There used to be the problem in our production containers, here is an excerpt of the discussion that fixed it (not sure though it fixes your exact issue).
By default, if configured with bridge network (which seems to be marked as legacy as well), docker isolates the container from the host network, only placing iptables entries for the declared ports. That’s why wget/curl/apt-get all are failing.
[centos@test-frontend ~]$ sudo iptables -S DOCKER
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
To solve this in the bridge network setup, we could handle our own iptables. But, I could not check the iptables settings inside the container, as iptables-binary obtained with apt-get (in a container using host network) fails with kernel permission.
Easy workaround would be to have the container in the “host” network. it works. I tested. Change the “network_mode” to “host”, in the run-frontend.yml file. Doing so would make the port mapping irrelevant. But the exact same setup should work out of the box. [addon: (container) nginx can be run directly on port 80 by say, sed-ing the conf files before starting supervisor.]