docker compose with remote context gives ssh error connection refused - docker

I have a problem with docker-compose when I try to run this command from my local machine on my remote server using docker context:
docker-compose --context remote up -d
I get this:
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused
I only get this error with this command, everything else works fine (like ps or logs commands). Also regular ssh connection works fine, so I don't think there is something wrong with my ssh configuration.
Running the command with verbose gives no useful information, as far as I can see.

I had this exact issue. These 3 commands would run fine.
docker --context remote ps
docker --context remote run hello-world
ssh root#my-ubuntu-host
However, with more complicated docker-compose.yml files, I would get a connection refused error. Running with sudo did not fix the issue for me.
Turns out, ufw (which was pre-installed and pre-configured on my digital ocean droplet), was rate-limiting new SSH connections. And it seems docker-compose doesn't run everything in a single session, and instead runs each command separately.
The solution for me was to remove the rate-limit on SSH connections.
ufw delete limit 22/tcp
ufw reload
I'm about a year too late with this answer but hopefully it will help someone out there.

For me, using sudo fixed the issue. I've no idea why, but it worked.

Set environment variable COMPOSE_PARAMIKO_SSH: 1 in your .gitlab-ci.yml and read more here.

Related

docker: Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable. IN DOCKER , MAC [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 months ago.
Improve this question
I am having this issue
system3:postgres saurabh-gupta2$ docker build -t postgres .
Sending build context to Docker daemon 38.91kB
Step 1/51 : FROM registry.access.redhat.com/rhel7/rhel
Get https://registry.access.redhat.com/v2/: Service Unavailable
docker run -t apline
Unable to find image 'apline:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable.
See 'docker run --help'.
I have looked for a solution that says to set proxy, but I have set the proxy for the wifi.
https://docs.docker.com/docker-for-mac/networking/#httphttps-proxy-support
Still, it is not working.
I have set proxy for docker too. It is not working.
in Preference -> proxies
Docker version 17.12 ce
I also want to know if the proxy is the issue then how can I check it is set, what is work around for this?
Here are few suggestions:
Try restarting your Docker service.
Check your network connections. For example by the following shell commands:
</dev/tcp/registry-1.docker.io/443 && echo Works || echo Problem
curl https://registry-1.docker.io/v2/ && echo Works || echo Problem
Check your proxy settings (e.g. in /etc/default/docker).
If above won't help, this could be a temporary issue with the Docker services (as per Service Unavailable).
Related: GH-842 - 503 Service Unavailable at http://hub.docker.com.
I had this problem for past days, it just worked after that.
You can consider raising the issue at docker/hub-feedback repo, check at, Docker Community Forums, or contact Docker Support directly.
docker logout
docker login
This might solve your problem
I tried running on Windows, and got this problem after an update. I tried restarting the docker service as well as my pc, but nothing worked.
When running:
curl https://registry-1.docker.io/v2/ && echo Works
I got back:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
Works
Eventually, I tried:
https://github.com/moby/moby/issues/22635#issuecomment-284956961
By changing the fixed address to 8.8.8.8:
Which worked for me!
I still got the unauthorized message for curl https://registry-1.docker.io/v2/ but I managed to pull images from docker hub.
For me I had this issue when I first installed Docker and ran
docker run hello-world
I got an authentication required error when I ran
curl https://registry-1.docker.io/v2/ && echo Works
All I needed to do was to restart my MacOS and then run the command again, it just started pulling the image and i got the message
Hello from Docker!
This message shows that your installation appears to be working correctly.
It's clearly a proxy issue: docker proxies https connections to the wrong place. Bear in mind that docker proxy settings may be different from the operating system (and curl) ones. Here's how I managed to solve the issue:
