Docker container on EC2 instance not accessible on specified port - docker

I'm trying to run an application in Docker on an EC2 instance. It is two separate processes. I'm able to access the ports for process 1, but not process 2.
Process 1 listens on the following ports:
2008
8080
Process two listens on the these ports:
2021
8084
The security rules allow for all traffic to all ports from all origins:
Netstat shows both ports on process 2 are listening
netstat -an | grep 2021
tcp6 0 0 :::2021 :::* LISTEN
netstat -an | grep 8084
tcp6 0 0 :::8084 :::* LISTEN
The docker command opens all of the above ports:
docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 8080:8080 -p 2008:2008 -p 8084:8084 -p 2021:2021 myname/image_name /usr/sbin/init
There is no firewall process running.
Yet, a zenmap scan shows only ports 2008 and 8080 of the above four are listening - 2021 and 8084 don't show up.
Any ideas why this would be? I can't think of what else to look for.

Related

How to stop docker rootless from using port 8080

I want to use port 8080 on my local machine for a container service. Here is the relevant part of my docker-compose
services:
pgadmin:
image: dpage/pgadmin4
environment:
- PGADMIN_DEFAULT_EMAIL=admin#admin.com
- PGADMIN_DEFAULT_PASSWORD=root
volumes:
- "./data_pgadmin:/var/lib/pgadmin:rw"
ports:
- "8080:80"
However, port 8080 was already in use by other process when I ran docker-compose up
Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:8080 -> 0.0.0.0:0: listen tcp 0.0.0.0:8080: bind: address already in use
I checked to see what process is listening on port 8080
netstat -ltnp | grep -w ':8080'
>> tcp6 0 0 :::8080 :::* LISTEN 155621/rootlesskit
I am using docker rootless so I guess it is using port 8080 by default. I tried killing the process but every time I ran docker-compose it is up again. Is there anyway to stop it from using this port by default?
It turns out I have another container using port 8080. After removing it I can now use port 8080 again. My suggestion for anyone encountering the same issue is to check carefully everything with docker images -a and docker container ls. One more important thing to check is also the context in which you run your docker command with docker context ls.

JFrog Container Registry (JCR) won't load

Environment:
Macbook Pro: 10.13.6 (17G65) High Sierra
Docker Desktop: 2.4.0.0
Docker Engine: 19.03.13
Browser: Chrome Version 87.0.4280.88 (Official Build) (x86_64)
I can't get the JFrog Container Registry webapp to run.
I followed the instructions on their website here to run a local docker container. When I initially connect to http://127.0.0.1:8081/artifactory, I see a loading animation like this:
Then, it automatically redirects to http://127.0.0.1:8082/ui and gives an error:
"This site can’t be reached. 127.0.0.1 refused to connect."
If I try to go to http://127.0.0.1:8081/artifactory, it just goes back to http://127.0.0.1:8082/ui and fails again. I tried to use incognito and other browsers with the same result
I tried several docker run variants, but the simplest one I tried was:
$docker run --name JCR -d -p 8081:8081 -v /Users/username/git/artifactory/docker-registry:/var/opt/jfrog/artifactory docker.bintray.io/jfrog/artifactory-jcr:latest
I checked the docker container and it is running and listening on various ports:
$ netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:8091 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8070 0.0.0.0:* LISTEN 3562/node
tcp 0 0 127.0.0.1:8040 0.0.0.0:* LISTEN 3693/java
tcp 0 0 0.0.0.0:8045 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8046 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 127.0.0.1:8047 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 127.0.0.1:8015 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8049 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 3422/jf-metadata
tcp6 0 0 :::8082 :::* LISTEN 3274/jf-router
UPDATE
This worked when using the below docker run command (new docker image URL)
docker run -d --name artifactory -p 8082:8082 -p 8081:8081 -v /Users/username/git/artifactory/docker-registry:/var/opt/jfrog/artifactory releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
It looks like you followed the instructions for 6.x, which are not valid for 'latest', which is 7.x. You should follow the instructions for Docker for 7.x (https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-DockerInstallation). The only difference is that you will need to change it from pointing to the PRO to JCR.
If you want a super quick and dirty way to just get it up and running, this will do:
docker volume create artifactory-data
docker pull releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
docker run -d --name artifactory -p 8082:8082 -p 8081:8081 -v artifactory-data:/var/opt/jfrog/artifactory releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
You will then access it at localhost:8082 (or localhost:8081, which will just redirect to 8082).

