I am trying to make my .net core api on live on AWS fargate. I have created an application load balancer on AWS and added to listeners for 80 and 443 ports.
I exposed 8080 port to 80 and 8081 port to 443 in my container.
Here is my task definition file
{
"ipcMode": null,
"executionRoleArn": "my-esc-roles",
"containerDefinitions":
[
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration":
{
"logDriver": "awslogs",
"secretOptions": null,
"options":
{
"awslogs-group": "/ecs/my-tasks",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint":
[],
"portMappings":
[
{
"hostPort": 8080,
"protocol": "tcp",
"containerPort": 8080
},
{
"hostPort": 8081,
"protocol": "tcp",
"containerPort": 8081
}
],
"command":
[],
"linuxParameters": null,
"cpu": 0,
"environment":
[],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints":
[],
"workingDirectory": null,
"secrets":
[
{
"valueFrom": "LiveDb",
"name": "LiveDb"
},
{
"valueFrom": "SSLPath",
"name": "ASPNETCORE_Kestrel__Certificates__Default__Path"
},
{
"valueFrom": "SSLPassword",
"name": "ASPNETCORE_Kestrel__Certificates__Default__Password"
}
],
"dockerSecurityOptions": null,
"memory": 500,
"memoryReservation": 400,
"volumesFrom":
[],
"stopTimeout": null,
"image": "my-ecr-repo/image:latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "my-container"
}
],
"placementConstraints":
[],
"memory": "2048",
"taskRoleArn": "**********************",
"compatibilities":
[
"EC2",
"FARGATE"
],
"taskDefinitionArn": "*******************",
"family": "supplierportal-tasks",
"requiresAttributes":
[
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities":
[
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform":
{
"operatingSystemFamily": "LINUX",
"cpuArchitecture": null
},
"cpu": "1024",
"revision": 10,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes":
[]
}
And here is my dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 8080
EXPOSE 8081
ENV ASPNETCORE_URLS=http://+:8080;https://+:8081
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-dotnet-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["WebAPI/WebAPI.csproj", "WebAPI/"]
RUN dotnet restore "WebAPI/WebAPI.csproj"
COPY . .
WORKDIR "/src/WebAPI"
RUN dotnet build "WebAPI.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "WebAPI.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebAPI.dll"]
When it comes to port 80 everything works perfectly. but on port 443 I could not be able to set up SSL.
Here is the error log I receive.
Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
I have stored my pfx file in s3 but it did not work. Where should I put my pfx file to deploy it in a container?
I have used the below paths for SSL on S3.
s3://mycert/WebAPI.pfx => did not work
https://my-cert.s3.amazonaws.com/ebAPI.pfx => did not work
arn:aws:s3:::my-cert/WebAPI.pfx => did not work
I have stored my pfx file in s3 but it did not work. Where should I put my pfx file to deploy it in a container?
You would need to add a step to the startup of your docker container to copy the file from S3 into the container, using either the AWS CLI tool, or the AWS SDK.
You really only need the SSL certificate that is installed on the load balancer, unless you have some sort of regulatory requirement for end-to-end encryption. The Application Load Balancer is doing SSL termination, so the network connection between the user's web browser and your AWS private network is encrypted. The SSL listener on the load balancer's port 443 can forward traffic to your unencrypted port 8080.
Related
I am stuck on an issue with containers on ECS Fargate, more specifically 2 containers inside one task communicating with each other.
According the article linked (https://aws.amazon.com/blogs/compute/task-networking-in-aws-fargate/), once the two containers are configured inside the task, any other container in the task should be able to communicate with that container by just using localhost or 127.0.0.1.
However I can’t seem to get that behavior. I tried breaking it down to its simplest form - an nginx running on 1 container with port Mapping 80 and a simple curl command on another container, but no joy.
Am I missing something or some configuration that I need to do to get the 2 containers communicating within the ECS Task Definition over localhost or 127.0.0.1 ?
