The container connects to external servers and executes code there.
These external servers are behind a VPN.
From the local host I can connect to them, either by name or by direct IP.
But for some reason, to the servers in the subnet 192.168.2.* I can not connect from the container. But I can connect to subnets 192.168.123.* (also under VPN).
DNS servers are given to me through the VPN 192.168.2.1 and 192.168.123.1. I tried to assign the same DNS to the container through the key --dns, nothing changes.
Pinging by domain name server1.company.com extracts correct address 192.168.2.200 and thats all.
Does anyone have any ideas?
Answering my own question.
There's no magic here, after all.
with the command scutil --dns I found out which nameservers added by VPN and just added them to docker run ... command like:
--dns=192.168.2.1 --dns=192.168.123.1 --publish-all
and now it works fine.
PS: But I still dont have any idea how it worked before (.
Related
I am trying for nginx proxy manager (running in a docker container) to connect to another docker container that has port 8080 open on it. When I setup the proxy to connect to 192.168.0.29:8080 the ip address of the host, but it doesn't work, the browser just says that the site didn't send any data.
I tried setting up the reverse proxy with other services (that weren't running inside a docker container), and they worked flawlessly. So, I've concluded, the problem is something with the docker containers.
First, I tried replacing the ip address with the address of the container (shown in portainer) which showed to be 172.17.0.2. But, that didn't work. I can confirm that both containers are in the same network, bridge.
I could not find any solutions for this problem either here, at Stack Overflow, or anywhere else. Hope there's enough data to solve this problem. Thanks ahead of time!
Edit:
running arp -na from within the container gives this output:
[root#docker-00244f7ab2cc:/app]# arp -na
? (172.17.0.1) at 02:42:d1:fc:fc:6b [ether] on eth0
I found the solution to my question after lots of searching and testing and it's quite simple. The solution is to start the nginx proxy manager docker container on the host network instead of the bridge network. Then, you can use localhost and then the port to refer to which service you want to redirect to.
I have a docker container that needs to access an network server on the LAN. This server is visible from the docker host machine and I can access it from within the container when I reference the IP address directly.
However I need to be able to specify a url and port (e.g http://myserver:8080) rather than an IP address, which the docker container cannot resolve.
How can I configure the container to resolve this? ideally using the docker hosts dns. I have looked at many of the docs, but not being a DNS expert, it doesn't seem straightforward.
UPDATE:
I have tried this, which seems to work, but does this have any downsides or unintended consequences?
--network host
Thanks,
The rigth way to do this is to configure the docker daemon dns as specified under daemon-dns-options.
Using the host network is not recommended as it has some downsides https://docs.docker.com/network/host/
I am running a mariadb instance in a docker container. It is connected to a custom bridge network. Let's call it db_net here.
Now I want to connect to mariadb from another container connected to the same network.
I can ping the mariadb container from the other container with ping mariadb.db_net. It resolves to some 172.x.x.x IP.
Setting up the grant table in mariadb with numeric IPs works. But obviously these may change in a modified setup. I also would like to avoid using all wildcards (e.g 172.%.%.%) since other containers may also use the same mariadb instance.
Using the symbolic host name (name.db_net) in the grants table fails.
What is the recommended way to solve this? Using all wildcards in the host field and relying on other isolation mechanisms of course works, but it seems like doing that I give up a layer of security that would be desirable.
Sometimes embedded DNS doesn’t work fine with Linux services. The best approach is DNS to resolve hostnames to IP addresses. It can be by modifying /etc/hosts file or using a third party DNS server. This will ensure that whenever the IP address changes, database privileges still works fine.
If you choose to setup DNS server in your docker network, each container will have to be started with the option.
--dns=IP_ADDRESS
The address provided will then be written to the file /etc/resolv.conf on the docker container.
I know many would say that this is a redundant question. But I am putting this thread as my last straw. I have gone through many threads in this community regarding my query, but was not able to achieve what I need.
Here's what I need to do.
Make docker containers such that it's IP would come in the same network as my host's. Just like a virtual machine in bridged network.
I need to be able to ssh to these dockers via external machines in my host m/c's network.
I simple replace Virtual Machines with docker in my system. And for that I need to ssh them just like I have been doing with the Virtual Machine nodes.
What I have tried?
Able to ssh the container via my host m/c. Where I installed ssh on container and enabled the port 22. Also I set UsePAM to no in /etc/ssh/sshd_config file.
Followed Ben Whaley on this thread.
I tried IP aliasing, But after all that, when I did ssh <IP address> -p 5000 , I got ssh: connect to host <IP address> port 5000: Connection refused error.
Tried to follow Regan on this page. But those documents were pulled down, and The documents that I found was not helpful either, as they were proving hard for me to understand.
Tried to make a bridge from this reference. But there too, my virtual0 bridge was not taking any IP address. If I manually give one to it, it wasn't accepting any connection through that IP.
Please can anyone help me out here?
I just need to replace my VM's with the docker containers so that I can improve my resource utilization.
I'm trying to set up a docker container to access my VPN (IVPN). I want to use the DNS of the VPN, but the DNS is selected based on the IP address I'm assigned - which occurs within the container...
https://www.ivpn.net/knowledgebase/163/What-is-the-IP-address-of-your-DNS-servers.html
To work out the address of the closest DNS server simply look at
the IP assigned to you when you connect. The DNS servers are in
the format 10.x.x.1. For example, if you receive the address
10.16.4.66 then the DNS is on 10.16.4.1.
Is there some way of updating the DNS from within the container?
Or can I (massively over-engineer a solution by...) start the container, get the IP address assigned by the VPN, then (somehow) do a DNS update from the host?
Do I just give up and hard code some DNS servers that aren't "closest"
[Edit thanks to #MrE] I want to run openvpn IN the container (so I'll use someone else's image) - and have other containers use this one as their only connection to the 'net. Basically, I'm trying to build fully isolated containers and then have their connections configurable via either our corporate (or other commercial) VPN.