Connection between containers [duplicate] - docker

I have an app whose only dependency is flask, which runs fine outside docker and binds to the default port 5000. Here is the full source:
from flask import Flask
app = Flask(__name__)
app.debug = True
#app.route('/')
def main():
return 'hi'
if __name__ == '__main__':
app.run()
The problem is that when I deploy this in docker, the server is running but is unreachable from outside the container.
Below is my Dockerfile. The image is ubuntu with flask installed. The tar just contains the index.py listed above;
# Dockerfile
FROM dreen/flask
MAINTAINER dreen
WORKDIR /srv
# Get source
RUN mkdir -p /srv
COPY perfektimprezy.tar.gz /srv/perfektimprezy.tar.gz
RUN tar x -f perfektimprezy.tar.gz
RUN rm perfektimprezy.tar.gz
# Run server
EXPOSE 5000
CMD ["python", "index.py"]
Here are the steps I am doing to deploy
$> sudo docker build -t perfektimprezy .
As far as I know the above runs fine, the image has the contents of the tar in /srv. Now, let's start the server in a container:
$> sudo docker run -i -p 5000:5000 -d perfektimprezy
1c50b67d45b1a4feade72276394811c8399b1b95692e0914ee72b103ff54c769
Is it actually running?
$> sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c50b67d45b1 perfektimprezy:latest "python index.py" 5 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp loving_wozniak
$> sudo docker logs 1c50b67d45b1
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with stat
Yep, seems like the flask server is running. Here is where it gets weird. Lets make a request to the server:
$> curl 127.0.0.1:5000 -v
* Rebuilt URL to: 127.0.0.1:5000/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:5000
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
Empty reply... But is the process running?
$> sudo docker top 1c50b67d45b1
UID PID PPID C STIME TTY TIME CMD
root 2084 812 0 10:26 ? 00:00:00 python index.py
root 2117 2084 0 10:26 ? 00:00:00 /usr/bin/python index.py
Now let's ssh into the server and check...
$> sudo docker exec -it 1c50b67d45b1 bash
root#1c50b67d45b1:/srv# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:47677 127.0.0.1:5000 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
root#1c50b67d45b1:/srv# curl -I 127.0.0.1:5000
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 5447
Server: Werkzeug/0.10.4 Python/2.7.6
Date: Tue, 19 May 2015 12:18:14 GMT
It's fine... But not from the outside.
What am I doing wrong?

The problem is you are only binding to the localhost interface, you should be binding to 0.0.0.0 if you want the container to be accessible from outside. If you change:
if __name__ == '__main__':
app.run()
to
if __name__ == '__main__':
app.run(host='0.0.0.0')
It should work.
Note that this will bind to all interfaces on the host, which may in some circumstances be a security risk - see https://stackoverflow.com/a/58138250/4332 for more information on binding to a specific interface.

When using the flask command instead of app.run, you can pass the --host option to change the host. The line in Docker would be:
CMD ["flask", "run", "--host", "0.0.0.0"]
or
CMD flask run --host 0.0.0.0

Your Docker container has more than one network interface. For example, my container has the following:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
32: eth0#if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
if you run docker network inspect bridge, you can see that your container is connected to that bridge with the second interface in the above output. This default bridge is also connected to the Docker process on your host.
Therefore you would have to run the command:
CMD flask run --host 172.17.0.2
To access your Flask app running in a Docker container from your host machine. Replace 172.17.0.2 with whatever the particular IP address is of your container.

