I am trying to access my host system from a docker container
have tried all the following instead of 127.0.0.1 and localhost:
gateway.docker.internal,
docker.for.mac.host.internal,
host.docker.internal ,
docker.for.mac.host.internal,
docker.for.mac.localhost,
but none seem to work.
If I run my docker run command with --net=host, I can indeed access localhost however none of my port mappings get exposed and in accessible from outside docker.
I am using Docker version 20.10.5, build 55c4c88
some more info. I am running a piece of software called impervious (a layer on top of the bitcoin lightning network). It needs to connect to my local Polar lightning node on localhost:10001. Here is the config file the tool itself uses(see lnd section):
# Server configurations
server:
enabled: true # enable the GRPC/HTTP/websocket server
grpc_addr: 0.0.0.0:8881 # SET FOR DOCKER
http_addr: 0.0.0.0:8882 # SET FOR DOCKER
# Redis DB configurations
sqlite3:
username: admin
password: supersecretpassword # this will get moved to environment variable or generated dynamically
###### DO NOT EDIT THE BELOW SECTION#####
# Services
service_list:
- service_type: federate
active: true
custom_record_number: 100000
additional_service_data:
- service_type: vpn
active: true
custom_record_number: 200000
additional_service_data:
- service_type: message
active: true
custom_record_number: 400000
additional_service_data:
- service_type: socket
active: true
custom_record_number: 500000
additional_service_data:
- service_type: sign
active: true
custom_record_number: 800000
additional_service_data:
###### DO NOT EDIT THE ABOVE SECTION#####
# Lightning
lightning:
lnd_node:
ip: host.docker.internal
port: 10001 #GRPC port of your LND node
pub_key: 025287d7d6b3ffcfb0a7695b1989ec9a8dcc79688797ac05f886a0a352a43959ce #get your LND pubkey with "lncli getinfo"
tls_cert: /app/lnd/tls.cert # SET FOR DOCKER
admin_macaroon: /app/lnd/admin.macaroon # SET FOR DOCKER
federate:
ttl: 31560000 #Federation auto delete in seconds
imp_id: YOUR_IMP_ID #plain text string of your IMP node name
vpn:
price: 100 #per hour
server_ip: http://host.docker.internal #public IP of your VPN server
server_port: 51820 #port you want to listen on
subnet: 10.0.0.0/24 #subnet you want to give to your clients. .1 == your server IP.
server_pub_key: asdfasdfasdf #get this from your WG public key file
allowed_ips: 0.0.0.0/0 #what subnets clients can reach. Default is entire world.
binary_path: /usr/bin/wg #where your installed the "wg" command.
dns: 8.8.8.8 #set your preferred DNS server here.
socket:
server_ip: 1.1.1.1 #public IP of your socket server
I run impervious using the following docker comand:
docker run -p8881:8881 -p8882:8882 -v /Users/xxx/dev/btc/impervious/config/alice-config-docker.yml:/app/config/config.yml -v /Users/xxx/.polar/networks/1/volumes/lnd/alice/tls.cert:/app/lnd/tls.cert -v /Users/xxx/.polar/networks/1/volumes/lnd/alice/data/chain/bitcoin/regtest/admin.macaroon:/app/lnd/admin.macaroon -it impant/imp-releases:v0.1.4
but it just hangs when it tries to connect to the node at host.docker.internal
Have you tried docker-mac-net-connect?
The problem is related to macOS.Unlike Docker on Linux, Docker for macOS does not expose container networks directly on the macOS host.
You can use host.docker.internal which gives the localhost of the macos.
https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host
The host has a changing IP address (or none if you have no network
access). We recommend that you connect to the special DNS name
host.docker.internal which resolves to the internal IP address used by
the host. This is for development purpose and does not work in a
production environment outside of Docker Desktop.
Mac running the desktop version of docker.
