I'm running a setup of 3 Ubuntu virtual machines. Two running the Python production code base and the other has a Memcached Docker container. On the Memcached machine I ran docker run -dit --name production-memcached --publish 11211:11211 memcached:latest.
The code base gets the following error message when trying to interact with it:
"exception": "TimeoutError(10060, 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond', None, 10060, None)"
I have ran docker exec -it production-memcached memcached stats and get the error message below.
failed to listen on TCP port 11211: Address already in use
However I've ran netstat -plnt and get tcp6 0 0 :::11211 :::* LISTEN 35030/docker-proxy, which looks fine to me.
I was able to get this to work by opening port 80 and using iptables to forward incoming port 80 to port 11211 but would prefer to use the Memcached port number.
The Memcached client is created by the following line:
client = base.Client(("domain.co.uk", 11211))
Any help would be appreciated, thanks.
DigitalOcean doesn't allow in-traffic on port 11211 to its virtual machines. If you want a Memcached machine you'll also need a virtual machine to act a proxy between you and it. I hope this saves someone the headache it caused me!
Related
I'm trying to run a docker image on my windows 10 pro workstation, and I'm getting this error:
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
I'm running this command:
docker run -d -p 80:80 docker/getting-started
And getting this response back:
Unable to find image 'docker/getting-started:latest' locally
latest: Pulling from docker/getting-started
188c0c94c7c5: Pull complete
617561f33ec6: Pull complete
7d856acdaa9c: Pull complete
a0d3c6e28e6d: Pull complete
af69a9b963c8: Pull complete
0739f3815ad8: Pull complete
7c7b75d0baf8: Pull complete
Digest: sha256:b821569034e3b5fae03b40e64a866017067f3bf17effe185b782bdbf02179528
Status: Downloaded newer image for docker/getting-started:latest
7907f6de2b55cc2d66b5ed3a642ac1a97e5bb5ecda5fcf76ff60d7236e8fd32d
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
How can I run a Docker container and get past this problem?
The commands that helped me were:
net stop winnat
net start winnat
Taken from here.
Check if somthing is listening on port 80 by running PowerShell command:
Get-Process -Id (Get-NetTCPConnection -LocalPort 80).OwningProcess
If the response is something like this:
NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName
------ ----- ----- ------ -- -- -----------
0 0.20 4.87 0.00 4 0 System
Then the it is taken.
terminate the process or simply change the port
docker run -d -p 81:81 docker/getting-started 5a0b1202f48ef63c06d75c2f26be2a05f29aa84fe2fbdc5b66f989aa86df98f
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
I was also using Docker's Getting Started tutorial, ran
docker run -d -p 80:80 docker/getting-started, and got the same error.
I thought that Internet Information Services (IIS) might be using port 80 already. I verified this hunch by going to
Start > IIS > computer name > Sites > Default Web Site > highlight Default Web Site
In the right pane, I saw
Browse *.80 (http)
Yep, port 80 was already in use!
Note: To verify if any process is using port 80, run the command
Get-Process -Id (Get-NetTCPConnection -LocalPort 80).OwningProcess
and look for something like
NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName
------ ----- ----- ------ -- -- -----------
0 0.20 2.96 0.00 4 0 System
per #Tim Dunphy's answer.
Solution #1
Stop the Default Web site.
Either go to IIS per above > right pane > Manage Website > Stop or
Use the net stop http command, and stop services using the port.
Solution #2
You may not want to stop IIS or any other service running on port 80, so just change the local port! For example,
docker run -d -p 81:80 docker/getting-started
will likely do the trick, as long as you don't have services using port 81.
When I encountered this error there was nothing actively listening on the port.However, the following command showed the port had been reserved by something else
netsh interface ipv4 show excludedportrange protocol=tcp
See This article for more details. A reboot fixed the issue for me.
Most times, Windows IIS (Internet Information Service) or some other program may be using port 80, which is the default http port used by Laravel, Apache and other PHP development environments.
To resolve this issue, Open a new PowerShell window as administrator and simply run this command:
net stop http
A prompt listing all services using the http port is shown and you are given the option of stopping them. enter 'Y' and press Enter. All the services are stopped and port 80 is now free for whatever you want to use it for.
Very useful for testing multiple application environments locally on Windows without having to worry about port configuration.
in my case,the task manager show that a system process is occupy port 80.
when i dive deeper, i found a svchost.exe related to port 80, and it is based on world wide web service
so,just open service list and stop the world wide web service,then everything will be ok,the name of service maybe different, but should include keywords :world wide web
just do it
netsh http add iplisten ipaddress=::
(This has to be run in a command prompt with elevated rights!)
