Exposing a docker container to the internet - docker

I deployed a ghost blogging platform on my server using docker. Now I want to expose it to the internet but I'm having some difficulties doing so.
I opened port 8000 in my router a forwarded it to port 32769 which is the one assign to that container. Using port 32769 inside my network I can access the website fine but when I try to access it from the internet it gives a took too long to respond error.
Local IP + PORT: http://10.0.0.140:32769/
Docker port config
Port tester
Router settings
This post was also added to Super User since it has been said that it would be responded better in there.

Let's say your application inside docker is now working on port 8000
You want to expose your application to internet.
The request would go: internet -> router -> physical computer (host machine) -> docker.
You need to export your application to your host machine, this could be done via EXPOSE 8000 instruction in Dockerfile.
That port should be accessible from your host machine first, so, when starting your docker image as docker container, you should add -p parameter, such as
sudo docker run -d -it -p 8000:8000 --name docker_contaier_name docker_image_name
From now on, your docker application can be access within your host machine, let's say it is your physical computer.
Forward port from your router to your host machine
This time, you may want to do as what you did in your question.
Access your application from internet.
If I am thinking correctly, the ip address 10.0.0.140 is just your computer LAN IP address, it cannot accessible from internet.
You can only able to connect to your app via an internet IP, to do that, you can check your router to see what is your WAN IP address, which will be assigned to your router by your internet service provider. Or go google with "what is my IP"

What works for me, more or less, is setting up Apache2 as reverse proxy, redirecting a path in Apache2 to the port of the Docker container. This probably could also be done for example with NGINX.
This way the traffic from the net gets proxied to the container and back to the net, and I see the WordPress site. So regarding the question of OP, the docker container is now exposed to the internet.
However 1: This still doesn't explain why I don't get return traffic from the Docker container if I access it directly from the net.
However 2: Not all the url's in the WordPress site are correct, but that seems to be a WordPress issue and not a Docker / routing issue.

Related

Nginx proxy manager is not being able to serve the page from another docker container

I am trying for nginx proxy manager (running in a docker container) to connect to another docker container that has port 8080 open on it. When I setup the proxy to connect to 192.168.0.29:8080 the ip address of the host, but it doesn't work, the browser just says that the site didn't send any data.
I tried setting up the reverse proxy with other services (that weren't running inside a docker container), and they worked flawlessly. So, I've concluded, the problem is something with the docker containers.
First, I tried replacing the ip address with the address of the container (shown in portainer) which showed to be 172.17.0.2. But, that didn't work. I can confirm that both containers are in the same network, bridge.
I could not find any solutions for this problem either here, at Stack Overflow, or anywhere else. Hope there's enough data to solve this problem. Thanks ahead of time!
Edit:
running arp -na from within the container gives this output:
[root#docker-00244f7ab2cc:/app]# arp -na
? (172.17.0.1) at 02:42:d1:fc:fc:6b [ether] on eth0
I found the solution to my question after lots of searching and testing and it's quite simple. The solution is to start the nginx proxy manager docker container on the host network instead of the bridge network. Then, you can use localhost and then the port to refer to which service you want to redirect to.

How to access website on docker container(apache server) from other network?

Hello sorry for stupid question.. But i have googled it for a week and still can't find the answer.
Currently I'm using Virtualbox for ubuntu server 18.04 and I have installed docker on it. I have run docker apache server by using sudo docker pull httpd and sudo docker run -t --name apache -p 8080:80 httpd
And there is the problem. I can show the website by using curl 127.0.0.1:8080 but i can't access from the other network or other machine in different network.
For instance my virtualbox's ip address is 1.1.1.1 and host pc which is window is 2.2.2.2.
When i ping to each other it all works. But when i try to access 1.1.1.1:8080 from host pc i can't access
What should i check or do to solve this problem.
Thank you
For "1.1.1.1:8080" access on the host- Try opening TCP traffic on port 8080 of your virtual machine with firewall-cmd or an equivalent Ubuntu utility. "1.1.1.1:8080" should then become available on your host server.
For "2.2.2.2:XXXX" access from other devices on your home network(s)- You might need to both route the port of your VM to a port of your host (unless you have a pass-through NIC configured on the VM) on the VM manager plus open an additional firewall on your host server on the host port you've mapped to for access by other devices on your home network. After those steps on the host port "2.2.2.2:XXXX" should be the web server IP accessible by any device on your network(s).
For PUBLIC_IP:PUBLIC_PORT access from outside networks (external to your modem and available to the world)- IPs on your home networks can't be accessed from other networks. Access from other devices on your network is controlled by your firewall on your OS. Access from outside networks is controlled by port forwarding on your modem. I don't recommend port forwarding for a custom app unless you understand some of the security loopholes that can exist on a development web server. But to manage port forwarding go to http://INTERNAL_IP_OF_YOUR_MODEM and you'll get a management interface for managing your port forwarding settings. You'll also see your public IP on your router's management UI or by googling "my ip address".
You can map your modem's IP to an official www web domain with a web domain service like GoDaddy. You can map your internal IPs to internally known web domains by editing /etc/hosts files on the devices on your network.