You need to modify the host to 0.0.0.0 in the docker file. This is a minimal example
# Example of Dockerfile
FROM python:3.8.5-alpine3.12
WORKDIR /app
EXPOSE 5000
ENV FLASK_APP=app.py
COPY . /app
RUN pip install -r requirements.txt
ENTRYPOINT [ "flask"]
CMD [ "run", "--host", "0.0.0.0" ]
and the file app.py is
# app.py
from flask import Flask
app = Flask(__name__)
#app.route("/")
def home():
return "Hello world"
if __name__ == "__main__":
app.run()
Then compile with
docker build . -t deploy_flask
and run with
docker run -p 5000:5000 -t -i deploy_flask:latest
You can check the response with curl http://127.0.0.1:5000/ -v

First of all in your python script you need to change code from
app.run()
to
app.run(host="0.0.0.0")
Second, In your docker file, last line should be like
CMD ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
And on host machine if 0.0.0.0:5000 doesn't work then you should try with localhost:5000
Note - The CMD command has to be proper. Because CMD command provide defaults for executing container.

To build on other answers:
Imagine you have two computers. Each computer has a network interface (WiFi, say), which is its public IP. Each computer has a loopback/localhost interface, at 127.0.0.1. This means "just this computer."
If you listed on 127.0.0.1 on computer A, you would not expect to be able to connect to that via 127.0.0.1 when running on computer B. After all, you asked to listen on computer A's local, private address.
Docker is similar setup; technically it's the same computer, but the Linux kernel is allowing each container to run with its own isolated network stack. So 127.0.0.1 in a container is the same as 127.0.0.1 on a different computer than your host—you can't connect to it.
Longer version, with diagrams: https://pythonspeed.com/articles/docker-connection-refused/

For fast readers, three quick things to check:
Make sure you have exposed the port in the Dockerfile.
Running the command in container using flask run --host=0.0.0.0
Specifying the port in your docker run command docker run -it -p5000:5000 yourImageName

In my case, binding the host to 0.0.0.0 only worked on my local environment, and it failed when deploying on a server.
Then it's working when I replaced the port with --network=host:
Before:
docker run -d -p 5000:5000 <docker_image>
After:
docker run -d --network=host <docker_image>
ps. I still used the 0.0.0.0:5000 inside the container when running the flask app.

Related

Docker doesn't expose port [duplicate]

