I have this config (using the go-dockerclient https://github.com/fsouza/go-dockerclient) for a container but it only opens the tcp port when running the container:
...
StartConfig: docker.HostConfig{
PortBindings: map[docker.Port][]docker.PortBinding{
"53/tcp": {{HostIP: "0.0.0.0", HostPort: "1053"}},
"53/udp": {{HostIP: "0.0.0.0", HostPort: "1053"}},
},
I tried in every possible way without luck. When I run the container using the cmd it works as expected:
docker run -d \
-p 0.0.0.0:1053:53/udp \
-p 0.0.0.0:1053:53/tcp ...
Any ideas what am I doing wrong here?
Container inspect output:
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4bdea4ccda50aaf8a3117098fdd2073943af43e8d991ddd7a0be425c5599dfbd",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"53/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "1053"
}
]
},
"SandboxKey": "/var/run/docker/netns/4bdea4ccda50",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "1796f8bda73d13d354bcd8bafaf6c1f4ff1491582c3985f6b653ccc6b2226e01",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "fb85e54ede4e18ae48e4c889d169d2d4cd8b2087a8c9691e094a431cb6a7eb43",
"EndpointID": "1796f8bda73d13d354bcd8bafaf6c1f4ff1491582c3985f6b653ccc6b2226e01",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03"
}
}
}
I have tried the following example which worked as expected for me, the example as shown below:
The docker image link: https://github.com/sameersbn/docker-bind
Maybe the issue is related with the image that you have?
package main
import (
docker "github.com/fsouza/go-dockerclient"
)
func main() {
endpoint := "unix:///var/run/docker.sock"
client, err := docker.NewClient(endpoint)
if err != nil {
panic(err)
}
container, err := client.CreateContainer(docker.CreateContainerOptions{
Name: "my-container",
Config: &docker.Config{Image: "sameersbn/bind:9.11.3-20190113"},
HostConfig: &docker.HostConfig{
PortBindings: map[docker.Port][]docker.PortBinding{
"53/tcp": {{HostIP: "0.0.0.0", HostPort: "1053"}},
"53/udp": {{HostIP: "0.0.0.0", HostPort: "1053"}},
},
},
},
)
client.StartContainer(container.ID, nil)
}
Docker inspect results:
"Ports": {
"10000/tcp": null,
"53/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "1053"
}
],
"53/udp": [
{
"HostIp": "0.0.0.0",
"HostPort": "1053"
}
]
},
Make sure that you have this in your Dockerfile as by default EXPOSE assumes TCP as described in here:
EXPOSE 53/udp 53/tcp
I am trying to setup docker on one of my servers (gitlab instance), but I cannot get the instance to work correctly. Especially the network is the thing I cannot get correct.
This is the command I use to start the docker:
docker run --name gitlab --hostname gitlab -p 32790:32790 -e GITLAB_OMNIBUS_CONFIG="gitlab_rails['lfs_enabled'] = true; external_url = 'http://gitlab:32790';" gitlab/gitlab-ce:10.3.3-ce.0
This is the network info I get back from the docker:
"NetworkSettings": {
"Bridge": "",
"SandboxID": "8646b3f0e8106eb9e8ea574ce69b48c1782b75f3f3aab52d2d66d8972ac4aa4b",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"22/tcp": null,
"32790/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "32790"
}
],
"443/tcp": null,
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/8646b3f0e810",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "a400fd17542a2be0b7e6ff2e96770c6890f61e91324c3970a8c6425904fbf0b0",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "924e23784ebcaaf5cf27a91259095c1109c28a09d928e2425b794015c129b736",
"EndpointID": "a400fd17542a2be0b7e6ff2e96770c6890f61e91324c3970a8c6425904fbf0b0",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
The ideal result would be that I can both connect through an IP address, and through http://gitlab:32790
But I cannot get it to work correctly...
Here is my docker-compose file:
version: '2'
services:
app:
image: mykiwi/ttrss
database:
image: postgres:10-alpine
environment:
- POSTGRES_USER=ttrss
- POSTGRES_PASSWORD=ttrss
volumes:
- database:/var/lib/postgresql/data
volumes:
database: ~
But when I inspect my main container, there is no ip address:
$ docker inspect 40f78d12c178
...
"NetworkSettings": {
"Bridge": "",
"SandboxID": "70479dc6e987e744e376f6e4222e8d26174b724b686da52924a7e539ef4d4f0c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/70479dc6e987",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2c6c546b04398c4b4c7b9e52fdb16b89aacfea33b9038b6aa90b4b44fbd99ac7",
"EndpointID": "ac4da8b1b38118732a6e9e99a0ba56b271e6810afd78975c5f329185cf047bf7",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
I run it through rancher, is it related ?
Rancher uses CNI drivers for networking and so the network is "none" as far as Docker is concerned and no IP addresses or port info appears in Docker inspect. You can get it from the metadata service.
I am rather new to Kubernetes and I am trying to start a kubernetes cluster and deploy some pods .
I have a image I want to build in order to perfrom a deployment of it so I am trying to build it's dockerfile but one of the steps in the dockerfile tries to access golobal resource :
curl --silent --location https://rpm.nodesource.com/setup_7.x
I keep getting this error message :
Connecting to rpm.nodesource.com (rpm.nodesource.com)|13.32.153.164|:443... failed: Connection timed out.