The JSON file of the Task Definition with 2 containers:
{
"requiresCompatibilities": [
"FARGATE"
],
"inferenceAccelerators": [],
"containerDefinitions": [
{
"name": "container-a",
"image": "******.dkr.ecr.eu-west-1.amazonaws.com/repository-a:latest",
"memoryReservation": "2048",
"cpu": "1024",
"resourceRequirements": null,
"essential": true,
"portMappings": [
{
"containerPort": "5000",
"protocol": "tcp"
}
],
"environment": null,
"environmentFiles": [],
"secrets": null,
"mountPoints": null,
"volumesFrom": null,
"hostname": null,
"user": null,
"workingDirectory": null,
"extraHosts": null,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/test-task-definition",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
}
},
"ulimits": null,
"dockerLabels": null,
"dependsOn": null,
"repositoryCredentials": {
"credentialsParameter": ""
}
},
{
"name": "container-b",
"image": "******.dkr.ecr.eu-west-1.amazonaws.com/repository-b:latest",
"memoryReservation": "2048",
"cpu": "1024",
"resourceRequirements": null,
"essential": true,
"portMappings": [],
"environment": null,
"environmentFiles": [],
"secrets": null,
"mountPoints": null,
"volumesFrom": null,
"hostname": null,
"user": null,
"workingDirectory": null,
"extraHosts": null,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/test-task-definition",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
}
},
"ulimits": null,
"dockerLabels": null,
"dependsOn": null,
"repositoryCredentials": {
"credentialsParameter": ""
}
}
],
"volumes": [],
"networkMode": "awsvpc",
"memory": "4096",
"cpu": "2048",
"executionRoleArn": "arn:aws:iam::******:role/ecr-execution-role",
"family": "test-task-definition",
"taskRoleArn": "arn:aws:iam::******:role/ecs-task-role",
"tags": []
}
https://learn.microsoft.com/zh-tw/dotnet/core/whats-new/dotnet-core-3-0
docker run -m
How do I write to the AWS ECS Task File?
Normally such question is strongly discouraged, you should show what you have done and what the problem you are facing. but here is a step.
Better to push your image to ECR
Specify an image ARN in the task definition
Create service from the task definition
{
"containerDefinitions": [
{
"entryPoint": [
"sh",
"-c"
],
"essential": true,
"image": "PUT_RESGISTRY_ECR_IMAGE_ARN_HERE",
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group" : "/ecs/fargate-task-definition",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"name": "sample-fargate-app",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
}
],
"cpu": "256",
"executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole",
"family": "fargate-task-definition",
"memory": "512",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
]
}
example_task_definitions
getting-started/tutorials/deploy-docker-containers
deploying-a-simple-hello-world-httpd-container-on-an-ecs-cluster
I am trying to reproduce the swarm cluster using go microservices
The guy who wrote the original code worked on Mac, I am on Ubuntu 18.04.
I managed to build the image but when I go for
docker run --rm someprefix/accountservice
I have serious problem
standard_init_linux.go:207: exec user process caused "no such file or directory"
Docker inspect
docker inspect someprefix/accountservice
[
{
"Id": "sha256:a5e37628d346dba85c07933c0d564d097090e23e3fc86e27d75c2a1a2996598e",
"RepoTags": [
"someprefix/accountservice:latest"
],
"RepoDigests": [],
"Parent": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Comment": "",
"Created": "2019-04-30T18:06:08.292837947Z",
"Container": "ea592f14dd2969078725ca8180335a1844a90270415256bc9466d526f35fc1a6",
"ContainerConfig": {
"Hostname": "536a453ae03e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6767/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"ENTRYPOINT [\"./accountservice-linux-amd64\"]"
],
"ArgsEscaped": true,
"Image": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"./accountservice-linux-amd64"
],
"OnBuild": [],
"Labels": {}
},
"DockerVersion": "18.09.5",
"Author": "",
"Config": {
"Hostname": "536a453ae03e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6767/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"ArgsEscaped": true,
"Image": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"./accountservice-linux-amd64"
],
"OnBuild": [],
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 13093818,
"VirtualSize": 13093818,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a3601e0c28ae2733092fff04b223561787158d743e0038e889af5f978bd03cf2/diff:/var/lib/docker/overlay2/2ea56a1556aac38a84a911dbad39b82d2cd060ceb21fc8e01619c382945a045f/diff",
"MergedDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/merged",
"UpperDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/diff",
"WorkDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215",
"sha256:f66908b454c81aae190cc6ae4f430edda3dba86b2c0ba92cadfe817153a6f841",
"sha256:d2e3740a7dc7513f02913179b3090d6bc6581cf3e7ffa9ebea946403643ee55a"
]
},
"Metadata": {
"LastTagTime": "2019-04-30T20:06:08.366158681+02:00"
}
}
]
I have seen similiar issues here on SO,but none of them is related to my problem.