I have an app whose only dependency is flask, which runs fine outside docker and binds to the default port 5000. Here is the full source:
from flask import Flask
app = Flask(__name__)
app.debug = True
#app.route('/')
def main():
return 'hi'
if __name__ == '__main__':
app.run()
The problem is that when I deploy this in docker, the server is running but is unreachable from outside the container.
Below is my Dockerfile. The image is ubuntu with flask installed. The tar just contains the index.py listed above;
# Dockerfile
FROM dreen/flask
MAINTAINER dreen
WORKDIR /srv
# Get source
RUN mkdir -p /srv
COPY perfektimprezy.tar.gz /srv/perfektimprezy.tar.gz
RUN tar x -f perfektimprezy.tar.gz
RUN rm perfektimprezy.tar.gz
# Run server
EXPOSE 5000
CMD ["python", "index.py"]
Here are the steps I am doing to deploy
$> sudo docker build -t perfektimprezy .
As far as I know the above runs fine, the image has the contents of the tar in /srv. Now, let's start the server in a container:
$> sudo docker run -i -p 5000:5000 -d perfektimprezy
1c50b67d45b1a4feade72276394811c8399b1b95692e0914ee72b103ff54c769
Is it actually running?
$> sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c50b67d45b1 perfektimprezy:latest "python index.py" 5 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp loving_wozniak
$> sudo docker logs 1c50b67d45b1
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with stat
Yep, seems like the flask server is running. Here is where it gets weird. Lets make a request to the server:
$> curl 127.0.0.1:5000 -v
* Rebuilt URL to: 127.0.0.1:5000/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:5000
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
Empty reply... But is the process running?
$> sudo docker top 1c50b67d45b1
UID PID PPID C STIME TTY TIME CMD
root 2084 812 0 10:26 ? 00:00:00 python index.py
root 2117 2084 0 10:26 ? 00:00:00 /usr/bin/python index.py
Now let's ssh into the server and check...
$> sudo docker exec -it 1c50b67d45b1 bash
root#1c50b67d45b1:/srv# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:47677 127.0.0.1:5000 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
root#1c50b67d45b1:/srv# curl -I 127.0.0.1:5000
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 5447
Server: Werkzeug/0.10.4 Python/2.7.6
Date: Tue, 19 May 2015 12:18:14 GMT
It's fine... But not from the outside.
What am I doing wrong?
The problem is you are only binding to the localhost interface, you should be binding to 0.0.0.0 if you want the container to be accessible from outside. If you change:
if __name__ == '__main__':
app.run()
to
if __name__ == '__main__':
app.run(host='0.0.0.0')
It should work.
Note that this will bind to all interfaces on the host, which may in some circumstances be a security risk - see https://stackoverflow.com/a/58138250/4332 for more information on binding to a specific interface.
When using the flask command instead of app.run, you can pass the --host option to change the host. The line in Docker would be:
CMD ["flask", "run", "--host", "0.0.0.0"]
or
CMD flask run --host 0.0.0.0
Your Docker container has more than one network interface. For example, my container has the following:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
32: eth0#if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
if you run docker network inspect bridge, you can see that your container is connected to that bridge with the second interface in the above output. This default bridge is also connected to the Docker process on your host.
Therefore you would have to run the command:
CMD flask run --host 172.17.0.2
To access your Flask app running in a Docker container from your host machine. Replace 172.17.0.2 with whatever the particular IP address is of your container.
You need to modify the host to 0.0.0.0 in the docker file. This is a minimal example
# Example of Dockerfile
FROM python:3.8.5-alpine3.12
WORKDIR /app
EXPOSE 5000
ENV FLASK_APP=app.py
COPY . /app
RUN pip install -r requirements.txt
ENTRYPOINT [ "flask"]
CMD [ "run", "--host", "0.0.0.0" ]
and the file app.py is
# app.py
from flask import Flask
app = Flask(__name__)
#app.route("/")
def home():
return "Hello world"
if __name__ == "__main__":
app.run()
Then compile with
docker build . -t deploy_flask
and run with
docker run -p 5000:5000 -t -i deploy_flask:latest
You can check the response with curl http://127.0.0.1:5000/ -v
First of all in your python script you need to change code from
app.run()
to
app.run(host="0.0.0.0")
Second, In your docker file, last line should be like
CMD ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
And on host machine if 0.0.0.0:5000 doesn't work then you should try with localhost:5000
Note - The CMD command has to be proper. Because CMD command provide defaults for executing container.
To build on other answers:
Imagine you have two computers. Each computer has a network interface (WiFi, say), which is its public IP. Each computer has a loopback/localhost interface, at 127.0.0.1. This means "just this computer."
If you listed on 127.0.0.1 on computer A, you would not expect to be able to connect to that via 127.0.0.1 when running on computer B. After all, you asked to listen on computer A's local, private address.
Docker is similar setup; technically it's the same computer, but the Linux kernel is allowing each container to run with its own isolated network stack. So 127.0.0.1 in a container is the same as 127.0.0.1 on a different computer than your host—you can't connect to it.
Longer version, with diagrams: https://pythonspeed.com/articles/docker-connection-refused/
For fast readers, three quick things to check:
Make sure you have exposed the port in the Dockerfile.
Running the command in container using flask run --host=0.0.0.0
Specifying the port in your docker run command docker run -it -p5000:5000 yourImageName
In my case, binding the host to 0.0.0.0 only worked on my local environment, and it failed when deploying on a server.
Then it's working when I replaced the port with --network=host:
Before:
docker run -d -p 5000:5000 <docker_image>
After:
docker run -d --network=host <docker_image>
ps. I still used the 0.0.0.0:5000 inside the container when running the flask app.