Connecting to rpm.nodesource.com (rpm.nodesource.com)|2600:9000:2116:2800:16:cdcc:51c0:93a1|:443... failed: Network is unreachable
I can see that container was able to resolve the dns name ( based on the IP it prints out in the message ) but is unable to access it.
my /etc/resolv.conf is :
search default.svc.cluster.local svc.cluster.local
nameserver 10.82.67.3
nameserver 10.233.0.3
nameserver 8.8.8.8
options ndots:2 timeout:2 attempts:2
my docker version is 17.05.0-ce
my OS is redhat 7.4
this is the Network part of the docker inpect command of the container :
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a4a4c93d0ea19b48b84ef8556678f458405b32238542ede30a78229f82b55a12",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a4a4c93d0ea1",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "66d74579ee50bc8289dfc58235188e262ebf707f2f0ae0ccb640524e6e9d3f22",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "655da32f8ecab7a4bba100594a1e242c60b27304e9937ae5192857942b661603",
"EndpointID": "66d74579ee50bc8289dfc58235188e262ebf707f2f0ae0ccb640524e6e9d3f22",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
any help would be appriciated
I started a rethinkDB docker container using the command
docker pull rethinkdb:2.3
docker run --rm --name rethinkdb -v /srv/rethinkdb:/data --net host rethinkdb:2.3 rethinkdb --bind all --cache-size 8192 --no-update-check
Now the container started successfully. I did docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f288961ef376 rethinkdb:2.3 "rethinkdb --bind ..." 9 minutes ago Up 9 minutes rethinkdb
1f71722698ae sorccu/adb:latest "/sbin/tini -- adb..." 14 minutes ago Up 14 minutes adbd
Now I want to find out the IP address of this container. So I did
docker inspect --format '{{ .NetworkSettings.IPAddress }}' f288961ef376
It's returning me nothing. I couldn't find IP address for this container.
I checked if the rethinkDB configuration page is up or not by going to http://localhost:8080 and I see it's up and running.
Why doesn't this container have any IP address?
Output of docker inspect is as follows
[
{
"Id": "f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117",
"Created": "2017-05-05T11:13:45.382460184Z",
"Path": "rethinkdb",
"Args": [
"--bind",
"all",
"--cache-size",
"8192",
"--no-update-check"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 8157,
"ExitCode": 0,
"Error": "",
"StartedAt": "2017-05-05T11:13:45.774035358Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:c5ed876750b40cde4725ea9eb9d8503f4d1419a2f23ac2ef8e4cc1d535e2c3a2",
"ResolvConfPath": "/var/lib/docker/containers/f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117/hostname",
"HostsPath": "/var/lib/docker/containers/f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117/hosts",
"LogPath": "/var/lib/docker/containers/f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117/f288961ef376531c97d2264cb8ef3c6077a6a75107905d6a47734303adfcb117-json.log",
"Name": "/rethinkdb",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/srv/rethinkdb:/data"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": null,
"Name": "aufs"
},
"Mounts": [
{
"Type": "bind",
"Source": "/srv/rethinkdb",
"Destination": "/data",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "dev-machine",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"28015/tcp": {},
"29015/tcp": {},
"8080/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"RETHINKDB_PACKAGE_VERSION=2.3.5~0jessie"
],
"Cmd": [
"rethinkdb",
"--bind",
"all",
"--cache-size",
"8192",
"--no-update-check"
],
"Image": "rethinkdb:2.3",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "bd17bf8e1663ff18f6674a1a3a1665c4e1bf65283d358ffc97dc238ef4a79088",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "30b6150968580d33aae0e45f7d850b9e67ae2aa29e1bb837ca4fa74f2b0d4d42",
"EndpointID": "05e93ec514ee6694e57d344f3e4362252104347c3cc48c607708d125715ed6ec",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": ""
}
}
}
}
]
You are starting your container with the --net host option which means your container will run on your host network. Check here for more info. So your container will be accessible on the IP of your host.
A very basic example:
$ docker run --net=host -d jenkins
This will run jenkins on your real host network. So when you open the firewall (jenkins runs on 8080) you will access your container immediatly.
So I open the firewall:
$ sudo iptables -I INPUT 5 -p tcp -m tcp --dport 8080 -j ACCEPT
I check the real IP of my eth0 (host network) with ifconfig. (I'm doing this on a VM). It is inet 192.168.140.7. I go in my browser to 192.168.140.7:8080 and I see the jenkins. So your container has no own IP. It's running on your host network and host IP.
If you leave the --net host option, the container will be created in the default docker bridge network with range "172.17.0.0/16". Now your container will get an IP from in the range of that network. To access the container from the outside you have to map your ports on your host network (see the more info). You can do this with the -p option.
So for the jenkins example:
$ docker run -d -p 8888:8080 jenkins
When I perform a docker inspect I see:
"IPAddress": "172.17.0.4",
So my container is running in the bridge network on 172.17.0.4:8080.
Now with the -p option I'm mapping the port 8080 of my bridge network on 8888 of my host network: so host-IP:8888. Now it's accessible from the outside.
Your container ip the the same as the host. host basically says that your container uses the same network interface as the host. It is fast since there's no bridging but limited; You have to make sure that your containers do not listen to the same port to avoid conflicts.
It's better to stick with the default bridge network and specify the port that you want exposed to the host. For instance:
docker run --rm --name rethinkdb -v /srv/rethinkdb:/data -p 8080:8080 \
rethinkdb:2.3 rethinkdb --bind all --cache-size 8192 --no-update-check
btw, --net has been renamed --network in later versions of Docker.