I'm trying to follow the beginner tutorial at training.play-with-docker.com. At Task 2, step 6, I do the following and get the error as below:
PS C:\Users\david.zemens\Source\Repos\linux_tweet_app> docker container run --detach --publish 80:80 --name linux_tweet_app $DOCKERID/linux_tweet_app:1.0
d39667ed1deafc382890f312507ae535c3ab2804907d4ae495caaed1f9c2b2e1
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: driver failed programming external connectivity on endpoint linux_tweet_app (a819223be5469f4e727daefaff3e82eb68eb0674e4a46ee1a32e703ce4bd384d): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
I am using Docker Desktop on a Win10 machine locally. I've tried resetting Docker as suggested here. Error persists. Since something else must be using port 80, I should be able to avoid the error by using a different port, right?
PS C:\Users\david.zemens\Source\Repos\linux_tweet_app> docker container run --detach --publish 1337:1337 --name linux_tweet_app $DOCKERID/linux_tweet_app:1.0
Right! docker ps now confirms the container is running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b700df12c2d1 dzemens/linux_tweet_app:1.0 "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp, 443/tcp, 0.0.0.0:1337->1337/tcp linux_tweet_app
But when I try to view the webpage that the tutorial sends me to, I get an error in the browser.
I'm not sure how the link is dynamically generated but it looks something like this:
http://ip172-18-0-32-blsfgt2d7o0g00epuqi0-80.direct.labs.play-with-docker.com/
Browser error as below:
The proxy could not connect to the destination in time.
URL: http://ip172-18-0-32-blsfgt2d7o0g00epuqi0-80.direct.labs.play-with-docker.com/
Failure Description: :errno: 104 - 'Connection reset by peer' on socketfd -1:server state 7:state 9:Application response 502 cannotconnect
Another highly-upvoted answer suggests I need to "disable Windows 10 fast startup" -- I have not tried this yet, mainly because I'm not sure what the full repercussions are with that setting.
Is there something stupidly obvious that I'm overlooking here? Shouldn't I be able to run this on different ports? If not, why not? If I have to use 80:80, but System is already using that port, won't I have some further problems if I try to kill that pid?
PS C:\Users\david.zemens\Source\Repos\linux_tweet_app> netstat -a -n -o | findstr :80 | findstr LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8003 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1348
TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 4688
TCP 127.0.0.1:8080 0.0.0.0:0 LISTENING 2016
TCP 127.0.0.1:8082 0.0.0.0:0 LISTENING 28536
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:8003 [::]:0 LISTENING 4
TCP [::]:8080 [::]:0 LISTENING 1348
TCP [::]:8081 [::]:0 LISTENING 4688
I made a small change in the Dockerfile changing EXPOSE 80 443 to EXPOSE 1337 443 and I'm now able to view my app by navigating to localhost:1337 in my browser. I think that will get me through the next steps in the training module, but still curious if I'm doing something wrong.
This seems to work regardless of the change in Dockerfile (I've removed and republished after changing Dockerfile).
PS C:\Users\david.zemens\Source\Repos\linux_tweet_app> docker container run --detach --publish 1337:80 --name linux_tweet_app $DOCKERID/linux_tweet_app:1.0
Try this
> net stop winnat
> docker start ...
> net start winnat
A part of the problem is that you're using the wrong mapping. The application uses the port 80, but you're mapping the ports 1337 to 1337.
The correct command should be:
PS C:\Users\david.zemens\Source\Repos\linux_tweet_app> docker container run --detach --publish 1337:80 --name linux_tweet_app $DOCKERID/linux_tweet_app:1.0
It may be because your IIS or some other server is already running on port 80.
Try stop the IIS and it should work.
Reference: https://forums.docker.com/t/error-starting-userland-proxy-listen-tcp-0-0-0-0-bind-an-attempt-was-made-to-access-a-socket-in-a-way-forbidden-by-its-access-permissions/81299/7
I have a MariaDB docker container running on Synology DS918+ and redirects traffic from container port 3306 to external port 3333
When I see how it binds to the port, it seems different than a working example I have for another service that doesn't run on docker
Working :
ash-4.3# netstat -nao | grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp6 0 0 :::5000 :::* LISTEN
Not working:
ash-4.3# netstat -nao | grep 3333
tcp6 0 0 :::3333 :::* LISTEN off (0.00/0/0)
When I try to access port 3333 from my laptop to the remote machine running docker I'm able to do so, the issue is when trying to access the machine's private IP from within the machine itself, this one fails
Any help is appreciated here
To clarify, although your docker is only binding to the ipv6 interface(“:::”) not the ipv4(“0.0.0.0”), Docker forbids a loopback connection to its docker-proxy from the host. I believe this also fails in all networking modes.
