Exposing docker to internet "Failed to complete tunnel connection" - docker

I'm using this https://github.com/wernight/docker-ngrok , so that my dockerize app will expose to internet. I added it to my docker-compose, but when I up my container I get this error "Failed to complete tunnel connection". when I want to access my app I do it like this myapp.local and it works find because I set up windows host. when I access like this http://localhost I see this , I noticed I cannot access using localhost that's why I used windows host.
Here is my docker-compose
web:
image: nginx:stable
container_name: webcontainer
ports:
- "80:80"
volumes:
- ./:/var/www/myapp
- ./myapp.conf:/etc/nginx/conf.d/myapp.conf
expose:
- 9000
external_links:
- php
- db
ngrok:
image: wernight/ngrok
links:
- web
ports:
- "4040:4040"

Related

Local proxy server using Traefik/Docker

I'm trying to create some kind of reverse proxy server that would serve a port running on my local network (192.168.0.15:5083) through either another port (192.168.0.15:<ANOTHER PORT>) or through another path on the IP address (192.168.0.15/pathname). I want this to be reachable from other computers on the same network.
I'm trying to achieve this using Traefik with Docker through a docker-compose.yml file. Currently I have it set up like this:
lms:
container_name: lms
image: epoupon/lms
user: ${PUID}:${PGID}
ports:
- 5083:5082
volumes:
- ${USERDIR}/docker/lms:/var/lms
- /media/music:/music:ro
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
labels:
- "traefik.enable=true"
- "traefik.http.routers.lms.rule=Path(`/lms`)"
restart: unless-stopped
reverse-proxy:
image: traefik:v2.6
command: --api.insecure=true --providers.docker
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
What I'm trying to do here is to create a path on the servers IP address (192.168.0.15/lms) that would serve port 5083 (192.168.0.15:5083). The purpose of this is to then be able to apply CORS headers to the proxy server.
When visiting 192.168.0.15/lms from another machine on the same network as the server, I get this error message:
Fatal error: failed loading /js/jquery-1.10.2.min.js
I interpret this as if it gets a connection to port 5083, but the assets/resources being used on the front end on that port is not loading correctly.
Am I doing this right or should I do it in a different way to succeed?

Why I can not start proxy service? Bind for 0.0.0.0:8000 failed: port is already allocated

This is my docker-compose-proxy.yml
version: "3.7"
services:
app:
build:
context: .
ports:
- "8000:8000"
volumes:
- ./app:/app
- static_data:/vol/web
environment:
- DB_HOST=db
- DB_NAME=app
- DB_USER=postgres
- DB_PASS=supersecretpassword
- ALLOWED_HOSTS=127.0.0.1
depends_on:
- db
proxy:
image : proxy:latest
depends_on:
- app
ports:
- "8000:8000"
volumes:
- static_data:/vol/static_data
db:
image: postgres:10-alpine
environment:
- POSTGRES_DB=app
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=supersecretpassword
volumes:
static_data:
I checked the port before I run my command
netstat -ltnp | grep ':8000'
and port was not occupied.
when I go for
docker-compose -f docker-compose-proxy.yml up
I got error
ERROR: for 9bac48e03668_recipe-app-api-devops_proxy_1 Cannot start service proxy: driver failed programming external connectivity on endpoint recipe-app-api-devops_proxy_1 (af5860c135cb37026dcac6ce27151cd4e8448eaddc542d50dcd009c0e24c09fa): Bind for 0.0.0.0:8000 failed: port is already allocated
Why? How to resolve this issue?
You specified port 8000 at
ports:
- "8000:8000"
Since this port is already used for something, you get the error that it's already allocated. So, you will need to find out what is using port 8000 and either change the port of your container, stop the other process, or change the other process's port.
You're trying to bind host port 8000 to two different things:
services:
app:
ports:
- "8000:8000"
proxy:
ports:
- "8000:8000"
So this tells Compose to try to route host port 8000 to the app container, and also to route host port 8000 to the proxy container, and it can't do both. That's essentially the error you're getting.
If you want all requests to your system to go through the proxy container, you can just delete the ports: block from the app container. It will still be visible from other containers in the same Compose file via http://app:8000 but it won't be reachable from outside Docker.
If you need both containers to be accessible, you need to change the first ports: number, but not the second, on one or the other of the containers.
ports:
- '8001:8000' # host port 8001 -> container port 8000
This won't affect connections between containers at all; regardless of what ports: are or aren't present, they will always use the "standard" port number for the container they're trying to connect to.