Access docker container from Local Area Network devices

I’m brand new to docker; I am running docker desktop for Mac and I have a container with an IP 192.168.73.10.
I set port forwarding to ports 80 and 443 during initial setup. I can access web service to this container from the local host (my Mac) just fine; however, all devices connected to my LAN are on a 10.20.0.0/24 subnet.
How exactly do I access the web service on the container from devices on my LAN (10.20.0.0/24 subnet)? I have port 80 and 443 open on my Mac. Haven’t been able to find any helpful answers on the forum. Please help!
There are a couple of ways. Lets say for example your started the container like this:
docker run --restart always -p 9017:80 -d --name organizr --net=my-bridge organizrtools/organizr-v2
In the above case you can connect to the site by the port 9017 since you exposed that port on your machine. So, if your machine's IP is for example 10.20.0.1 you'd use http://10.20.0.1:9017. You can use that from any machine on your LAN.
OR if you don't open up a port on your machine, and just go with the port setup within the container, you can call it by it's hostname, which by default is also the container's name.
So for example, you created the container like this:
docker run --restart always -d --name organizr --net=my-bridge organizrtools/organizr-v2
since the default port setup within the container is port 80, you'd get to the page like this: http://organizr:80. That needs to be called from within one of your docker networks though.
It was actually a firewall issue on my network. Thanks for the suggestions and responses.

Flask in docker, access other flask server running locally

After finding a solution for this problem, I have another question: I am running a flask app in a docker container (my web map), and on this map I want to show tiles served by a (flask-based) Terracotta tile server running in another docker container. The two containers are on the same docker network and can talk to each other, however only the port where my web server is running is open to the public, and I like to keep it that way. Is there a way I can serve my tiles somehow "from local" without opening the port of the tile server? Maybe by setting up some redirects or something?
Main reason for this is that I need someone else to open ports for me, which takes ages.
If you are running your docker containers on a remote machine like ec2, then you need not worry about a port being open to public, as by default ports are closed in ec2 or similar services. You just need to open the port on which you are running your app, you can use aws console for that.
If you are running your docker container locally or on some server for which you don't have cosole access, then you can use somekind of firewall to open or close a port. I personally prefer UFW for Ubuntu systems. You can allow a certain range of ports using a simple command such as sudo ufw allow 9000 to allow incoming tcp packets on port 9000. Similarly you can deny incoming packets to a port. Also, you can open a port to a certain ip (like your own ip) using sudo ufw allow from <ip address>.

How to make a Docker container's service accessible via the container's IP address?

I'm a bit confused. Trying to run both a HTTP server listening on port 8080 and a SSH server listening on port 22 inside a Docker container I managed to accomplish the latter but strangely not the former.
Here is what I want to achieve and how I tried it:
I want to access services running inside a Docker container using the IP address assigned to the container:
ssh user#172.17.0.2
curl http://172.17.0.2:8080
Note: I know this is not how you would configure a real web server but I want the container to mimic an embedded device which runs both services and which I don't have available all the time. (So it's really just a local non-production thing with no security requirements).
I didn't expect integrating the SSH server to be easy, but to my surprise I just installed and started it and had to do nothing else to be able to connect to the machine via ssh (no EXPOSE 22 or --publish).
Now I wanted to access the container via HTTP on port 8080 and fiddled with --publish and EXPOSE but only managed to make the HTTP server available through localhost/127.0.0.1 on the host. So now I can access it via
curl http://127.0.0.1:8080/
but I want to access both services via the same IP address which is NOT localhost (e.g. the address the container got randomly assigned is totally OK for me).
Unfortunately
curl http://172.17.0.2:8080/
waits until it times out every time I tied it.
I tried docker run together with -p 8080, -p 127.0.0.1:8080:8080, -p 172.17.0.2:8080:8080 and much more combinations, together or without EXPOSE 8080 in the Dockerfile but without success.
Why can I access the container via port 22 without having exposed anything?
And how do I make it accessible via the container's IP address?
Update: looks like I'm experiencing exactly what's described here.

Resources