I solved it by disabling CGO
CGO_ENABLED=0 go build -o accountservice-linux-amd64
Next step
docker build -t someprefix/accountservice accountservice/
Sending build context to Docker daemon 8.439MB
Step 1/4 : FROM iron/base
---> b438fe7f76e9
Step 2/4 : EXPOSE 6767
---> Running in b3e84e962cf8
Removing intermediate container b3e84e962cf8
---> 924d21d06a29
Step 3/4 : ADD accountservice-linux-amd64 /
---> b92d16e8701b
Step 4/4 : ENTRYPOINT ["./accountservice-linux-amd64"]
---> Running in cb311a684b5a
Removing intermediate container cb311a684b5a
---> 1aedce37d586
Successfully built 1aedce37d586
Successfully tagged someprefix/accountservice:latest
No problems at all with docker run
docker run --rm someprefix/accountservice
Starting accountservice
Seeded 100 fake accounts...
2019/05/01 08:35:34 Starting HTTP service at 6767
I have 2 Spring Boot micro-service applications i.e web application and metastore application. This is the properties file for my web application.
spring:
thymeleaf:
prefix: classpath:/static/
application:
name: web-server
profiles:
active: native
server:
port: ${port:8383}
---
host:
metadata: http://10.**.**.***:5011
Dockerfile for web application:
FROM java:8-jre
MAINTAINER **** <******>
ADD ./ms.console.ivu-ivu.1.0.1.jar /app/
CMD chmod +x /app/*
CMD ["java","-jar", "/app/ms.console.web-web.1.0.1.jar"]
EXPOSE 8383
Dockerfile for metadata application:
FROM java:8-jre
MAINTAINER ******* <********>
ADD config/* /deploy/config/
CMD chmod +x ./deploy/config/*
COPY ./ms.metastore.1.0.1.jar /deploy/
CMD chmod +x ./deploy/ms.metastore.1.0.1.jar
CMD ["java","-jar","./deploy/ms.metastore.1.0.1.jar"]
EXPOSE 5011
I am using Mesos and Marathon for cluster management. The Marathon scripts for metastore is :-
{
"id": "/ms-metastore",
"cmd": null,
"cpus": 1,
"mem": 2000,
"disk": 0,
"instances": 0,
"acceptedResourceRoles": [
"*"
],
"container": {
"type": "DOCKER",
"docker": {
"forcePullImage": true,
"image": "*****/****:ms-metastore",
"parameters": [],
"privileged": true
},
"volumes": [],
"portMappings": [
{
"containerPort": 5011,
"hostPort": 0,
"labels": {},
"protocol": "tcp",
"servicePort": 10000
}
]
},
"networks": [
{
"mode": "container/bridge"
}
],
"portDefinitions": [],
"fetch": [
{
"uri": "file:///etc/docker.tar.gz",
"extract": true,
"executable": false,
"cache": false
}
]
}
Web marathon:
{
"id": "/ms-console",
"cmd": null,
"cpus": 1,
"mem": 2000,
"disk": 0,
"instances": 0,
"acceptedResourceRoles": [
"*"
],
"container": {
"type": "DOCKER",
"docker": {
"forcePullImage": true,
"image": "****/****:ms-console",
"parameters": [],
"privileged": true
},
"volumes": [],
"portMappings": [
{
"containerPort": 8383,
"hostPort": 0,
"labels": {},
"protocol": "tcp",
"servicePort": 10000
}
]
},
"networks": [
{
"mode": "container/bridge"
}
],
"portDefinitions": [],
"fetch": [
{
"uri": "file:///etc/docker.tar.gz",
"extract": true,
"executable": false,
"cache": false
}
]
}
Web application I am connecting to metastore with IP which is hard coded (mentioned in properties). I created docker images for both and run in my server. The metastore server now running in different machine, so my web application is unable to resolve this IP.
All you need to do here is expose 5011 as the host port on the metadata server running on "different machine" using -p -
docker run -d -p 5011:5011 metadata_image ....
Now your web application should be able to access metadata server by using http://$different_machine_ip:5011/
$different_machine_ip = Metadata server IP
However since they need to be tightly coupled, i would suggest you run web app & metadata server on the same machine in case your metadata server is stateless.
New to docker on mac osx. I am building a ubuntu image from the base phusion image to use as a git server. Using the following file to install the base and needed software. This works great. However, I am unable to ping the machine.