How to get NGINX running in Docker to reload nginx.conf configuration

I am trying to get a NGINX based reverse proxy to work in Windows/WSL2 environment. I am very new to Docker and NGINX world. I am able to get the following command to work
docker run --name nginx-test -p 8080:80 -v /home/skotekar/nginx.conf:/etc/nginx/nginx.conf:ro -v /mnt/d/site1/wwwroot:/usr/share/nginx/html:ro -d nginx:alpine
I can then browse http://localhost:8080 and view my static content just fine. As you see from the command I have a default nginx.conf in my local /home folder which gets mapped into NGINX Docker when running. It works fine the first time.
Now if I stop the container using:
docker container stop nginx-test
Then make changes to the nginx.conf file in my /home directory and want to start the container with updated configuration using following command:
docker container start nginx-test
But this command fails gives me a very confusing message:
Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: rootfs_linux.go:59: mounting "/run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu-20.04/c0d0caa87ff063ee46265048f5b1ee489a8945669d39c6f6110cd578b8cda1ed" to rootfs at "/var/lib/docker/overlay2/4e6b279945acb06200b3677272774f4b5fbb6a619214decbca8c594dbbe3b8ec/merged/etc/nginx/nginx.conf" caused: no such file or directory: unknown
Only way to get it back running is to delete the container and use the first command again. Any idea how to get this working. It will be easier if I could just restart my container after making changes to config until I figure out the correct reverse proxy settings I need.
Thanks
You do not need to restart container to reload new config. Nginx can hot-reload config without restarting.
Once you have mounted volume, you can make changes and they will be reflected in container immediately.
To test your config just execute this command:
docker exec nginx-test nginx -t
To reload new config:
docker exec nginx-test nginx -s reload
Edit! Access Windows host from Docker running in the WSL2
As per comments i am very curious about your issues, because i haven't seen them in my career.
So my steps to reproduce your use case is:
1. Download any web application for windows
I chose caddy web server as it is single binary and I know it. It is similar application to Nginx
https://caddyserver.com/download
2. Setup simple webpage on Windows Host
I prepared Caddyfile - Config for Caddy Web Server:
:80
respond "Hello, world from Caddy on Windows!"
Then i put this Caddyfile in the same directory, where I have Caddy Server binary:
PS C:\Users\Daniel\Downloads\caddy> ls
Directory: C:\Users\Daniel\Downloads\caddy
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 29.01.2021 11:59 52 Caddyfile
-a---- 29.01.2021 11:55 34081792 caddy_windows_amd64.exe
3. Start Web Server on Windows and verify it.
To start web server run: ./caddy.exe run
Example:
PS C:\Users\Daniel\Downloads\caddy> .\caddy_windows_amd64.exe run
2021/01/29 11:01:27.520 ←[34mINFO←[0m using adjacent Caddyfile
2021/01/29 11:01:27.528 ←[34mINFO←[0m admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/01/29 11:01:27.529 ←[34mINFO←[0m tls.cache.maintenance started background certificate maintenance {"cache": "0xc000497490"}
