I am trying out some things with docker and docker swarm and currently I am running into a problem.
If I create a container with:
docker run -d --name my_nginx -p 8080:80 nginx
everythings went fine, I am able to access this port.
If I try to create a service with docker swarm (container was removed before) I am not able to open that port:
docker service create -d --name my_service_nginx --replicas=1 -p 8080:80 nginx
It seems that the service does not create a portmapping.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3417b80036c nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp my_service.1.1l3fwcct1m9hoallkn0g9qwpd
Do you have any idea what I am doing wrong?
Best regards
Jan
Launching a Docker swarm on the LXC is not possible:
Docker swarm get access from outside network
Related
I have a container running nifi (--name nifi) exposing port 8080 and another container running nifi registry (--name nifireg) exposing port 10808. I can get to both UI's, and I am able to connect nifi to the registry in the registry services by using the registry container's IP (172.17.0.5). These containers are also on a docker network called nifi-net. My issue is that the registry client is unable to talk to the registry when using the container name.
From the nifi I can ping by container IP as well as by name (ping nifireg), so there is some level of connectivity. But if I change the registry client to point to http://nifireg:180880 or even http://nifi-net.nifireg:18080 it clocks for a while and then eventually returns this error:
Unable to obtain listing of buckets: java.net.ConnectException: Connection refused (Connection refused)
What needs to be done to allow nifi to connect to the nifi registry using the container name?
EDIT: Here is how I set everything up:
docker run -d --name nifi -p 8080:8080 apache/nifi
docker run -d --name nifireg -p 18080:18080 apache/nifi-registry
I added the netorking after the fact, but that shouldn't be an issue.
docker network create nifi-net
docker network connect nifi-net nifi
docker network connect nifi-net nifireg
I don't understand why this solved the problem, but destroying the containers and recreating them with the --net nifi-net option at spin-up solved the problem.
docker run -d --name nifi --net nifi-net -p 8080:8080 apache/nifi
docker run -d --name nifireg --net nifi-net -p 18080:18080 apache/nifi-registry
The docs state that you can add them to a network after the fact, and I am able to ping from one container to the other using the name. I guess it's just a lesson that I need to use docker networking more.
I would suggest using docker-compose to manage the deployment since you can define the network once in docker-compose.yaml and not have to worry about it agian.
Plus it lets you learn about docker networking :P
I am learning Docker as a beginner and I am finding one info confusing. Here is step details:
Pulling Image from Docker Hub
Running Image
Now, I am seeing any Half port details in CLI due to which I am not able to ger proper port ID.
But when I am running same Image through KITEMATIC and checking the status of the running container then it is showing me properly.
Please refer Screenshot below for details:
First Line in shared Pic is showing complete details of PORTs( started container in KITEMATIC)
Second-line is not showing complete.
I want to know the reason for this difference and how to resolve it.
In first line of docker ps, you publish the port using below command
docker run -it -p 32773:80 -p 32772:443 static-site
That is why you are seeing HOST_PORT->Container_PORT, to see the same response on another container you need to publish port
docker run -it --rm -p 80:80 -p 443:443 your_image
80:80 mean HostPort:ContainerPort.
Images can expose a port. This is documentation from the image creator to those using the image. It tells you which ports the application inside the container are listening on by default. When you run a container with an exposed port, but you do not publish it on the host, you'll see only the container port listed in the docker container ls. This is again only documentation at this point, no docker networking has been configured to use that container port, so docker is letting you know that inside the container that application is likely listening on that port:
$ docker run -d --name unpublished --rm nginx
63291688813a75a8d9f0d383b4fbef30e93be8e89bd22fc80c2953da65d1d5e9
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63291688813a nginx "nginx -g 'daemon of…" 41 seconds ago Up 39 seconds 80/tcp unpublished
If you publish a container to a specific port, you'll see that listed as desired:
$ docker run -d --name exact -p 8080:80 --rm nginx
10f82a87d8dce2226c030ca5f23e7983b0f60673c0ec614302dc129dad4ba86d
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
10f82a87d8dc nginx "nginx -g 'daemon of…" 14 seconds ago Up 12 seconds 0.0.0.0:8080->80/tcp exact
And it looks like kitematic is publishing all ports with the -P flag (capital) which looks at all exposed ports and maps them to unused high numbered ports:
$ docker run -d --name publish_all -P --rm nginx
982afb237756e543820810cbd6366c8fa8569a386ff581cd7edc63557004e8c4
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
982afb237756 nginx "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 0.0.0.0:32768->80/tcp publish_all
If you want the know what port was published on the host, particularly when you tell docker to use unused high numbered ports, you can query that with the port command, e.g. for the publish_all container above:
$ docker container port publish_all 80
0.0.0.0:32768
You can see the exposed ports with an inspect of the image:
$ docker image inspect nginx --format '{{json .Config.ExposedPorts}}' | jq .