The docker isn't running on the host machine and using a kind of virtual machine that includes Linux kernel. The network of this virtual machine is different from the host machine. To connect from your Mac host to running docker container used a kind of VPN connection:
When you run your docker with --net host switch you connect the container to a virtual machine network instead connect to your host machine network as it's working on Linux.
Then trying to connect to 127.0.0.1 or to localhost isn't allow connections to the running container.
The solution to this issue is to expose needed ports from running container:
docker run -p 8080:8080
If you need to expose all ports from your container you can use -P switch.
For opposite connection use host.docker.internal URL from container.
More documentation about docker desktop for Mac networking
Related
On my Windows 10 host machine with Docker 4.9.1 I want to ssh into a docker container.
I followed a bunch of tutorials just like this one:
https://phoenixnap.com/kb/how-to-ssh-into-docker-container
From within the container I can ssh into the container using its IP of 172.17.0.2, but from my host machine I cannot.
Confirmation of the IP address:
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' interesting_meitner
'172.17.0.2'
Ping without response:
ping 172.17.0.2
Ping wird ausgeführt für 172.17.0.2 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.
Ping-Statistik für 172.17.0.2:
Pakete: Gesendet = 1, Empfangen = 0, Verloren = 1
(100% Verlust),
SSH with connection timeout:
ssh root#172.17.0.2
ssh: connect to host 172.17.0.2 port 22: Connection timed out
Starting the container (obviously done before trying to connect to it):
docker run -ti with_ssh:new /bin/bash
I have also tried this with options for remapping ports i.e. -p 22:666 or -p 666:22 .
Starting ssh server:
/etc/init.d/ssh start
* Starting OpenBSD Secure Shell server sshd
Checking status:
/etc/init.d/ssh status
* sshd is running
Ssh from container into container:
ssh root#172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:471dnz1q83owB/Nu0Qnnyz/Sct4Kwry9Sa9L9pwQeZo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root#172.17.0.2's password:
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 5.10.16.3-microsoft-standard-WSL2 x86_64)
[...]
Again from the Docker host I get a connection timeout. What do?
Your Docker container runs in a virtual network you cannot reach from the host (because it is isolated), which is why you cannot ping the containers IP from the host (but your docker container can, because it is attending the same network). You can expose the port like you already did with -p 666:22, but then you have to SSH to localhost not to the IP of the container: ssh -p 666 root#127.0.0.1.
You could also configure a correct routing from your hosts network to the virtual network and then you can reach the IP directly.
I did not reproduce your setup but this might work i guess. Hope it helps.
I'm trying to push an image to a docker registry that I'm running as a container on another machine. I start the registry by mounting the config.yml in an external volume. The default value for the http: addr field in this file is "localhost:5000". That works but I can't push from the other machine. I get the error:
"unable to connect to 192.168.1.149:5000. Do you need an HTTP proxy?"
But these are all machines on a local network, so there should be no proxy needed.
When I set this value to the ip address of the machine: 192.168.1.149:5000, I get the error:
"level=fatal msg="listen tcp 192.168.1.149:5000: bind: cannot assign
requested address"
My config file looks like this:
version: 0.1
log:
accesslog:
disabled: true
level: debug
formatter: text
fields:
service: registry
environment: development
loglevel: debug # deprecated: use "log"
storage:
filesystem:
rootdirectory: /var/lib/registry
maxthreads: 100
delete:
enabled: false
redirect:
disable: false
http:
addr: localhost:5000
tls:
certificate: /etc/docker/registry/server-cert.pem
key: /etc/docker/registry/server-key.pem
headers:
X-Content-Type-Options: [nosniff]
http2:
disabled: false
I launch the container like this:
sudo docker run -d -p 5000:5000 --restart=always --name registry -v /etc/docker/registry:/etc/docker/registry -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2
And my push looks like this:
docker push 192.168.1.149:5000/ironclads-api:1.5
I can ping 192.168.1.149 from the machine I'm trying to push from and I configured the certs according to the docker instructions. Any ideas what might be happening here?
