I have created a sonarqube docker container in Azure Linux however, I am unable to access it. The Azure Linux VM doesn't have a public IP. It only has a Private IP address.
Anyways, can I access the container on Private IP?
# docker run -d --name sonarqube -p 1.1.1.1:9000:9000 sonarqube:lts
25c34ffb9775a4bd7761d1de1583d4d187f6ce9be6e5db3a419afd1f05806523
HSTSCMN20356:/opt/sonarqube/elasticsearch/config # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
25c34ffb9775 sonarqube:lts "./bin/run.sh" 6 seconds ago Up 4 seconds 1.1.1.1:9000->9000/tcp sonarqube
:/opt/sonarqube/elasticsearch/config #
You can access the container on the private address from any machine within the network (like another VM on the same network). You need to have a public IP address to access it over the internet from your PC or you need to connect your PC to the private network using a VPN.
Make sure that sonarqube is not bound to loopback IP (127.x.x.x).
PS: 1.1.1.1 doesn't seem to be a correct internal IP. Are you sure that's your internal IP address?
Related
I am using docker container for my asp.net core web api application and container is up and running.
Now I am getting docker internal IP address using below command,
docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" d986472784cb and getting the IP address as 172.20.0.2.
Now I am not getting any result when hitting below url in browser
http://172.20.0.2/WeatherForecast, seeing ERR_CONNECTION_TIMED_OUT error.
local address https://localhost:32772/weatherforecast is just working fine.
What could be the issue?
The container-private IP simply doesn't work in a variety of common circumstances:
If you're not calling from the same host, the container-private IP won't be reachable at all
If there is a VM involved at all (Docker Toolbox on Windows, Docker Desktop on Windows or Mac), the container-private IP won't be reachable at all
If you're not on the same Docker-internal network, you might not be able to reach the container-private IP
Since it doesn't work in so many environments, I wouldn't recommend looking up this IP address at all: forget that particular docker inspect command exists. From the browser, use your host's IP address or DNS name (or localhost if the containers and browser are on the same system, but not if Docker Toolbox is involved) and the published port number (docker run -p option, Docker Compose ports: option, the first port number from that pair).
You need the port number in the ip address url. http://172.20.0.2:32772/WeatherForecast
I'm just going to put this here, because it was very difficult to find information on this topic and I ended up solving it myself.
Setup
Bastion host in aws with a public ip address
Registry (image registry:2) on a private subnet behind bastion host
Successful ssh port forwarding through bastion, connecting localhost:5000 to registry:5000
curl localhost:5000/v2/_catalog provides a list of installed registries.
So far so good.
docker tag {my image} localhost:5000/{my image}
docker push localhost:5000/{my image}
Result
The push refers to repository [localhost:5000/{my image}]
Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: connect: connection refused
How do we connect to a registry port forwarded to localhost?
I have found some obscure posts suggesting that you need to make a custom privileged container and do your ssh bastion port forwarding inside the container. This is essentially working around a problem introduced by the fact that the docker daemon is actually running inside a virtual machine!
https://docs.docker.com/docker-for-windows/networking/
You can find a hint here:
I WANT TO CONNECT FROM A CONTAINER TO A SERVICE ON THE HOST The host
has a changing IP address (or none if you have no network access).
From 18.03 onwards our recommendation is to connect to the special DNS
name host.docker.internal, which resolves to the internal IP address
used by the host. This is for development purpose and will not work in
a production environment outside of Docker Desktop for Windows.
So given the above, I reasoned that even though this advice is for containers, the docker daemon itself is probably acting on docker cli commands from within a similar context.
Therefore, first you need to add host.docker.internal:5000 as an insecure registry in your docker daemon setup. On Docker for Windows, this can be found in Settings > Daemon > Insecure registries. Unfortunately this doesn't count as localhost, so this has to be done (Docker allows localhost insecure registries by default). Then simply:
docker tag {my image} host.docker.internal:5000/{my image}
docker push host.docker.internal:5000/{my image}
Success!
Hopefully this helps some other very confused developers.
I'm using a Digital Ocean docker droplet and have 3 docker containers: 1 for front-end, 1 for back-end and 1 for other tools with different dependencies, let's call it back-end 2.
The front-end calls the back-end 1, the back-end 1 in turn calls the back-end 2. The back-end 2 container exposes a gRPC service over port 50051. Locally, by running the following command, I was able to identify the docker service to be running with the IP 127.17.0.1:
docker network inspect bridge --format='{{json .IPAM.Config}}'
Therefore, I understand that my gRPC server is accessible from the following url 127.17.0.1:50051 within the server.
