Just a quick note: Docker’s networking works like a NAT ^{(more about that here)} for each container, effectively blocking incoming outside connections unless you expose the ports when running it.

That becomes a problem when you don’t know to which port someone’s going to be connecting to - say, when you are running an IRC bot and incoming connections happen at the same port you make an outgoing connection with, usually a random one at the 50000~65000 range.

You would usually solve that by making your container use the host’s network stack with the --net=\"host\" flag, which not only breaks proper containerization but also won’t work in tutum.

tutum support promissed support (see what I did there?) for passing flags in the future

From node.js v0.11.3 forward you can also fix that by specifying which local port you are going to use when creating a socket connection, like this ^(docs):

net.createConnection({
  host: 'irc.rizon.net', 
  port: 6667,
  localPort: 50555
});

Which results in 0.0.0.0:50555 ---> irc.rizon.net:6667, so you can expose the port in your Dockerfile and publish when setting up your container on tutum.