First of all, find out where are you proxying your docker https requests:
# docker info | grep Proxy
Http Proxy: http://<my.proxy.server>:8080
Https Proxy: https://<my.proxy.server>:8080
No Proxy: localhost,127.0.0.1
and double check your https settings.
In my case, I realized that the "Https proxy" was set to https://... instead of http://..., so I corrected it in /etc/sysconfig/docker file (I'm using RHEL7) and, after a docker restart with:
# systemctl restart docker
the proxy variable shows up succesfully updated:
# docker info | grep Proxy
Http Proxy: http://<my.proxy.server>:8080
Https Proxy: http://<my.proxy.server>:8080
No Proxy: localhost,127.0.0.1
and everything works fine :-)
Just to add, in case anyone else comes across this issue.
On a Mac
I had to logout and log back in.
docker logout
docker login
Then it prompts for username (NOTE: Not email) and password. (Need an account on https://hub.docker.com to pull images down)
Then it worked for me.
NTML PROXY AND DOCKER
If your company is behind MS Proxy Server that using the proprietary NTLM protocol.
You need to install **Cntlm** Authentication Proxy
After this SET the proxy in
/etc/systemd/system/docker.service.d/http-proxy.conf) with the following format:
[Service]
Environment=“HTTP_PROXY=http://<<IP OF CNTLM Proxy Server>>:3182”
In addition you can set in the .DockerFile
export http_proxy=http://<<IP OF CNTLM Proxy Server>>:3182
export https_proxy=http://<IP OF CNTLM Proxy Server>>:3182
export no_proxy=localhost,127.0.0.1,10.0.2.*
Followed by:
systemctl daemon-reload
systemctl restart docker
This Worked for me
For me the problem was solved by restarting the docker daemon:
sudo systemctl restart docker
One option which worked for me on MAC.
Click on the Docker Icon in the tray. Open Preferences -> Proxies. Click on Manual Proxy and specify Web Server (HTTP) proxy and Secure Web server (HTTPS) proxy in the same format as we specify in HTTPS_PROXY env variable.
Choose Apply and Restart.
This Worked for me
try to reload daemon then restart docker service.
systemctl daemon-reload
I had this same issue when working on an Ubuntu server.
I was getting the following error:
deploy#my-comp:~$ docker login -u my-username -p my-password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp 35.175.83.85:443: connect: connection refused
Here are the things I tried that did not work:
Restarting the docker service using sudo docker systemctl restart docker
Powering off and restarting the Ubuntu server.
Changing the name server to 8.8.8.8 in the /etc/resolv.conf file
Here's what worked for me:
I tried checking if the server has access to the internet using the following netcat command:
nc -vz google.com 443
And it returned this output:
nc: connect to google.com port 443 (tcp) failed: Connection refused
nc: connect to google.com port 443 (tcp) failed: Network is unreachable
Instead of something like this:
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 172.217.166.110:443.
Ncat: 0 bytes sent, 0 bytes received in 0.07 seconds.
I tried checking again if the server has access to the internet using the following wget command:
wget -q --spider http://google.com ; echo $?
And it returned:
4
Instead of:
0
Note: Anything other than 0 in the output means your system is not connected to the internet
I then tried the last time if the server has access to the internet using the following Nmap command:
nmap -p 443 google.com
And it returned:
Starting Nmap 7.01 ( https://nmap.org ) at 2021-02-16 11:50 WAT
Nmap scan report for google.com (216.58.223.238)
Host is up (0.00052s latency).
Other addresses for google.com (not scanned): 2c0f:fb50:4003:802::200e
rDNS record for 216.58.223.238: los02s04-in-f14.1e100.net
PORT STATE SERVICE
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 1.21 seconds
Instead something like this:
Starting Nmap 7.01 ( https://nmap.org ) at 2021-02-16 11:50 WAT
Nmap scan report for google.com (216.58.223.238)
Host is up (0.00052s latency).
Other addresses for google.com (not scanned): 2c0f:fb50:4003:802::200e
rDNS record for 216.58.223.238: los02s04-in-f14.1e100.net
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 1.21 seconds
Note: The state of port 443/tcp is closed instead of open