Since it's running in a container, and listening on localhost inside that container, which is a different network namespace from your host (and so a different localhost), it's only reachable from inside that container. Instead, don't listen on localhost or the host IP, listen on all interfaces inside the contianer. The port forward is used to direct traffic from the host into the container.
The fix is to remove localhost, and replace it with nothing, or 0.0.0.0 if you want to bind on all IPv4 interfaces.
http:
addr: ":5000"
Based on this tutorial https://www.youtube.com/watch?v=XrFeRwJjWHI , I tried running Redis in Docker.
File docker-compose.yml
version: "3.8"
services:
redis:
image: redis
volumes:
- ./data:/data
ports:
- 6379:6379
docker pull redis
docker-compose up
docker-compose up -d
docker container ls
telnet localhost 6379
Telnet, type PING then press Enter key (you will not see text), then see result: PONG. Type quit to exit.
Microsoft Windows [Version 10.0.19041.508]
(c) 2020 Microsoft Corporation. All rights reserved.
D:\docker>docker-compose stop redis
Stopping docker_redis_1 ... done
D:\docker>
See what is running
docker container ls
You will see, docker redis was stoped.
docker image prune -a
docker-compose up
Docker RedisInsight
docker run -v redisinsight:/db -p 8001:8001 redislabs/redisinsight:latest
Wait about 6 minutes (at internet speed at 22:30) for downloading, unzip, install, starting.
go to: http://localhost:8001/ (auto open web browser). Health check for RedisInsight http://localhost:8001/healthcheck/ is OK.
(I also noted at here https://donhuvy.github.io/redis/docker/2020/10/10/run-redis-on-docker.html )
How to connect RedisInsight with Redis without error?
Update: This is my host file, seemly have problem at here (IP 127.0.0.1 for Kubernetes, really I don't know about Kubernetes, I am learning it.), but I don't know how to fix.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 www.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assets.cloud.techsmith.com
# Added by Docker Desktop
192.168.1.44 host.docker.internal
192.168.1.44 gateway.docker.internal
# To allow the same kube context to work on the host and the container:
127.0.0.1 kubernetes.docker.internal
# End of section
Using this setup in docker-compose.yml
version: '3.7'
services:
redis:
image: 'redis:6.0.6'
ports:
- '127.0.0.1:6379:6379/tcp'
volumes:
- 'redis_data:/data:rw'
healthcheck:
test: redis-cli ping
interval: 3s
timeout: 5s
retries: 5
redisinsight:
image: 'redislabs/redisinsight:latest'
ports:
- '127.0.0.1:8001:8001'
you can access redis via
RedisInsight are trying to connect to container's localhost. Try typing 127.0.0.1 into Host field.
If file host has been changed like the updated information in question, use 192.168.1.44 .
For your containers to access each other you should first connect them to same network.
docker network create redis
docker network connect redis elastic_diffie
docker network connect redis docker_redis_1
After that open RedisInsight UI and write docker_redis_1 to your Hostand keep the port same. You should be able to connect to your redis container.
Since you haven't mentioned any network for the containers, they are conneted to the default bridge network. learn more
To get container IP address
Type in your terminal
# Check container network IP address
docker container inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" <container name>
Use the IP address in: http://localhost:8001/ (RedisInsight).
or
(Not Recommended) Type the IP address of your HOST machine will solve the problem
Use ipconfig or ifconfig based on your OS to get your IP
you must put your Ip by ipconfig instead of localhost
My setup is the following:
Host: Win10
Guest: Ubuntu 15.10 (clean install, only docker and nodejs are added)
Base image: https://hub.docker.com/r/microsoft/aspnet/ 1.0.0-beta8-coreclr
Inside the guest I have installed Docker and created image (added sample webapp using yeoman to the image above). When I run the image inside container I can ping the container IP sucessfuly using the container IP from the linux (e.g. 172.17.0.2).