2021/01/29 11:01:27.529 ←[34mINFO←[0m http server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 80}
2021/01/29 11:01:27.530 ←[34mINFO←[0m tls cleaned up storage units
2021/01/29 11:01:27.532 ←[34mINFO←[0m autosaved config {"file": "C:\\Users\\Daniel\\AppData\\Roaming\\Caddy\\autosave.json"}
2021/01/29 11:01:27.532 ←[34mINFO←[0m serving initial configuration
Now verify if it is working. Go to your browser and visit the http://localhost/ page:
4. Now verify you have WSL2 running on the windows host:
PS C:\Users\Daniel> wsl.exe --list --all -v
NAME STATE VERSION
* Ubuntu-20.04 Running 2
If yes shell there with command wsl
5. Start docker daemon
daniel#DESKTOP-K8UQA2E:~$ sudo service docker start
* Starting Docker: docker
6. Check your IPv4 address for WSL Network adapter in the Windows and Linux
Open powershell and execute the ifconfig command, then find WSL network adapter:
Ethernet adapter vEthernet (WSL):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e96c:c3d6:464e:2a3b%72
IPv4 Address. . . . . . . . . . . : 172.20.240.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Your Windows IP is 172.20.240.1
Then go to WSL and execute curl 172.20.240.1, to check if your hosts are connected.
daniel#DESKTOP-K8UQA2E:~$ curl 172.20.240.1
Hello, world from Caddy on Windows!d
Now figure out the Linux Host IP with the ip a command and see IP in the same network as Windows:
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:ce:28:8e brd ff:ff:ff:ff:ff:ff
inet 172.20.252.177/20 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fece:288e/64 scope link
valid_lft forever preferred_lft forever
7. Prepare simple nginx configuration
worker_processes 5; ## Default: 1
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
index index.html index.htm index.php;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
server { # simple load balancing
listen 80;
location / {
return 200 "Hello World from Nginx in Linux";
}
location /windows {
proxy_pass http://172.20.240.1/;
}
}
}
This is very simple config
8. Start the docker with host networking mode.
If you do not want to use the host networking, you have to do forwarding packets from docker network to the wsl network because your docker will not have access to windows host directly.
But let's say you can start container with host networking.
Run this command:
daniel#DESKTOP-K8UQA2E:~/nginx-test$ sudo docker run -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf --name="nginx-local" --network=host -d nginx:latest
Verify your docker is working fine:
daniel#DESKTOP-K8UQA2E:~/nginx-test$ sudo docker logs nginx-local
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
daniel#DESKTOP-K8UQA2E:~/nginx-test$ sudo docker ps | grep nginx
de9873314b77 nginx:latest "/docker-entrypoint.…" 20 seconds ago Up 19 seconds
8. Try to get response from linux and windows
daniel#DESKTOP-K8UQA2E:~/nginx-test$ curl localhost
Hello World from Nginx in Linux
daniel#DESKTOP-K8UQA2E:~/nginx-test$ curl localhost/windows
Hello, world from Caddy on Windows!
daniel#DESKTOP-K8UQA2E:~/nginx-test$

