Hello sorry for stupid question.. But i have googled it for a week and still can't find the answer.
Currently I'm using Virtualbox for ubuntu server 18.04 and I have installed docker on it. I have run docker apache server by using sudo docker pull httpd and sudo docker run -t --name apache -p 8080:80 httpd
And there is the problem. I can show the website by using curl 127.0.0.1:8080 but i can't access from the other network or other machine in different network.
For instance my virtualbox's ip address is 1.1.1.1 and host pc which is window is 2.2.2.2.
When i ping to each other it all works. But when i try to access 1.1.1.1:8080 from host pc i can't access
What should i check or do to solve this problem.
Thank you
For "1.1.1.1:8080" access on the host- Try opening TCP traffic on port 8080 of your virtual machine with firewall-cmd or an equivalent Ubuntu utility. "1.1.1.1:8080" should then become available on your host server.
For "2.2.2.2:XXXX" access from other devices on your home network(s)- You might need to both route the port of your VM to a port of your host (unless you have a pass-through NIC configured on the VM) on the VM manager plus open an additional firewall on your host server on the host port you've mapped to for access by other devices on your home network. After those steps on the host port "2.2.2.2:XXXX" should be the web server IP accessible by any device on your network(s).
For PUBLIC_IP:PUBLIC_PORT access from outside networks (external to your modem and available to the world)- IPs on your home networks can't be accessed from other networks. Access from other devices on your network is controlled by your firewall on your OS. Access from outside networks is controlled by port forwarding on your modem. I don't recommend port forwarding for a custom app unless you understand some of the security loopholes that can exist on a development web server. But to manage port forwarding go to http://INTERNAL_IP_OF_YOUR_MODEM and you'll get a management interface for managing your port forwarding settings. You'll also see your public IP on your router's management UI or by googling "my ip address".
You can map your modem's IP to an official www web domain with a web domain service like GoDaddy. You can map your internal IPs to internally known web domains by editing /etc/hosts files on the devices on your network.
Related
I using squid on docker, and have problem with connect to other site by selected ip.
I always connected by default host ip, not additional failover ip.
My setup:
a) server
-dedicated server on ovh.org
-1 dedicated ip from server, and 6 additional by ovh service 'failover ip'
-each failover ip added to main interface, and I have on main eno1 interface has 7 ip.
-i added all failover-ip by this guide on ovh.org
b) problem
-I added to squid.conf my failover ip, but when I connect to this ip remote and using squid, I always using host ip, not additionaly. What is wrong?
-my gist setup docker-compose, and squid.conf
https://gist.github.com/mxcdh/22baa3d7fa2d9dcb2279520b81d71afa
p.s
When I logged to host, not on squid on docker, and put in terminal:
ip-failover-1-results
It's working, but on squid no.
I deployed a ghost blogging platform on my server using docker. Now I want to expose it to the internet but I'm having some difficulties doing so.
I opened port 8000 in my router a forwarded it to port 32769 which is the one assign to that container. Using port 32769 inside my network I can access the website fine but when I try to access it from the internet it gives a took too long to respond error.
Local IP + PORT: http://10.0.0.140:32769/
Docker port config
Port tester
Router settings
This post was also added to Super User since it has been said that it would be responded better in there.
Let's say your application inside docker is now working on port 8000
You want to expose your application to internet.
The request would go: internet -> router -> physical computer (host machine) -> docker.
You need to export your application to your host machine, this could be done via EXPOSE 8000 instruction in Dockerfile.
That port should be accessible from your host machine first, so, when starting your docker image as docker container, you should add -p parameter, such as
sudo docker run -d -it -p 8000:8000 --name docker_contaier_name docker_image_name
From now on, your docker application can be access within your host machine, let's say it is your physical computer.
Forward port from your router to your host machine
This time, you may want to do as what you did in your question.
Access your application from internet.
If I am thinking correctly, the ip address 10.0.0.140 is just your computer LAN IP address, it cannot accessible from internet.
You can only able to connect to your app via an internet IP, to do that, you can check your router to see what is your WAN IP address, which will be assigned to your router by your internet service provider. Or go google with "what is my IP"
What works for me, more or less, is setting up Apache2 as reverse proxy, redirecting a path in Apache2 to the port of the Docker container. This probably could also be done for example with NGINX.
This way the traffic from the net gets proxied to the container and back to the net, and I see the WordPress site. So regarding the question of OP, the docker container is now exposed to the internet.
However 1: This still doesn't explain why I don't get return traffic from the Docker container if I access it directly from the net.
However 2: Not all the url's in the WordPress site are correct, but that seems to be a WordPress issue and not a Docker / routing issue.
