Skip to content

fix(compose): forward port mappings to container run (-p)#20

Closed
itxtoledo wants to merge 1 commit into
us:mainfrom
itxtoledo:fix/compose-port-forwarding
Closed

fix(compose): forward port mappings to container run (-p)#20
itxtoledo wants to merge 1 commit into
us:mainfrom
itxtoledo:fix/compose-port-forwarding

Conversation

@itxtoledo

@itxtoledo itxtoledo commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Fixes #19.

Problem

mocker compose up showed port mappings in mocker compose ps output but no ports were actually reachable on the host — every published port returned ECONNREFUSED. Meanwhile, the native container run -p <port> worked correctly.

Root cause

ContainerEngine.buildRunArguments() never included -p flags when building the container run argument list. Instead, it relied on PortProxy — a background subprocess (mocker __proxy) that creates a NWListener to relay TCP traffic to the container IP. This proxy fails because:

  1. The mocker CLI binary lacks the com.apple.security.network.server entitlement needed to bind host ports
  2. NWListener requires App Sandbox or the network server entitlement, neither of which the CLI has

The native container CLI already handles port forwarding correctly when invoked with -p, so the simplest fix is to pass the port mappings directly.

Changes

Sources/MockerKit/Container/ContainerEngine.swift — Added -p flags to buildRunArguments() (4 lines):

for port in containerConfig.ports {
    args += ["-p", port.description]
}

Tests/MockerKitTests/ContainerEngineTests.swift — New unit test testRunArgumentsIncludePortMappings (16 lines) verifies:

  • -p flag is present in the argument list
  • Port values appear in the expected host:container/protocol format

Tests

  • swift build — compiles without errors
  • swift test82 tests in 9 suites pass (including new test)
  • Manual end-to-end verification: clean mocker compose down && mocker compose up -d with a 5-service compose file — all 5 ports respond OPEN (previously all ECONNREFUSED)
  • Minimal reproduction: single nginx service — port 18080:80 confirmed reachable

@itxtoledo
fix(compose): forward port mappings to container run (-p)
96e2de9 
`buildRunArguments()` was not translating `ContainerConfig.ports` into
`-p` flags for the native `container run` command. Instead it relied on
`PortProxy` which spawns a background TCP relay (`mocker __proxy`) —
this fails because the mocker CLI lacks the
`com.apple.security.network.server` entitlement to bind host ports.

The native `container` CLI already handles port forwarding correctly
when invoked with `-p`, so this change passes the port mappings directly.

Fixes us#19

💘 Generated with Crush

Assisted-by: Crush:deepseek-v4-pro
@us us mentioned this pull request Jun 13, 2026
Closed
@us

us commented Jun 13, 2026

Copy link
Copy Markdown
Owner

Thank you so much for this, @itxtoledo! 🙏💚

You nailed the exact same root cause and fix — buildRunArguments was missing -p and falling back to the broken PortProxy. We landed it in #22 (which also picked up the ip:host:container / bare-port parsing and a couple of extra tests), so I'm closing this as superseded — but the diagnosis and direction were 100% yours, and the credit goes to you.

This is shipping in v0.3.3. Please don't let a closed PR discourage you — your report + PR moved this forward fast, and contributions like this are exactly what makes the project better. Hope to see you around here again! 🚀

@us us closed this Jun 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mocker compose does not forward published ports to host (ECONNREFUSED)

2 participants

@itxtoledo @us