$sudo docker run -d -p 80:5000 --name web myapp
$sudo docker inspect --format '{{ .NetworkSettings.IPAddress }}' "web"
172.17.0.2
$ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.060 ms
1 packets transmitted, 1 received, 0% packet loss, time 999ms
$curl 172.17.0.2:80
curl: (7) Failed to connect to 172.17.0.2 port 80: Connection refused
I can also connect to the container and execute commands like ping, however from the linux machine (guest in VirtualBox, host for docker) I cannot access the web app that is hosted inside the container as seen above. I tried several approaches like mapping to the host IP addresses etc, but none of them worked. Did anyone have ideas where to start from ? Is the issue comes from that the docker is installed inside VirtualBox machine?
Thank you in advance.
Edit: Here are the logs from the container:
Could not open /etc/lsb_release. OS version will default to the empty string.
Hosting environment: Production
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.
Your command tells Docker to essentially proxy requests from port 80 of the Linux guest to port 5000 of the container. So the curl command you tried doesn't work because you're trying on port 80 on the container, while the container itself has a service listening on port 5000.
To connect to the container directly, you would use (on the Linux guest):
curl 172.17.0.2:5000
To access via the published port on the Linux guest (from your host):
curl (Linux guest IP)
Or (from the Linux guest):
curl localhost
Edit: This will also prove to be problematic:
Now listening on: http://localhost:5000
You'll want your app inside the container to bind to all interfaces (0.0.0.0) so it listens on the container's assigned IP. With localhost it won't be accessible.
You might find this example useful:
https://github.com/aspnet/Home/blob/dev/samples/1.0.0-beta8/HelloWeb/project.json
This line specifies that the app bind to all interfaces (using "*") on port 5004:
21 "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:5004"
You'll need similar configuration.
I am trying to get this fig image here up and running: https://registry.hub.docker.com/u/harbur/sonarqube/
docker and fig installed fine and also the two images boot normally (including the applications - checked from the logs).
however, there should be a port forwarding setup so that I can connect from my host machine to the sonarqube instance. however, I can't connect to the machines as no port is open on the host OS.
Is there anybody who can give me a hint on what I'm doing wrong?
Cheers,
Matthias
$ docker port dockersonarqube_sonarqube_1
443/tcp -> 0.0.0.0:49154
9000/tcp -> 127.0.0.1:9000
$ curl 127.0.0.1:9000
curl: (7) Failed connect to 127.0.0.1:9000; Connection refused
this is the fig config file:
postgresql:
image: orchardup/postgresql:latest
environment:
- POSTGRESQL_USER=sonar
- POSTGRESQL_PASS=xaexohquaetiesoo
- POSTGRESQL_DB=sonar
volumes:
- /opt/db/sonarqube/:/var/lib/postgresql
sonarqube:
image: harbur/sonarqube:latest
links:
- postgresql:db
environment:
- DB_USER=sonar
- DB_PASS=xaexohquaetiesoo
- DB_NAME=sonar
ports:
- "127.0.0.1:9000:9000"
- "443"
If you're using boot2docker on a Mac, you need to access the website via the VM. You'll need to do two things:
Expose the VM port on all interfaces by changing "127.0.0.1:9000:9000" to "0.0.0.0:9000:9000".
Use the IP of the VM to connect to the server e.g. curl $(boot2docker ip 2> /dev/null):9000
You shouldn't need to muck with port forwarding inside the VM unless you really don't like using the boot2docker IP rather than 0.0.0.0.
With boot2docker on OSX you need to set up port forwarding. You need to run something like:
VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port9000,tcp,,9000,,9000";
REF: https://github.com/boot2docker/boot2docker/blob/master/doc/WORKAROUNDS.md
Also you need to replace 127.0.0.1 by 0.0.0.0 in your fig.yml file in order to have
- "0.0.0.0:9000:9000"