I am new to containers and Docker. On my Windows 10 laptop (Version 20H2 Build 19042.630) I have WSL2 installed as well as Docker Desktop (Docker Engine v19.03.13). When I run the command below (from the docker documentation):
docker run -d -p 80:80 docker/getting-started
The container starts fine but I am unable to access the container from either within WSL or from the Windows 10 host.
Inside WSL, if I enter curl http://127.0.0.1 it returns the error curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
From the Windows 10 host, if I open a browser and attempt to go to http://127.0.0.1 it just throws a 404 error.
From the Windows 10 host, when I open the Docker Desktop app, it shows the container running and listening on port 80 but if I then stop the container...and then attempt to restart it, it throws an error that says:
(HTTP code 500) server error - Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions
I have tried completely uninstalling WSL and Docker Desktop and resetting the TCP/IP stack but the end result is the same. I performed the exact same install steps on my desktop PC and everything works fine with no issues. I did notice on the desktop PC that the first time I tried accessing the "getting-started" container that it produced a pop-up to allow the traffic through my firewall. I never got this on the laptop. I compared the firewall rules on the PC to the Laptop and the PC had 4 rules for the com.docker.backed application that the Laptop did not have. I manually duplicated those rules on the laptop but it did not change the behavior any.
EDIT:
After doing more research on this issue...discovered why this is happening. The ports the container is attempting to listen on are excluded for my Laptop. Found the Github issue linked below that had the command netsh interface ipv4 show excludedportrange protocol=tcp that showed the list of excluded ports on my laptop. Seems Hyper-V is what is excluding the ports but the only reason Hyper-V is on the system is for WSL. The Github issue is still open as of today.
Unable to bind ports: Docker-for-Windows & Hyper-V excluding but not using important port ranges #3171
If your docker container uses localhost inside it won't work. I had the same issue with docker inside wsl and the solution was to change IP of underlying service (the one that is run inside docker) to 0.0.0.0.
You can check this by doing docker ps. In my case I ran the docker like this:
docker run --rm -p 8080:8080 hello-python
which was then bind to (part of docker ps output):
0.0.0.0:8080->8080/tcp
So basically the python code had to use 0.0.0.0:8080 instead of localhost:8080
Related
I'm trying to reach a company internal registry. I have bashed into the container and when I curl the URL I get:
port 443: No route to host
I can reach the registry from outside of the container. I have tried to use --network host when running the container but it doesn't help. What can be wrong?
Found the issue and it's super weird.
I had to deactivate Kubernetes in Docker Desktop, quit Docker Desktop and start it again.
Basically I found a strange cni0 when I did ifconfig and I traced it to Kubernetes by googling. Then I just guessed that it had to do with Docker Desktop as I had Kubernetes enabled there. It didn't work to press the "Apply & Restart" button though in the Docker Desktop app. I had to quit the app and start it again.
With Kubernetes disabled the cni0 disappeared and I could access the internal registry.
I'm developing an Ubuntu based docker image on a windows 10 machine with Docker Desktop. The image has a server app listening for HTTP traffic on port 5000. When I run the image locally on Windows using:
docker run -d -p 5000:5000 dockerImageName /opt/serverApp
Everything works fine, I can go to http://localhost:5000 and see a web interface.
But then I push the image to a repo in Azure then pull it back down onto a Ubuntu Azure VM and execute the same command, the container appears to start correctly but executing:
curl http://localhost:5000
returns:
curl: (7) Failed to connect to localhost port 5000: Connection refused
Not that it should matter but I've also allowed incoming traffic on port 5000 in the network security group the VM is attached to.
If I execute:
sudo lsof -i:5000
Nothing is returned.
Is this an Azure related issue? Are there differences between how a Linux image is run on Windows and a VM on Azure (on Windows Docker Desktop uses a Linux VM to run containers)?
Le sigh it was this:
Docker container will automatically stop after “docker run -d”
Annoying how the behavior changes between Windows and Ubuntu when running containers.
Im not able to access my docker image. my setup is windows 7 and have the docker linux vm which is running on oracle vm. i have build my app and i can see my app using below
i dont know how i can access myapp container. since its wokring on localhost i believe i can access on localhost:port number. but i have no clue where i can see and how i can start. if you have face this same prob can you help ?
Update log hung :
in the below screen the server startup hung almost 10 mins and i terminate the process, any idea about this error ?
What you have shown in your screenshot is the image list. So you would first have to docker run your image, binding the application's port exposed by the docker image (with EXPOSE, I'm assuming 8081 for the sake of my example) to the host:
docker run --publish 8081:8081 3b98
If you forgot to expose the port in your image you can do that on the commandline adding the argument --expose 8081 to run.
Then, since your working with the Windows 7 setup, you cannot access your running application in its container on localhost but on the docker-machine's (the docker linux VM) IP. You can find out the assigned IP with
docker-machine ip
So if your application publishes itself on 8081 and docker-machine ip returns 192.168.99.100 you would find your app on 192.168.99.100:8081
I have an application running on my host which has the following features: it listens to port 4001 (configurable) and only accepts connections from a whitelist of trusted IP addresses (127.0.0.1 only by default, other addresses can be be added but one by one, not using a mask).