All this was enough to make me realize that connections to the internet were not allowed on the server.
All I had to do was speak with the team in charge of infrastructure to fix the network connectivity issue to the internet on the server. And once that was fixed my docker command started working fine.
Resources: 9 commands to check if connected to internet with shell script examples
That's all.
I hope this helps
Recheck Proxy Settings with the following commands
docker info | grep Proxy
Check VPN Connectivity
If VPN not using CHECK NET connectivity
Reinstall Docker and repeat the above steps.
Enjoy
On my windows 11 all I did was to first login into my account
docker login
Got this from a network filter (LuLu on macOS) blocking traffic to/from Docker-related processes.
I had this issue when I first installed Docker and ran
docker run hello-world
I was on a corporate network and switching to my personal network solved the issue for me.
The answers are provided here amazing, but if you are new in that and you don't realize full error then you may see at the end of that error net/http: TLS handshake timeout. message means that you have a slow internet connection. So it can be only that problem that's it.
Toodles
I had the following entries in my /etc/hosts file:
34.228.211.243 registry-1.docker.io
34.205.88.205 auth.docker.io
104.18.121.25 production.cloudflare.docker.com
Just by commenting them out, I fixed the problem.
List item
Many good answers above, but mine is a bit different with Mac and Docker Desktop UI. In my case, it is a Desktop proxy setting that needs to be turned off when I am outside of corporate fiewall/proxy:
ERROR message from docker CLI:
Username: xxx
Password: ***
Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable
My env: Machine Mac with Docker UI (i.e. called Docker Desktop,
shown as a whale icon), running outside of corp firewall/proxy.
I am able to Sign In with Docker Desktop UI.
However, whether docker login or docker pull, I kept getting the above error and I got sidetrack into the user id, reset the daemon, ...
Finally, I got to the Docker Desktop UI. Sure enough, there is a proxy setting that I have setup long time ago, and totally forgot about it!
Yes, when I am outside of firewall, I need to turn off the proxy setting here.
Docker Desktop -> Preference -> Resources -> Proxies. Turn
Turn off the manual proxy configuration.
Then docker pull works (without docker login as I was pulling a public image)!
Thanks
PS. I think the difference in behavior of Docker Desktop and Docker CLI contributes to the confusion. I am able to login to docker through the GUI, and the CLI keeps erroring out without good enough diagnostic information.
Using Linux. For me it worked by doing:
$ docker logout
log out of hub.docker.com
log in to hub.docker.com
$ docker login
Check whether containers is enabled or not?
Goto --> turn on/off windows feature, then enable checkbox of containers
Restart windows.
Using the root account instead of my regular user account solved it for me.
I have solved this issue about $ sudo docker run hello-world following the Docker doc.
If you are behind an HTTP Proxy server of corporate, this may solve your problem.
Docker doc also displays other situation about HTTP proxy setting.
In my case, stopping Proxifier fixed it. I added a rule to route any connections from vpnkit.exe as Direct and it now works.
One of the problems you might need to check is,
Does the registry requires VPN,
Enable your VPN and try pulling again.
Thanks.
Ok, I have a similar issue and nothing seemed to help, restart docker, disabled IPv6 and the nslookup and dig all seemed fine.
What worked for me was going to my Docker Desktop -> Preferences -> Experimental Features and unchecking Use new virtualization framework.
docker login terminal command worked for me.
If your machine requires VPN then must connect with VPN first and try docker login.
Have you create a repo with the matching tag on destinated docker hub? It might be that your container image has no where to be pushed to.
Run export DOCKER_CONTENT_TRUST=0 and then try it again.
Use --tls in the pull request.
For example if original pull request is docker pull dgraph/dgraph:v21.03.0
Use this instead : docker --tls pull dgraph/dgraph:v21.03.0
Just reloading system, this is helped for me. (Windows 10 64x)