If you’re connecting from container to another container, use the container name via the docker-dns and private LAN. For example, if your MariaDB container is named “maria”, I believe docker’s DNS on 127.0.0.11 offers a lookup for the name “maria” to a 172...* ipv4 to which other containers may connect if in the same 172.{subnet}../16 as your MariaDB host. Connect to “maria” in another container and the tcp magically gets to the right place.
If you’re trying to connect from the docker host to a container, this is a problem that I have resigned to proxying off my router in a hairpin NAT to the same upnp ports that I’ve exported via External Access on Synology, which feels like a poor solution but works today.
I have a docker container running Caddy, and another web server.
In my Dockerfile I have
EXPOSE 80 10240 # 10240 is the port of the other webserver.
And I run docker like this (don't ask my why you need EXPOSE and -p).
docker run -p 80:80 -p 10240:1024 -it <hash>
This starts the two servers. On my host machine (it's a Mac btw) I can connect to localhost:10240 fine. However if I connect to localhost:80, I get an empty response (dropped connection).
Netstat in the docker container shows:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:10240 0.0.0.0:* LISTEN 19/node
tcp6 0 0 :::80 :::* LISTEN 9/caddy
Here's where it starts to get weird. If I curl -L localhost within the docker container, it works fine - I get the web page from the 10240 server.
If I curl -L 127.0.0.1 from within the docker container it returns 404 Site 127.0.0.1 is not served on this interface. Ok fine.
If I curl -L 127.0.0.1 from outside the container it also returns 404 Site 127.0.0.1 is not served on this interface. So somehow my requests are getting through, but Caddy drops localhost requests from outside the container, and it doesn't from inside it. I have logging enabled but it prints nothing.
Can anyone tell me what the hell is going on? All this docker port forwarding stuff is ridiculous.
Here's my Caddyfile (and I've tried about a billion other combinations of localhost, 127.0.0.1, etc.):
localhost:80
bind 0.0.0.0
proxy / 127.0.0.1:10240
I am not sure but I suspect this was because Docker for Mac's networking is kind of broken. I gave up on Caddy and tried to do the same think with Traefik, which also didn't work (though it gave a "Gateway error" instead of totally dropping the connection).
As soon as moved everything to Linux, it worked perfectly.
I use Docker for running Oracle 11g Express on macOS Sierra 10.12.2
https://github.com/wnameless/docker-oracle-xe-11g
This is my error:
Last login: Sat Jan 7 22:42:11 on ttys000
➜ ~ docker run -d -p 49160:22 -p 49161:1521 wnameless/oracle-xe-11g
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.
➜ ~ docker run -d -p 49160:22 -p 49161:1521 wnameless/oracle-xe-11g
043d8caecbb45d6e2e5999b69a2f760c20d53ff3aa2fad78cb1eb70acb058a1f
docker: Error response from daemon: driver failed programming external connectivity on endpoint serene_lalande (08bb0bd9684c0f92db7b736986bf894d3a57a714324405823496d13e175e7491): Error starting userland proxy: Bind for 0.0.0.0:49161 failed: port is already allocated.
➜ ~
I diagnostic:
➜ ~ netstat -anp tcp | grep 49161
tcp4 0 0 192.168.1.2.49161 17.188.166.13.5223 ESTABLISHED
➜ ~
➜ ~ docker --version
Docker version 1.12.5, build 7392c3b
My Dianostic ID: 20EB9506-CC72-4093-8A15-60E05A841ED1
I don't know why. Before that few weeks, it run success. Nearly, I change, release new DHCP IP. How to run Docker instance has Oracle 11g express success?
you can't launch twice
docker run -d -p 49160:22
as this means you want to allocate the port 49160 on the host twice, of course, the second time, you get you error message, try for the second run
docker run -d -p 49161:22
You will need to use a different port instead of 49161. Try a port less than 49152.
You have a pre-existing connection between the the port 49161 on your computer and port 5223 on a remote Apple server. That port, therefore, cannot be used for anything else until that connection ceases to exist. Port 5223 is used for Apple's push notifications. As best as I can tell, your computer so happened to use the random port 49161 to connect to Apple's server this time. Previously when that Docker container worked, I would bet port 49161 on your computer was not then used.
Whenever you connect to a remote server, your own computer allocates a random port number for that connection. This time around, your computer allocated 49161 when it connected to Apple's push notifications service. Next time, it could be a completely different number. See https://en.wikipedia.org/wiki/Ephemeral_port