
index 0a770f6034..c3435f57c5 100644
--- a/docs/reference/commandline/build.md
+++ b/docs/reference/commandline/build.md
@@ -458,7 +458,17 @@ You can add other hosts into a container's `/etc/hosts` file by using one or
more `--add-host` flags. This example adds a static address for a host named
`docker`:
- $ docker build --add-host=docker:10.180.0.1 .
+```console
+$ docker build --add-host docker:10.180.0.1 .
+```
+
+If you need your build to connect to services running on the host, you can use
+the special `host-gateway` value for `--add-host`. In the following example,
+build containers resolve `host.docker.internal` to the host's gateway IP.
+
+```console
+$ docker build --add-host host.docker.internal:host-gateway .
+```
### Specifying target build stage (--target)
diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md
index e0d3d30260..2549d5d95d 100644
--- a/docs/reference/commandline/dockerd.md
+++ b/docs/reference/commandline/dockerd.md
@@ -833,6 +833,25 @@ the host.
For details about how to use this feature, as well as limitations, see
[Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/).
+### Configure host gateway IP
+
+The Docker daemon supports a special `host-gateway` value for the `--add-host`
+flag for the `docker run` and `docker build` commands. This value resolves to
+the host's gateway IP and lets containers connect to services running on the
+host.
+
+By default, `host-gateway` resolves to the IP address of the default bridge.
+You can configure this to resolve to a different IP using the `--host-gateway-ip`
+flag for the dockerd command line interface, or the `host-gateway-ip` key in
+the daemon configuration file.
+
+```console
+$ dockerd --host-gateway-ip 192.0.2.0
+$ docker run -it --add-host host.docker.internal:host-gateway \
+ busybox ping host.docker.internal
+PING host.docker.internal (192.0.2.0): 56 data bytes
+```
+
### Miscellaneous options
IP masquerading uses address translation to allow containers without a public
diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md
index 399f9e1618..10e1c77563 100644
--- a/docs/reference/commandline/run.md
+++ b/docs/reference/commandline/run.md
@@ -759,24 +759,28 @@ PING docker (93.184.216.34): 56 data bytes
round-trip min/avg/max = 92.209/92.495/93.052 ms
```
-Sometimes you need to connect to the Docker host from within your
-container. To enable this, pass the Docker host's IP address to
-the container using the `--add-host` flag. To find the host's address,
-use the `ip addr show` command.
+The `--add-host` flag supports a special `host-gateway` value that resolves to
+the internal IP address of the host. This is useful when you want containers to
+connect to services running on the host machine.
-The flags you pass to `ip addr show` depend on whether you are
-using IPv4 or IPv6 networking in your containers. Use the following
-flags for IPv4 address retrieval for a network device named `eth0`:
+It's conventional to use `host.docker.internal` as the hostname referring to
+`host-gateway`. Docker Desktop automatically resolves this hostname, see
+[Explore networking features](https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host).
+
+The following example shows how the special `host-gateway` value works. The
+example runs an HTTP server that serves a file from host to container over the
+`host.docker.internal` hostname, which resolves to the host's internal IP.
```console
-$ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print $2}' | cut -d / -f 1 | sed -n 1p`
-$ docker run --add-host=docker:${HOSTIP} --rm -it debian
+$ echo "hello from host!" > ./hello
+$ python3 -m http.server 8000
+Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
+$ docker run \
+ --add-host host.docker.internal:host-gateway \
+ curlimages/curl -s host.docker.internal:8000/hello
+hello from host!
```
-For IPv6 use the `-6` flag instead of the `-4` flag. For other network
-devices, replace `eth0` with the correct device name (for example `docker0`
-for the bridge device).
-
### Set ulimits in container (--ulimit)
Since setting `ulimit` settings in a container requires extra privileges not