(It's the interactive brokers gateway application which is run in java but I don't think that's important)
I have another application running inside a docker container which needs to connect to the host application.
(It's a python application accessing the IB API, but again I don't think that matters)
Ultimately I have will multiple containers on multiple machines trying to do the same thing, but I can't even get it working with one running on the same machine.
sudo docker run -t myimage
Error: Couldn't connect to TWS. Confirm that "Enable ActiveX and Socket Clients" is enabled on the TWS "Configure->API" menu.
(No response from IB Gateway on host machine)
IDEALLY I'd be able to set up the docker containers / bridge so that all the docker containers appear as if they are on a specific IP address, add it to the whitelist, and voila.
What I've tried:
1) using -p and EXPOSE
sudo docker run -t -p 4001:4001 myimage
Bind for 0.0.0.0:4001 failed: port is already allocated.
(No response from gateway)
This eithier doesn't work or leads to a "port already in use" conflict. I gather that these settings are designed for the opposite problem (host can't see a particular port on the container).
2) setting --net=host
sudo docker run -t --net=host myimage
Exception caught while reading socket - Connection reset by peer
(no response from gateway)
This should work since the docker container should now look like it's 127.0.0.1... but it doesn't.
3) setting --net=host and adding the local host's real IP address 192.168.0.12 (as suggested in comments) to the whitelist
sudo docker run -t --net=host myimage
Exception caught while reading socket - Connection reset by peer
(no response from gateway)
4) adding 172.17.0.1, ...2, ...3 to the whitelist on the host application (the bridge network is 172.17.0.0 and subsequent containers get allocated in this range)
sudo docker run -t myimage
Error: Couldn't connect to TWS. Confirm that "Enable ActiveX and Socket Clients" is enabled on the TWS "Configure->API" menu.
(no response from host)
This is horribly hacky but doesn't work eithier.
PS Note this is different from the problem of trying to run the host application IB Gateway inside a container - I am not doing that.
I don't want to run the host application inside another container, although in some ways that might be a neater solution.
Running the IB gateway is tricky on a number of different levels, including connecting to it, and especially if you want to automate the process.
We took a close look at connecting to it from other IPs, and finally gave up on it--gateway bug as far as we could tell. There is a setting to white IPs that can connect to the gateway, but it does not work and can not be scripted.
In our build process we create a docker base image, then add the gateway and any/all of the gateway's clients to that image. Then we run that final image.
(Posted on behalf of the OP).
Setting --net=host and changing the port from 4001 so it doesn't conflict with a live version of the gateway on the same network. The only IP address required in the whitelist is 127.0.0.1.
sudo docker run -t --net=host myimage
Use socat to forward port from the gateway to a new port which can listen on any address. For example, set the gateway to listen on port 4002 (localhost only) and use command in the container
socat tcp-listen:4001,reuseaddr,fork tcp:localhost:4002
to forward the port to 4001.
Then you can connect to the gateway from outside of the container using port 4001 when running the container with parameter -p 4001:4001.
In case this one is useful for another person. I tried a couple suggestions that were put here to connect from my python app running on a Docker container to a TWS IBGateway instance running on another server and none of them were 100% working. The socat option was connecting, but then the connection was being drop due an issue with the socat buffer that we couldn't fix.
The solution we found was to create an ssh tunnel from the machine that is running the Docker container to the machine that is running the TWS IBGateway.
ssh -i ib-gateway.pem <ib-gateway-server-user>#<ib-gateway-server-ip> -f -N -L 4002:127.0.0.1:4001
After you establish this ssh tunnel, you can test it running
telnet 127.0.0.1 4002
If this command run successfully, your ssh tunnel is ready. The next step would be to configure your python application to connect to 127.0.0.1 on port 4002 and start your docker container with --net=host to be able to access the ssh tunnel running on Docker host machine.
I have created a docker container and have installed the mailpile open source email client.
Running the mailpile binary inside the container prints the following message to STDOUT.
The Web interface address is: http://localhost:33411/
So I opened firefox on the host machine and tried 127.0.0.1:33411. It did not work.
Then I looked up the IP address assigned to the container by docker.
I looked it up by running the following command on the host,
docker inspect mp | grep IP
It said the container had an IP address of 172.17.0.3
So now, I tried 172.17.0.3:33411 on firefox running on my host. It still didn't work.
So then I stopped the container with docker stop mp. And then I committed it to an image under the name mp_image. I ran the following command on the host to do the commit.
docker commit mp mp_image
After the commit, I created a new running container, but this time forwarded port 33411 of the container to port 33411 of the host. I ran the following command on host,
docker run -i -t -p 33411:33411 --name "mailpile" mp_image /bin/bash
And now, once I got inside the container, ran the mailpile binary again and tried accessing it from the host. This time I used all these variations on the host browser,
127.0.0.1:33411
172.17.0.3:33411
Again not working. Now I started doubting if the server was running in the container in the first place. So I went inside the container and did wget 127.0.0.1:33411. And I got a nice index.html file. So the server is running..
I don't know what to do at this point. Can someone please advice?
Mailpile is built to listen on port 33411 from the local host only. Install a proxy or tunnel a connection as described here: https://github.com/mailpile/Mailpile/wiki/Accessing-The-GUI-Over-Internet