HTTP 403 response when accessing docker container on other host

I am using Docker version 17.06.2-ce, build cec0b72 on CentOS Linux release 7.2.1511.
My goal is to get a docker container to publish on one of the host's ports and have the information be visible to another system in the same subnet. My docker image is the friendlyhello image built in the getting started tutorial. I have an image of it on docker hub which you can pull with the below command. It exposes port 80 within the file, and then I call the image with
docker run -d -p 8080:80 jeremydr2/get-started:part2
I can get the correct response (basically "hello world") when I curl localhost:8080 or curl 10.x.x.x:8080 while on the host in which the container is running. When curling on another host, I get some html formatting and
default "Access Denied" response (403)
Note that a successful response can take over a minute, but an unsuccessful response will still be immediate.
From what I've read about this, I shouldn't have to mess with iptables at all to get this to work, which is good, because I don't really understand networking very well. However, I think something is wrong, because iptables -t nat -L | grep 8080 doesn't return anything, when I expect it to have a line about redirecting or allowing traffic to that port. I have disabled SELinux and firewalld, and installed iptables-services instead.
I can send traffic between the hosts with other commands like:
[root#host1 ~]# ncat -l 8001
[root#host2 ~]# echo "testing123" > /dev/tcp/<host1_ip_addr>/8001
so I feel confident it is not just a misconfigured network. FWIW, I've also tried the docker run ... command with --network=host, and this did not help, either. This has been 2 days of my life now. If anyone has advice I'd greatly appreciate it.
EDIT: This is definitely, somehow, a misconfigured network. I redid it at home, and it "just worked" the way everyone says docker is supposed to. Any advice on how to go about figuring out what part of the network stuff is blocking docker would be appreciated.
It was because of the proxies I had set up to reach the internet. After unsetting all the proxy variables, I was able to curl from the other system to the host. I had been told that the no_proxy and NO_PROXY variables I had set up were sufficient to prevent this, but that was not the case.
Thanks for everyone who looked at this.

Docker for Windows: error pulling image configuration: i/o timeout

I have installed the latest version of Docker for Windows (1.12.1-stable, build 7135) on my Windows 10 Pro-64 bit. I was able to successfully execute docker run hello-world. However, when I do docker run busybox, an error is thrown as below.
C:\Users\testuser>docker run -it busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
8ddc19f16526: Pulling fs layer
docker: error pulling image configuration: Get https://dseasb33srnrn.cloudfront.net/registry-v2/docker/registry/v2/blobs/sha256/2b/2b8fd9751c4c0f5dd266fcae00707e67a2545ef34f9a29354585f93dac906749/data?Expires=1474617209&Signature=HRDYuDqnI3ERPonW9vj0HtP3hzIQoB1j7d-kWzR0iDXozoDknq0n4wIfkw2H73K5xaBBmVNy2ZoOqOQTm9LFP44MGfgS1pNthOLuEMSKrVUJmuaQNvckxuznuqffhkMCmTmQ7-~WMBjyLh7Si9sLdYR8oLVwN6sDRn5wKRa7f4I_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q: dial tcp: i/o timeout.
See 'docker run --help'.
The same error occurs for several other images. I do not have a proxy and have a stable internet connection. I have tried this with windows firewall enabled and disabled. I have also restarted the docker service.
Let me know if I am missing something. Thanks in advance.
This is a known issue with the networking stack in the current version of Docker for Windows.
The workaround is detailed in remove stale network adapters: open the Network settings in Docker for Windows, and select the 'Fixed' DNS setting, using Google's DNS server 8.8.8.8.
I was also facing the similar issue while running Docker on Windows 10.
The issue got resolved by changing the DNS settings.
(Settings -> Network -> DNS Server -> 8.8.8.8 ( Automatic)
I observed that when the DNS server option was set to manual, the timeout issue still remains.
After making these changes, Docker service was restarted and I was able to pull the Docker image successfully.
regards,
dattatray.
Simply setting the DNS to fixed (and setting the target to 8.8.8.8) fixed it for me (after Docker restarted).
0
Setting up proxies and changing stale DNS settings were of no use in my case.
I had to reset the Virtual machine using below steps in docker-toolbox bash:
Stop the host docker virtual machine:
$ docker-machine stop default
Delete the host:
$ docker-machine rm default
Create new VirtualBox machine named default:
$ docker-machine create --driver virtualbox default
Verify if the machine is runnning. ACTIVE attribute should be marked *:
$ docker-machine ls
If the machine is not running, run the machine:
$ docker-machine run default
Then, on docker run mysql:8.0, you will get below screen in your bash
Hope it help you guys and save your time!