EDIT
I am unable to ping the machine. I can run the image and see the container in the ps command. I can also exec bash into it.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
54e4cef78445 git-ssh_img "/usr/sbin/sshd -D" 44 minutes ago Up 44 minutes 22/tcp git-ssh
The following also works
docker exec -it 54e4cef78445 ping www.google.com
PING www.google.com (173.194.219.147) 56(84) bytes of data.
64 bytes from ya-in-f147.1e100.net (173.194.219.147): icmp_seq=1 ttl=61 time=65.1 ms
64 bytes from ya-in-f147.1e100.net (173.194.219.147): icmp_seq=2 ttl=61 time=67.1 ms
Dockerfile:
# Use phusion/baseimage as base image. To make your builds reproducible, make
# sure you lock down to a specific version, not to `latest`!
# See https://github.com/phusion/baseimage-docker/blob/master/Changelog.md for
# a list of version numbers.
FROM phusion/baseimage:0.9.18
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
# ...put your own build instructions here...
ENV TERM xterm
RUN apt-get -y update
RUN apt-get -y install openssh-server
RUN apt-get -y install git \
libxml2-dev \
python \
build-essential \
make \
gcc \
python-dev \
python-pip
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Setting openssh
# RUN mkdir /var/run/sshd
RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
# Adding git user
RUN adduser --system git
RUN mkdir -p /home/git/.ssh
# Clearing and setting authorized ssh keys
RUN echo '' > /home/git/.ssh/authorized_keys
RUN echo 'First key' >> /home/git/.ssh/authorized_keys
# RUN echo 'Second SSH public key' >> /home/git/.ssh/authorized_keys
# ...
# Updating shell to bash
RUN sed -i s#/home/git:/bin/false#/home/git:/bin/bash# /etc/passwd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
Inspect command:
[
{
"Id": "54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2",
"Created": "2015-12-10T21:01:16.683875853Z",
"Path": "/usr/sbin/sshd",
"Args": [
"-D"
],
"State": {
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 13930,
"ExitCode": 0,
"Error": "",
"StartedAt": "2015-12-10T21:01:16.763739339Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "b2c6f9604ceca1e112dc0560aa4d0c50596d27c80256c544613f1d6badf6ccda",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "87f12f9b527f3e0d7f823f1e2c88b0d0e860ff2d1687568d0a15cfa9fdfe22c3",
"Gateway": "172.17.42.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "172.17.0.26",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:1a",
"NetworkID": "a60ea78a8239baed013f9bfb1b2719a599ddef7745170e3c17eeab743a391ebe",
"PortMapping": null,
"Ports": {
"22/tcp": null
},
"SandboxKey": "/var/run/docker/netns/54e4cef78445",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null
},
"ResolvConfPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/resolv.conf",
"HostnamePath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/hostname",
"HostsPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/hosts",
"LogPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2-json.log",
"Name": "/git-ssh",
"RestartCount": 0,
"Driver": "aufs",
"ExecDriver": "native-0.2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LxcConf": [],
"Memory": 0,
"MemorySwap": 0,
"CpuShares": 0,
"CpuPeriod": 0,
"CpusetCpus": "",
"CpusetMems": "",
"CpuQuota": 0,
"BlkioWeight": 0,
"OomKillDisable": false,
"MemorySwappiness": -1,
"Privileged": false,
"PortBindings": {},
"Links": null,
"PublishAllPorts": false,
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"VolumesFrom": null,
"Devices": [],
"NetworkMode": "default",
"IpcMode": "",
"PidMode": "",
"UTSMode": "",
"CapAdd": null,
"CapDrop": null,
"GroupAdd": null,
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"SecurityOpt": null,
"ReadonlyRootfs": false,
"Ulimits": null,
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"CgroupParent": "",
"ConsoleSize": [
0,
0
]
},
"GraphDriver": {
"Name": "aufs",
"Data": null
},
"Mounts": [],
"Config": {
"Hostname": "54e4cef78445",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"22/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"Cmd": [
"/usr/sbin/sshd",
"-D"
],
"Image": "git-ssh_img",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
}
}
]
As mentioned in "Can't visit http://172.17.0.2:5000 after starting docker registry", you cannot use the internal IP made for container-to-container communication.
You need to use the IP returned by $(docker-machine ip <yourMachine>) to actually ping the machine which runs your container.
Update February 2017, docker 1.13+: as commented by kboom, you now have Docker for Mac which uses a lightweight hypervisor (HyperKit), which allows to be bound to localhost (but still you cannot visit internal addresses).