NetCore Docker Application with connection refused

I have two containers (both .net-core), a Web Application and a Web API, the Web Application can be accessed from the host machine using http://localhost:51217, however I can't access the Web API using http://localhost:51218, I got the connection refused, in order to access the Web API, I had to change the Kerstel URL configuration from ASPNETCORE_URLS=http://localhost to ASPNETCORE_URLS=http://0.0.0.0, so webserver listen all IP's.
Any clue why the localhost works for the Web App but not for the Web API, although both have different port mapping.
See below my docker-compose working fine, if I change the API to ASPNETCORE_URLS=http://localhost, I will get connection refused. The docker files exposes port 80.
version: '3.5'
services:
documentuploaderAPI:
image: ${DOCKER_REGISTRY-}documentuploader
container_name: DocumentUpoaderAPI
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0
networks:
- doc_manager
ports:
- "51217:80"
volumes:
- ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
- ${APPDATA}/ASP.NET/Https/:/root/.aspnet/https/
- c:\azurite:/root/.unistad/
build:
context: .
dockerfile: DocumentUploader/Dockerfile
documentmanagerAPP:
image: ${DOCKER_REGISTRY-}documentmanager
container_name: DocumentManagerApp
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://localhost;http://localhost
networks:
- doc_manager
ports:
- "51218:80"
volumes:
- ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
- ${APPDATA}/ASP.NET/Https/:/root/.aspnet/https/
build:
context: .
dockerfile: Document Manager/Dockerfile
networks:
doc_manager:
name: doc_manager
driver: bridge
Any idea why localhost doesn't work for the API? Any suggestion also how can I trace or sniff the communication from browser until the web server in the container?
You can find below the docker networking design, which may help on my question.