Unfortunately, the gRPC server refuses connections when running from the docker droplet while it works perfectly well when running locally.
Any idea what may be different?
You should generally set up a Docker private network to communicate between containers using their container names; see e.g. How to communicate between Docker containers via "hostname". The Docker-internal IP addresses are subject to change if you delete and recreate a container and aren't reachable from off-host, and trying to find them generally isn't a best practice.
172.17.0.0/16 is a typical default for the Docker-internal IP network (127.0.0.0/8 is the reserved IPv4 loopback network) and it looks like you might have typoed the address you got from docker network inspect.
Try docker run with following command:
docker run -d -p {server ip}:12345 {back-end 2 image}
It will expose IP port to docker container and will be accessible from other servers.
Note: also check firewall rules, if firewall is blocking access.
You could run docker binding to ip and port as shown by Aakash. Please restrict access to this specific IP and port to be accessed only from the other docker IP and port - this will help to run docker private and doesn't allow other (even the other docker/instances within your network).
I have a Google Cloud instance with internal and external IP addresses:
hostname -I
10.......5 172......1
The first is the internal and the second is the external IP.
When I create a docker container and run the same command I get:
hostname -I
172......2
I want to scp data between two Google Cloud machines, and I want to make sure I'm not incurring any egress. How can I make sure the docker container uses the internal IP address in Google Cloud?
Thanks!
You can expose a port in the host from your docker, as per this example but for an nginx. You can use Host Networking for your purpose.
This is explained in this thread already
I'm new to Docker and Containers, and I'm trying to run a simple asp.net web app in a container but running into issues. My OS is Windows 10 Home, so I have to use the Docker Toolbox, which runs on a VM that only includes a basic Linux OS. When I spin up the container, it seems to start fine, but I can't view the app on the localhost.
$ docker run -p 8342:5000 -it jwarren:project
Hosting environment: Production
Content root path: /app
Now listening on: http://*:5000
Application started. Press Ctrl+C to shut down.
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98cc4aed7586 jwarren:project "dotnet run" 8 minutes ago Up 8 minutes 0.0.0.0:8342->5000/tcp naughty_brattain
I've tried several different recommendations that I found on the web, but none have helped so far. However, my knowledge of networking is very limited, so maybe I'm not fully understanding what needs to be done. I've tried accessing it with the default VM machine IP and the container IP. I understand that the port forwarding does not carry over to the container. Any assistance would be great, as this project is due on Tuesday, and this is the last road block before finishing.
I found the following post that was really helpful: How to connect to a docker container from outside the host (same network) [Windows]. Following the steps below worked perfectly:
Open Oracle VM VirtualBox Manager
Select the VM used by Docker
Click Settings -> Network Adapter 1 should (default?) be "Attached
to:NAT"
Click Advanced -> Port Forwarding Add rule: Protocol TCP, Host Port
8080, Guest Port 8080 (leave Host IP and Guest IP empty)
You should now be able to browse to your container via localhost:8080 and your-internal-ip:8080.
Started up the container (Dockerfile EXPOSES 5000):
docker run -p 8080:5000 -it jwarren:project
Was able to connect with http://localhost:8080
There are few things to consider when working with a VM networking.
Virtual Box has 3 types of networking options NAT, Bridged and Host Only.
NAT would allow your VM to access internet through your internet. But won't allow your HOST machine to access the VM
Host Only network will create a network where the VM can reach the host machine and the Host can reach the VM. No internet using this network
Bridged network will allow your VM to assign another IP from your Wifi router or the main network. This IP will allow VM to have net access as well as access to other machines on the network. This will allow even the host machine to reach the IP
Now in most cases when you want to run Docker inside a VM and access that VM using the host machine you want the VM to have both NAT and Host only bridges
Now accessing your app on port 8342 needs few things checked
seliunx, firewalld, ufw are disabled on your VM (or properly configured to allow the port)
Your VM has a host only network or bridged network
iptables -S should not show REJECT rules
Some VMs come pre-configure to only allow port 22 from external network. So you should try access the app on <hostonlyip>:8342 or <bridgedip>:8342.
If you want to test if the app is up or not you can do the following
docker inspect <containerid> | grep IPA
Get the IP from this and run the command
curl http://<containerip>:5000/
This command needs to be execute inside the VM and not on your machine. If this command doesn't work then your container is not listening on 5000. Sometimes app listen to only 127.0.0.1 inside the container. This means they will work only inside the container and not outside. The app inside the container needs to listen to 0.0.0.0
If nothing works you can try an ssh tunnel approach
ssh -L 8342:127.0.0.1:8342 user#<VMIP>
And then you should be able to access the app on localhost:8342