{
"80/tcp": {}
}
I have 3 docker applications(containers) in which one container is communicating with other 2 containers. If I run that containers using below command, container 3 is able to access the container 1 and container 2.
docker run -d --network="host" --env-file container1.txt -p 8001:8080 img1:latest
docker run -d --network="host" --env-file container2.txt -p 8080:8080 img2:latest
docker run -d --network="host" --env-file container3.txt -p 8000:8080 img3:latest
But this is working only with host network if I remove this --network="host" option then I am not able to access this application outside(on web browser). In order to access it outside i need to make the host port and container ports same as below.
docker run -d --env-file container1.txt -p 8001:8001 img1:latest
docker run -d --env-file container2.txt -p 8080:8080 img2:latest
docker run -d --env-file container3.txt -p 8000:8000 img3:latest
With this above commands i am able to access my application on web browser but container 3 is not able to communicate with container 1. here container 3 can access the container 2 because there i am exposing 8080 host + container port. But i can't expose again 8080 host port for container 3.
How to resolve this issue??
At last my goal is this application should be accessible on browser without using host network, it should use the bridge network . And container 3 needs to communicate with container 1 & 2.
On user-defined networks, containers can not only communicate by IP address but can also resolve a container name to an IP address. This capability is called automatic service discovery.
Read this for more details on Docker container networking.
You can perform the following steps to achieve the desired result.
Create a private bridge network.
docker network create --driver bridge privet-net
Now start your application containers along with the --network private-net added to your docker run command.
docker run -d --env-file container1.txt -p 8001:8001 --network private-net img1:latest
docker run -d --env-file container2.txt -p 8080:8080 --network private-net img2:latest
docker run -d --env-file container3.txt -p 8000:8000 --network private-net img3:latest
With this way, all the three containers will be able to communicate with each other and also to the internet.
In this case when you are using --network=host, then you are telling docker to not isolate the network rather to use the host's network. So all the containers are on the same network, hence can communicate with each other without any issues. However when you remove --newtork=host, then docker will isolate the network as well there by restricting container 3 to communicate with container 1.
You will need some sort of orchestration service like docker compose, docker swarm etc.
I want to create a service from rabbitmq image so I try to run the following command:
docker service create --name rabbitmq --hostname rabbitmq --publish 5672:5672 --publish 15672:15672 --mount source=rabbitmq,target=/var/lib/rabbitmq rabbitmq:3.6.10-management
Then I run the command docker service ls to see if the service is created and everything looks ok, but when I run docker ps the container is not created.
The weird thing is that docker service ls looks like this:
ID NAME MODE REPLICAS IMAGE PORTS
ye8r8xk2k49c rabbitmq replicated 1/1 rabbitmq:3.6.10-management *:5672->5672/tcp,*:15672->15672/tcp
Can someone help me with this issue?,
Thanks in advance.
You should use
docker service ps rabbitmq
This will tell you which node is running the container for your service.
docker ps will only show the container for the current node and not your swarm cluster
I want to expose a docker container port on a different host port.
docker run -d --net="host" --name="couchpotato2" -p 5555:5050 ...
However, I don't get the mapping of 5555 -> 5050. Any idea why?
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
114ae1617632 needo/couchpotato "/sbin/my_init" 3 seconds ago Up 2 seconds couchpotato3
Here is the docker image I'm using:
https://github.com/needo37/couchpotato
Your problem is the use of host networking:
--net="host"
Explained in the documentation
Publishing ports and linking to other containers will not work when
--net is anything other than the default (bridge).