Can't connect to docker container on localhost [duplicate]

I have an app whose only dependency is flask, which runs fine outside docker and binds to the default port 5000. Here is the full source:
from flask import Flask
app = Flask(__name__)
app.debug = True
#app.route('/')
def main():
return 'hi'
if __name__ == '__main__':
app.run()
The problem is that when I deploy this in docker, the server is running but is unreachable from outside the container.
Below is my Dockerfile. The image is ubuntu with flask installed. The tar just contains the index.py listed above;
# Dockerfile
FROM dreen/flask
MAINTAINER dreen
WORKDIR /srv
# Get source
RUN mkdir -p /srv
COPY perfektimprezy.tar.gz /srv/perfektimprezy.tar.gz
RUN tar x -f perfektimprezy.tar.gz
RUN rm perfektimprezy.tar.gz
# Run server
EXPOSE 5000
CMD ["python", "index.py"]
Here are the steps I am doing to deploy
$> sudo docker build -t perfektimprezy .
As far as I know the above runs fine, the image has the contents of the tar in /srv. Now, let's start the server in a container:
$> sudo docker run -i -p 5000:5000 -d perfektimprezy
1c50b67d45b1a4feade72276394811c8399b1b95692e0914ee72b103ff54c769
Is it actually running?
$> sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c50b67d45b1 perfektimprezy:latest "python index.py" 5 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp loving_wozniak
$> sudo docker logs 1c50b67d45b1
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with stat
Yep, seems like the flask server is running. Here is where it gets weird. Lets make a request to the server:
$> curl 127.0.0.1:5000 -v
* Rebuilt URL to: 127.0.0.1:5000/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:5000
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
Empty reply... But is the process running?
$> sudo docker top 1c50b67d45b1
UID PID PPID C STIME TTY TIME CMD
root 2084 812 0 10:26 ? 00:00:00 python index.py
root 2117 2084 0 10:26 ? 00:00:00 /usr/bin/python index.py
Now let's ssh into the server and check...
$> sudo docker exec -it 1c50b67d45b1 bash
root#1c50b67d45b1:/srv# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:47677 127.0.0.1:5000 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
root#1c50b67d45b1:/srv# curl -I 127.0.0.1:5000
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 5447
Server: Werkzeug/0.10.4 Python/2.7.6
Date: Tue, 19 May 2015 12:18:14 GMT
It's fine... But not from the outside.
What am I doing wrong?
The problem is you are only binding to the localhost interface, you should be binding to 0.0.0.0 if you want the container to be accessible from outside. If you change:
if __name__ == '__main__':
app.run()
to
if __name__ == '__main__':
app.run(host='0.0.0.0')
It should work.
Note that this will bind to all interfaces on the host, which may in some circumstances be a security risk - see https://stackoverflow.com/a/58138250/4332 for more information on binding to a specific interface.
When using the flask command instead of app.run, you can pass the --host option to change the host. The line in Docker would be:
CMD ["flask", "run", "--host", "0.0.0.0"]
or
CMD flask run --host 0.0.0.0
Your Docker container has more than one network interface. For example, my container has the following:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
32: eth0#if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
if you run docker network inspect bridge, you can see that your container is connected to that bridge with the second interface in the above output. This default bridge is also connected to the Docker process on your host.
Therefore you would have to run the command:
CMD flask run --host 172.17.0.2
To access your Flask app running in a Docker container from your host machine. Replace 172.17.0.2 with whatever the particular IP address is of your container.
You need to modify the host to 0.0.0.0 in the docker file. This is a minimal example
# Example of Dockerfile
FROM python:3.8.5-alpine3.12
WORKDIR /app
EXPOSE 5000
ENV FLASK_APP=app.py
COPY . /app
RUN pip install -r requirements.txt
ENTRYPOINT [ "flask"]
CMD [ "run", "--host", "0.0.0.0" ]
and the file app.py is
# app.py
from flask import Flask
app = Flask(__name__)
#app.route("/")
def home():
return "Hello world"
if __name__ == "__main__":
app.run()
Then compile with
docker build . -t deploy_flask
and run with
docker run -p 5000:5000 -t -i deploy_flask:latest
You can check the response with curl http://127.0.0.1:5000/ -v
First of all in your python script you need to change code from
app.run()
to
app.run(host="0.0.0.0")
Second, In your docker file, last line should be like
CMD ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
And on host machine if 0.0.0.0:5000 doesn't work then you should try with localhost:5000
Note - The CMD command has to be proper. Because CMD command provide defaults for executing container.
To build on other answers:
Imagine you have two computers. Each computer has a network interface (WiFi, say), which is its public IP. Each computer has a loopback/localhost interface, at 127.0.0.1. This means "just this computer."
If you listed on 127.0.0.1 on computer A, you would not expect to be able to connect to that via 127.0.0.1 when running on computer B. After all, you asked to listen on computer A's local, private address.
Docker is similar setup; technically it's the same computer, but the Linux kernel is allowing each container to run with its own isolated network stack. So 127.0.0.1 in a container is the same as 127.0.0.1 on a different computer than your host—you can't connect to it.
Longer version, with diagrams: https://pythonspeed.com/articles/docker-connection-refused/
For fast readers, three quick things to check:
Make sure you have exposed the port in the Dockerfile.
Running the command in container using flask run --host=0.0.0.0
Specifying the port in your docker run command docker run -it -p5000:5000 yourImageName
In my case, binding the host to 0.0.0.0 only worked on my local environment, and it failed when deploying on a server.
Then it's working when I replaced the port with --network=host:
Before:
docker run -d -p 5000:5000 <docker_image>
After:
docker run -d --network=host <docker_image>
ps. I still used the 0.0.0.0:5000 inside the container when running the flask app.

