I have 2 EC2 instances, they can talk normally through curl,
the EC2 marked dolphin has a docker container in it, and all security groups and firewall ports setup is OK.
to connect from docker into localhost of dolphin
i will use "host.docker.internal" instead of "localhost" because localhost means docker container itself.
my question :
how can i make docker not only talk to localhost of it's host, but to connect to the local machine of IP 172.30.2.194
--network host is not working, because i have another container linked... this is the error
/usr/bin/docker-current: Error response from daemon: Conflicting
options: host type networking can't be used with links. This would
result in undefined behavior.
Docker containers internally use the 172.x.x.x ip range. You can't connect to the EC2 because the ip range is clashing and the network stack routes the packets among the docker network instead of the "external" VPC.
A solution would be to change the address range of the VPC which holds your EC2 machines. You could use 192.168.x.x or 10.x.x.x.
Related
I'm looking for a way to access containers that are running on server in our company lan by domain names. By far I only managed to access them by IPs
So the setup is. Docker (for windows) is running on server srv1.ourdomain.com (Windows Server 2019), network for container is configured with l2bridge driver, container's dns name, as specifiedn in run command, is cont1. It is accessible by dns name on the docker host (srv1) and by IP from my machine.
What can I do to access the container by dns name cont1.ourdomain.com from my local machine located in the same lan?
I tried to use proxy (traefik) but it cant rewrite urls in the content, so web applications running inside the container are failing. Bacause of this I can't host multiple web application behind that proxy.
I know that it is possible to map container's port to host port and then it will be accessible from lan through the host name and host port, but applications I'm running are requiring many ports to be mapped (like 8 ports for each container) and with those containers being short-lived developer's environments it will be a hell to find a port pool when running new container.
So again if I can access container and its' ports by IP, is there a way to do the same by DNS name?
UPD1. Container host is a virtual server running on vmware. I tried to follow those recommendations and configure promiscuous mode. Thise doesn't help with dns though.
UPD2. I tried transparent network as well. For some reason DHCP can never assign propper IP and container ends up with autoconfigured ip from 168.x.x.x subnet.
You could create a transparent network and make the container discoverable on the network just like host. However, using host ports is what's recommended.
Did you try PathStrip or PathPrefixStrip with Traefik? That should let you rewrite the URLs for the backend.
I am using docker container for my asp.net core web api application and container is up and running.
Now I am getting docker internal IP address using below command,
docker inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" d986472784cb and getting the IP address as 172.20.0.2.
Now I am not getting any result when hitting below url in browser
http://172.20.0.2/WeatherForecast, seeing ERR_CONNECTION_TIMED_OUT error.
local address https://localhost:32772/weatherforecast is just working fine.
What could be the issue?
The container-private IP simply doesn't work in a variety of common circumstances:
If you're not calling from the same host, the container-private IP won't be reachable at all
If there is a VM involved at all (Docker Toolbox on Windows, Docker Desktop on Windows or Mac), the container-private IP won't be reachable at all
If you're not on the same Docker-internal network, you might not be able to reach the container-private IP
Since it doesn't work in so many environments, I wouldn't recommend looking up this IP address at all: forget that particular docker inspect command exists. From the browser, use your host's IP address or DNS name (or localhost if the containers and browser are on the same system, but not if Docker Toolbox is involved) and the published port number (docker run -p option, Docker Compose ports: option, the first port number from that pair).
You need the port number in the ip address url. http://172.20.0.2:32772/WeatherForecast
I am using Docker desktop, I have a couple of docker containers running using docker-compose and port forwarding. I can access the containers from my mac using localhost. On the second container, I am exposing on different ports. I can see ip addresses are associated to both containers by using docker inspect, but I cannot access using the ip address.
I would like access the container from my local mac by
dns domain
ip address
Any help appreciated.
Thanks
You cannot directly connect to the container-private IP addresses on MacOS. You also can't connect to them using a VM-based Docker implementation like Docker Toolbox or Kubernetes' minikube, or from a different host. Looking up and using these IP addresses, or trying to manually set them, usually isn't a best practice.
Instead you can use the docker run -p option to publish a port from your container to the host. Programs running directly on the host can access the container using localhost as a host name and the published port number. This works on all platforms; on VM-based solutions use the VM's IP address instead of localhost; from a different host, use the Docker host's DNS name or IP address.
I have deployed a netflix hystrix dashboard with turbine on a docker container, I can access to http://ip:8081/hystrix but when I try to monitor the stream of turbine it freeze and doesn't return any information, I test using curl inside the container and execute curl http://localhost:8081/turbine.stream and curl http://containername:8081/turbine.stream, with those two command works perfectly but when I use the host ip as curl http://hostip:8081/turbine.stream the curl throws Failed to connect to hostip port 8081: No route to host, I can't found a solution, can someone help me with this issue?,
Thanks in advance.
In order to access the container through Host IP you need to ensure the following:
Port mapping is allowing through the Host/Public IP itself not only localhost.
You can check this by executing docker ps on the docker host and look for the PORTS column the default should be as the following 0.0.0.0:8081->8081/tcp which means it can accept connection from any interface either public, private or localhost.
The firewall is not blocking the connection on port 8081.
By default the firewall of the host should be managed by Docker daemon itself so the port 8081 will be allowed in the firewall but you might have a different case either Docker is not managing the firewall of the host or there is an extra layer that prevents the connection
I am trying to make Consul work inside a Docker container, but using Docker for Windows and Linux containers. I am using the official Consul Docker image. The documentation states that the container must use --net=host for Consul's consensus and gossip protocols.
The problem is, as far as I can tell, that Docker for Windows uses a Linux VM under the hood, and the "host" of the container is not the actual host machine, but that VM. I could not find a combination of -bind, -client and -advertise parameters (IP addresses), so that:
Other Consul agents on other hosts can connect to the local agent using the host machine's IP address.
Other containerized services on the same host can query the local agent's REST interface.
Whenever I pass the host machines IP address in the LAN through -advertise, I get these errors inside the container:
2018/04/03 15:15:55 [WARN] consul: error getting server health from "linuxkit-00155d02430b": rpc error getting client: failed to get conn: dial tcp
127.0.0.1:0->10.241.2.67:8300: connect: invalid argument 2018/04/03 15:15:56 [WARN] consul: error getting server health from "linuxkit-00155d02430b": context deadline exceeded
Also, other agents on other hosts cannot connect to that agent.
Using -bind on that address fails - my guess is, since the container is inside the Linux VM, the host machine's address is not the container's host's address, and therefore cannot be bound.
I have tried various combinations of -bind, -client and -advertise, using addresses like 0.0.0.0, 127.0.0.1, 10.0.75.2 (addresss on the Docker virtual switch) and the host machine's IP, but to no avail.
I am now wondering whether this is achievable at all. I have been trying this for quite some time, and I am despairing. Any advice would be appreciated!
I have tried the whole process without using --net=host, and everything works fine. I can connect agents across hosts, and I can query the local agents REST interface from other containerized applications... Is --net=host really crucial to the functioning of Consul?