Connecting to Docker from external network: modifying YML file

I am trying to set up a Learning Locker server within Docker (on Windows 10, Docker using WSL for emulation) using the repo from michzimney. This service is composed of several Docker containers (Mongo, Redis, NGINX, etc) networked together. Using the provided docker-compose.yml file I have been able to set up the service and access it from localhost, but I cannot access the server from any machine on the rest of my home network.
This is a specific case, but some guidance will be valuable as I am very new to Docker and will need to build many such environments in the future, for now in Windows but later in Docker on Synology, where the services can be access from network and internet.
My research has led me to user-defined bridging using docker -p [hostip]:80:80 but this didn't work for me. I have also turned off Windows firewall since that seems to cause a host of issues for some but still no effect. I tried to bridge my virtual switch manager for WSL using Windows 10 Hyper-V manager, but that didn't work, and I have tried bridging the WSL connector to LAN using basic Windows 10 networking but that didn't work and I had to reset my network.
So the first question is is this a Windows networking issue or a
Docker configuration issue?
The second question, assuming it's a
Docker configuration issue, is how can I modify the following YML
file to make the service accessible to the outside network:
version: '2'
services:
mongo:
image: mongo:3.4
restart: unless-stopped
volumes:
- "${DATA_LOCATION}/mongo:/data/db"
redis:
image: redis:4-alpine
restart: unless-stopped
xapi:
image: learninglocker/xapi-service:2.1.10
restart: unless-stopped
environment:
- MONGO_URL=mongodb://mongo:27017/learninglocker_v2
- MONGO_DB=learninglocker_v2
- REDIS_URL=redis://redis:6379/0
depends_on:
- mongo
- redis
volumes:
- "${DATA_LOCATION}/xapi-storage:/usr/src/app/storage"
api:
image: michzimny/learninglocker2-app:${DOCKER_TAG}
environment:
- DOMAIN_NAME
- APP_SECRET
- SMTP_HOST
- SMTP_PORT
- SMTP_SECURED
- SMTP_USER
- SMTP_PASS
command: "node api/dist/server"
restart: unless-stopped
depends_on:
- mongo
- redis
volumes:
- "${DATA_LOCATION}/app-storage:/opt/learninglocker/storage"
ui:
image: michzimny/learninglocker2-app:${DOCKER_TAG}
environment:
- DOMAIN_NAME
- APP_SECRET
- SMTP_HOST
- SMTP_PORT
- SMTP_SECURED
- SMTP_USER
- SMTP_PASS
command: "./entrypoint-ui.sh"
restart: unless-stopped
depends_on:
- mongo
- redis
- api
volumes:
- "${DATA_LOCATION}/app-storage:/opt/learninglocker/storage"
- "${DATA_LOCATION}/ui-logs:/opt/learninglocker/logs"
worker:
image: michzimny/learninglocker2-app:${DOCKER_TAG}
environment:
- DOMAIN_NAME
- APP_SECRET
- SMTP_HOST
- SMTP_PORT
- SMTP_SECURED
- SMTP_USER
- SMTP_PASS
command: "node worker/dist/server"
restart: unless-stopped
depends_on:
- mongo
- redis
volumes:
- "${DATA_LOCATION}/app-storage:/opt/learninglocker/storage"
nginx:
image: michzimny/learninglocker2-nginx:${DOCKER_TAG}
environment:
- DOMAIN_NAME
restart: unless-stopped
depends_on:
- ui
- xapi
ports:
- "443:443"
- "80:80"
So far I have attempted to change the ports option to the following:
ports:
- "192.168.1.102:443:443"
- "192.168.1.102:80:80"
But then the container wasn't even accessible from the host machine anymore. I also tried adding network-mode=host under the nginx service but the build failed saying it was not compatible with port mapping. Do I need to set network-mode=host for every service or is the problem something else entirely?
Any help is appreciated.
By the looks of your docker-compose.yml, you are exposing ports 80 & 443 to your host (Windows machine). So, if your windows IP is 192.168.1.102 - you should be able to reach http://192.168.1.102 & https://192.168.1.102 on your LAN if there is nothing blocking it (firewall etc.).
You can confirm that you are indeed listening on those ports by running 'netstat -a' and checking to see if you are LISTENING on those ports.

Why can't I connect to this docker compose service?

So I have this docker compose file
version: "2.1"
services:
nginx:
image: pottava/proxy
ports:
- 8080:80
environment:
- PROXY_URL=http://transmission-container:5080/
- BASIC_AUTH_USER=admin
- BASIC_AUTH_PASS=admin
- ACCESS_LOG=true
transmission:
image: linuxserver/transmission
container_name: transmission-container
ports:
- 5080:9091
restart: unless-stopped
I'm new to docker compose and trying it out for the first time. I need to be able to access the transmission service via http://localhost:8080 but nginx is returning a 502.
How should I change my compose file so that http://localhost:8080 will connect to the transmission service?
How can I make the transmission service not accessible via http://localhost:5080 and only accessible via http://localhost:8080 using docker compose?
I have tested the code below, it is working
version: "2.1"
services:
nginx:
image: pottava/proxy
ports:
- 8080:80
environment:
- PROXY_URL=http://transmission-container:9091/
- BASIC_AUTH_USER=admin
- BASIC_AUTH_PASS=admin
- ACCESS_LOG=true
transmission:
image: linuxserver/transmission
container_name: transmission-container
expose:
- "9091"
restart: unless-stopped
You no need to expose port 5080 to the host, the Nginx container can access directly the container port. The proxy URL needs to point to port 9091. Now you can't directly access the transmission service but need to go though the proxy server.
You should be able to access the other container using the service name and container port:
- PROXY_URL=http://transmission:9091/
If you do not want to access the transmission service from locahost, do not declare the host port:
ports:
- 9091

Resources