can't access kafka outside the docker container

I installed the latest HDP into the docker container.
docker ps
>hortonworks/sandbox-proxy:1.0
>hortonworks/sandbox-hdp:3.0.1
Kafka broker is running at 6667 port that it's working fine.
>ssh hdfs#sandbox-hdp.hortonworks.com -p 2222
> echo "send test message" | kafka-console-producer.sh --broker-list sandbox-hdp.hortonworks.com:6667 --topic hotelReservation > /dev/null
>kafka-console-consumer.sh --bootstrap-server sandbox-hdp.hortonworks.com:6667 --topic test --from-beginning
The only problem is that I don't have access to the Kafka broker outside the docker container.
More information for troubleshooting:
I verified that all the ports are open local machine -> proxy -> hdp
HDP Server:
hostname -I
172.18.0.2
netstat -vatn | grep 6667
tcp 0 0 172.18.0.2:6667 0.0.0.0:* LISTEN
Proxy Server
hostname -I
172.18.0.3
nmap 172.18.0.2 -p 6667
6667/tcp open irc
netstat -vatn | grep 6667
tcp 0 0 0.0.0.0:6667 0.0.0.0:* LISTEN
My Local machine:
nmap sandbox-hdp.hortonworks.com -p 6667
Host is up (0.000064s latency).
rDNS record for 127.0.0.1: localhost
PORT STATE SERVICE
6667/tcp open irc
Note: 6668 is open too.
included default stream conf (/etc/nginx/conf/stream.d/tcp-hdp.conf):
server {
listen 6668;
proxy_pass sandbox-hdp:6667;
}
So I decided to create new config the http: /etc/nginx/conf/stream.d/tcp-hdp.conf
server {
listen 6667;
server_name sandbox-hdp.hortonworks.com;
location / {
proxy_pass http://sandbox-hdp:6667;
}
}
Note: I read (here) that I should use advertised.listeners to access broker outside the doctor:
>listeners=PLAINTEXT://0.0.0.0:6667
>advertised.listeners=PLAINTEXT://172.18.0.2:6667
but I 'm sure that's incorrect for my case. I have access in this network, the problem is some type of Nginx mapping only.
Solution:
Run the following command to find hortonworks/sandbox-proxy container id.
docker ps
Log in to the proxy server
docker exec -it CONTAINER_ID /bin/bash
add new mapping in the nginx
cd /etc/nginx/conf.stream.d
vim tcp-hdp.conf
config:
server {
listen 6667;
proxy_pass sandbox-hdp:6667;
}
reload nginx mapping:
/etc/init.d/nginx reload
Test:
> ./kafka-console-consumer.sh --bootstrap-server localhost:6668 --topic topicName --from-beginning
> echo "msg" | ./kafka-console-producer.sh --broker-list sandbox-hdp.hortonworks.com:6668 --topic topicName > /dev/nul
The problem was that 6667:6667 mapping was missing. Now brokers are access both 6667 and 6668 ports.

How to run Odoo's Docker image in port 80

After installing Odoo's image using Docker in an ubuntu server, I am unable to use Odoo on port 80 instead of 8069. I have tried multiple approaches without success including:
Installing nginx in the server and use as proxy to redirect 8069 to 80
Editing odoo.conf file and added xmlrpc_port = 80 so it runs on port 80
Pasting iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8069 onto rc.local
Running odoo from start up in 80 port
Has anyone been able to figure this out?
if you're running Odoo inside docker container, you can just map port 80 on the host to port 8069 inside the docker container using -p option:
$ docker run -d -p 80:8069 odoo:12.0
to test this you should run netstat command line.
$ sudo netstat -antop | grep LISTEN | grep 80
you should see something like this:
tcp6 0 0 :::80 :::* LISTEN 971/docker-proxy
if you still have problems, then you should examine port security settings (e.g. security groups on AWS platform)

driver failed programming external connectivity on endpoint redis : Bind for 0.0.0.0:6379 failed: port is already allocated

I'm trying to run
/usr/bin/docker run --rm -v /var/data/redis:/data -v /var/data/conf/redis.conf:/usr/local/etc/redis/redis.conf --name redis -p 6379:6379 redis:5.0.3-alpine3.9
but I get:
/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint redis (f16f19b7727a710fb6c96be566dac66ce26282982960d97faa28861c24fcf2fb): Bind for 0.0.0.0:6379 failed: port is already allocated.
When I try to check the ports used with netstat, I get:
[root#artik ~]# netstat -nlpute | grep 6379
tcp6 0 0 :::6379 :::* LISTEN 0 14384 2471/docker-proxy
I have no docker containers running right now.
I don't understand this issue, what should I do ?
[root#artik ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Steps I had to take to get everything working:
sudo service docker stop
sudo rm /var/lib/docker/network/files/local-kv.db
sudo service docker start
docker system prune
And then try again.
From your netstat output its clear that there is one process holding port 6379
[root#artik ~]# netstat -nlpute | grep 6379
tcp6 0 0 :::6379 :::* LISTEN 0 14384 2471/docker-proxy
docker-proxy processes are created when you do port forwarding in docker run which is true in your case -p 6379:6379.
For more info on docker-proxy check this out.
I suspect that you earlier ran a redis container which used port 6379, but that container was not properly deleted which kept process docker-proxy running and hence you got port is already allocated
Hope this helps.
As DannyMoshe suggested for anyone else.
Try this before you potentially mess up your whole setup::
sudo service docker stop
sudo service docker start
remove the ports - ... in the docker-compose file and let it assign by itself. or change the port mapping in the host from 6379:6379 to 6378:6379 that worked for me. Before doing this you may need to clear already started containers. docker rm -f $(docker ps -a -q)

Resources