I have a mongodb docker container I only want to have access to it from inside of my server, not out side. even I blocked the port 27017/tcp with firewall-cmd but it seems that docker is still available to public.
I am using linux centos 7
and docker-compose for setting up docker
I resolved the same problem adding an iptables rule that blocks 27017 port on public interface (eth0) at the top of chain DOCKER:
iptables -I DOCKER 1 -i eth0 -p tcp --dport 27017 -j DROP
Set the rule after docker startup
Another thing to do is to use non-default port for mongod, modify docker-compose.yml (remember to add --port=XXX in command directive)
For better security I suggest to put your server behind an external firewall
If you have your application in one container and MongoDb in other container what you need to do is to connect them together by using a network that is set to be internal.
See Documentation:
Internal
By default, Docker also connects a bridge network to it to provide
external connectivity. If you want to create an externally isolated
overlay network, you can set this option to true.
See also this question
Here's the tutorial on networking (not including internal but good for understanding)
You may also limit traffic on MongoDb by Configuring Linux iptables Firewall for MongoDB
for creating private networks use some IPs from these ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
more read on Wikipedia
You may connect a container to more than one network so typically an application container is connected to the outside world network (external) and internal network. The application communicates with database on internal network and returns some data to the client via external network. Database is connected only to the internal network so it is not seen from the outside (internet)
I found a post here may help enter link description here. Just post it here for people who needed it in future.
For security concern we need both hardware firewall and OS firewall enabled and configured properly. I found that firewall protection is ineffective for ports opened in docker container listened on 0.0.0.0 though firewalld service was enabled at that time.
My situation is :
A server with Centos 7.9 and Docker version 20.10.17 installed
A docker container was running with port 3000 opened on 0.0.0.0
The firewalld service had started with the command systemctl start firewalld
Only ports 22 should be allow access outside the server as the firewall configured.
It was expected that no one others could access port 3000 on that server, but the testing result was opposite. Port 3000 on that server was accessed successfully from any other servers. Thanks to the blog post, I have had my server under firewall protected.
I'm running virtualbox locally and I've used port forwarding like this
0.0.0.0:7000 -> 0.0.0.0:7000
so that I can do
curl http://localhost:7000
from host to vm and be able to communicate with the application running in the vm and listening to port 7000.
Is it possible to make the reverse? I want to set a port forward to be able to
curl http://localhost:6000
from my vm and be able to communicate with the app that runs on host and listens on port 6000.
I'm using NAT.
I already know about bridged network and about using the network IP of my host. I can't use those. All I'm interested in is the above.
Exclaimer:
The reason of the limitations above is because I'm using dinghy with docker and docker-machine. If I change the network to something else than NAT the setup will break. Moreover I can't use something else than localhost since these are the defaults that the apps have and I need them to communicate as if they were running both on host.
Possible options:
Setup an SSH tunnel with ssh -R, see https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work
Setup Nginx or Apache reverse proxy on the vm to forward traffic to host.
Force the VM to think localhost is your host ip by adding it to the /etc/hosts file (this has the potential risk of breaking other services that may depend on localhost being 127.0.0.1)
I'm running VirtualBox on a ubuntu (host), the VM i'm using is fedora (guest). VirtualBox is setup to use the NAT network adapter, and I'm able to get to the internet.
i use Port Forwarding to access ssh and the rails web server
port Forwarding Rules
<NAT>
<DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
<Alias logging="false" proxy-only="false" use-same-ports="false"/>
<Forwarding name="Rule 1" proto="1" hostport="5679" guestport="22"/>
<Forwarding name="Rule 2" proto="1" hostport="3080" guestport="3000"/>
</NAT>
now i can access internet on guest machine , and i can logging through ssh
but i cannot access the Rails web server on port 3080
i tried :
localhost:3080
10.0.2.15:3080 #the guest IP
what i can do all i need is SSH and internet connection and open the web site i host on gust machine by Browser in host machine
thanks
Just a stab in the dark here but this might be your issue...
When you provision a new Linux Virtual Machine in VirtualBox, the Network settings for that VM are set to 'NAT'. This results in your new VM being assigned a 10.x.x.x address.
Change this setting to Bridged mode, which will assign your VM an address within the same subnet as your host (most likely 192.168.x.x).
Try to connect to the site running on your host.
If you're still not able to access the site running on localhost, confirm the app isn't blocking connections from your new VM. Add a rule in to your access list (possible iptables) permitting tcp port 80 traffic from your VM's address (found using ifconfig).
Happy hunting!
In your VB you have to set network only with host. It is in preferences->network.
Then you can access your virtual machine via 192.168.56.101 from ubuntu. Port forwarding set on this network card. List it with ifconfig. I recommend to use iptables for port redirects.