kubectl: Connection to server was refused

When I run kubectl run ... or any command I get an error message saying
The connection to the server localhost:8080 was refused - did you specify the right host or port?
What exactly is this error and how to resolve it?
In my case, working with minikube I had not started minikube. Starting minikube with
minikube start
fixed it.
In most cases, this means a missing kubeconfig file. kubectl is trying to use the default values when there is no $HOME/.kube/config.
You must create or copy a valid config file to solve this problem.
For example if you are using kubeadm you can solve this with:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively you can also export KUBECONFIG variable like this:
export KUBECONFIG=/etc/kubernetes/admin.conf
I really don't know much about kubectl... But the various reasons you have a connection refused to localhost I know of are as follows
1) Make sure you can resolve and ping your local host with the IP(127.XX.XX.XX) and also "localhost" if using a DNS or host file.
2) Make sure the service trying to access the localhost has enough permissions to run as root if trying to use localhost.
3) Check the ports with netstat and check for the appropriate flags you need amongst the "Plantu" flags, Look up the meaning of each of the flags as it would apply to your situation. If the service you are trying to access on localhost is listening on that port, netstat would let you know.
4) Check if you have admin or management settings in your application that needs permissions to access your localhost in the configuration parameters of your application.
5) According to the statement that says did you specify the right host or port, this means that either your "kubectl" run is not configured to run as localhost instead your primary DNS server hostname or IP, Check what host is configured to run your application and like I said check for the appropriate ports to use, You can use telnet to check this port and further troubleshoot form there.
My two cents!
creating cluster before running kubectl worked for me
gcloud container clusters create k0
If swap is not disabled, kubelet service will not start on the masters and nodes, for Platform9 Managed Kubernetes version 3.3 and above..
By running the below command to turn off swap memory
sudo swapoff -a
To make it permanent
go to /etc/fstab and comment the swap line
works well..
I'm a newbie in k8s, came here while working with microk8s &
want to use kubectl on microk8s cluster.
run below command
microk8s config > ~/.kube/config
got the solution from this link
https://microk8s.io/docs/working-with-kubectl
overall, kubectl needs a config file to work with cluster (here microk8s cluster)
Thanks
I also experienced the same issue when I executed kubectl get pods. The reason was docker desktop was not running, then I ran the docker desktop, checked for the docker and k8s running . Then again I ran kubectl get pods
same output. Then I started minikube by minikube start. Everything went normal.
try run with sudo permission mode
sudo kubectl run....

Docker run connection timeout

While running
sudo docker pull centos
it gives connection time out, While it is running behind proxy where the proxy has been set http_proxy & https_proxy. What is the reason apart from proxy,though it seems proxy issue.I checked LINK but in vain, is there some other settings i am missing please let me know.
2014/11/10 23:31:53 Get https://index.docker.io/v1/repositories/centos/images: dial tcp 162.242.195.84:443: connection timed out
I was getting timeouts on Windows 10 Docker 17.03.0-ce-rc1
To fix it I opened Settings / Network and then set the DNS server to 8.8.8.8
If you are running behind proxy then,
add following command or line in /etc/default/docker file,
export http_proxy=<YOUR_PROXY>
Restart docker service and check,
# service docker restart
service docker stop
HTTP_PROXY=http://proxy_ip:port/ docker -d &
This should work.
On Ubuntu, you can add HTTP_PROXY and HTTPS_PROXY to /etc/default/docker
So yes, what worked for me at the end is setting the proxy, as mentioned by other answers.
I went to icon tray --> Right click on docker to windows --> Go to
settings --> set the proxy as ip:port
Please refer screenshot as below
To change for a fast, open and non-intrusive DNS on CentOS 7:
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
add the line:
PEERDNS=no
and
sudo vi /etc/resolv.conf
keep only the line:
nameserver 9.9.9.9
If you run into these docker pull timeout issues on Docker Toolbox running on Windows 10 Home and piggybacking off an existing Virtualbox installation, check to see if Virtualbox is separately open and if so, shut down running machines and close Virtualbox (one or more of those running machines within Virtualbox were created and are being leveraged by Docker Toolbox). This heavy-handed way of going about things worked for me
Generally the problem of connection timeout, I know why the internet output was restricted to download docker images from external repositories,
To check this you can try to download the image from another server or another machine with a different internet channel.
If you can send the image from scp use the command: sudo docker save -o /home/your_image.tar your_image_name. and use with this command sudo docker load -i your_image.tar

Resources