Connect from docker container to host elasticsearch runing instance

I have this simple setup:
A Dockerfile:
FROM centos:latest
RUN yum update -y
RUN yum install -y epel-release
RUN yum install -y java-1.8.0-openjdk
RUN yum install -y curl
RUN mkdir /var/totest
EXPOSE 9200
EXPOSE 9300
And on host machine I have a running instance of elasticsearch 5.4.2.
When I do on host curl http://localhost:9200 I get the correct response:
{
"name" : "T8apV_J",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "YFkkaM8dSJCnXbDFRFD_aw",
"version" : {
"number" : "5.4.2",
"build_hash" : "929b078",
"build_date" : "2017-06-15T02:29:28.122Z",
"build_snapshot" : false,
"lucene_version" : "6.5.1"
},
"tagline" : "You Know, for Search"
}
but, if i build the docker image and I run
docker run -p 9200:9200 -it my-simple-image /bin/bash
I get this error:
docker: Error response from daemon: driver failed programming external connectivity on endpoint infallible_brown (71c6fae1275d149b2708a1aa9b737278d340c4e7b073d858b4222eb0268ef285): Error starting userland proxy: listen tcp 0.0.0.0:9200: bind: address already in use.
How can I connect from inside the docker container to the host running elasticsearch instance?
All I need is to be able to perform from inside the container
curl http://localhost:9200/index_name/_search
You need to remove the EXPOSE 9200 directive in the Dockerfile because port number 9200 is already taken by the elastic search service.
You should curl with the ip address of your host machine.
Docker attaches containers to the bridge network to start with so you need a way to get the ip address of the host.
You may need to set an alias depending on whether or not your host is connected to a wider network. I set this alias for my bridge0 interface.
sudo ifconfig bridge0 alias <ip_address>
If your host connected to a wider network, use the inet address of assigned to your ethernet device. You can get the inet address by running:
ifconfig en0 | grep "inet " | cut -d " " -f2
You can either way pass the inet address of your network interface as an environment variable to docker:
docker run -e MY_HOST_IP=$(ip_address) -it my-simple-image /bin/bash
# or
docker run -e MY_HOST_IP=$(ifconfig en0 | grep "inet " | cut -d " " -f2) -it my-simple-image /bin/bash
curl $MY_HOST_IP:8000
See this thread for more information about your question
Elastic search uses port 9200. Now you want to publish port 9200 from a container to localhost. You can not have two applications listening on the same port of localhost.
Here is a quick hack to get it working. With Elastic accessible on your host with curl -X GET 'http://0.0.0.0:9200', I think docker run --net host --name your_app will allow the container'd app to query the Elastic instance running on your host. So, you can omit any EXPOSE or -p settings. But be aware, according to their docs:
--network="host" gives the container full access to local system services such as D-bus and is therefore considered insecure.

Application running within a docker container is not accessible?

I have create a docker image with all the setup to run my Django application .
Step 1:
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sidhartha03/django latest c4ba9ec8e613 About an hour ago 704 MB
Step 2:
docker run -i -t c4ba9ec8e613 /bin/bash
Step 3:
root#257f4e73ffa0:/# cd /home
Step 4:Activate the virtual env
root#257f4e73ffa0:/home# source my_env/bin/activate
Step 5:
root#257f4e73ffa0:/home# cd my_project_directory
Step 6:Gunicorn bind coomand to deploy the Django application
root#257f4e73ffa0:/home/my_project_directory# gunicorn OPC.wsgi:application --bind=0.0.0.0:8000 --daemon
Step 7:Restart Nginx
root#257f4e73ffa0:/home/my_project_directory# sudo service nginx restart
Step 8:check wheather the application is running or not
root#257f4e73ffa0:/home/my_project_directory# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 22/python
---> But the application is not accessible 127.0.0.1:8000
getting the following in browser
This site can’t be reached
127.0.0.1 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
You should bind the container port where you run your gunicorn to the host. To do this, use the following command.
docker run -i -t -p 8000:8000 c4ba9ec8e613 /bin/bash

Resources