Unable to connect with container at address /0.0.0.0:9000 - docker

My container of play/scala application starts at [info] p.c.s.AkkaHttpServer - Listening for HTTP on /0.0.0.0:9000. But I am unable to connect to it from the browser. I am running the container on my windows machine after having build the image using Docker for Windows
The Dockerfile is
FROM openjdk:8
WORKDIR deploy
COPY target/universal/myapp-1.0.zip .
COPY conf/logback_dev.xml ./logback.xml
COPY conf/application_dev.conf ./application.conf
RUN unzip myapp-1.0.zip
RUN chmod +x myapp-1.0/bin/myapp
EXPOSE 9000
ENTRYPOINT myapp-1.0/bin/myapp -Dplay.http.secret.key=changemeplease -Dlogger.file=/deploy/logback.xml -Dconfig.file=/deploy/application.conf
I am starting the container as docker run myApp -p 9000:9000 -network="host" and also tried docker run myApp -p 9000:9000 -network="host"
UPDATE
this is interesting.
If I specify image name before port then the application isn't reachable
docker run myApp -p 9000:9000
In docker container ps -a, I see (no mapping of localhost:9000 to 9000)
C:\Users\manuc>docker container ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4d16547cd96d myApp "/bin/sh -c 'myApp…" 10 seconds ago Up 9 seconds 9000/tcp, 9042/tcp ecstatic_bell
but if I specify port before image name, then the application is reachable
docker run -p 9000:9000 myApp
In docker container ps -a, I see mapping of localhost:9000 -> 9000
C:\Users\manuc>docker container ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24b571cc0057 myApp "/bin/sh -c 'MyApp…" 39 seconds ago Up 38 seconds 0.0.0.0:9000->9000/tcp, 9042/tcp silly_yalow

Things to do when your container is not behaving like you want:
Check if your application is running in your computer.
After you run your container, check if it is healthy with docker ps. If it is not healthy, the problem is usually in your application.
Ensure it is running without errors, check logs with docker logs <container-id>. If logs are ok, problem is usually in the container network configuration.
Ensure you can access your application with docker exec -it <container-id> bash. And try to access port with curl or wget. If it is not reachable problem can be in iptables, firewall, or your application.
If you can ensure all the steps above working as expected. The problem is in docker network configuration.
Docker network host only works in linux, not mac and windows. You can run container with docker run -p 9000:9000 myapp. Checkout documentation: https://docs.docker.com/network/host/#:~:text=The%20host%20networking%20driver%20only,the%20docker%20service%20create%20command.
General form of the docker run command is docker run [OPTIONS] IMAGE[:TAG|#DIGEST] [COMMAND] [ARG...] as you can see in documentation. You need to specify port options before image name.

Related

Docker does not care about user permissions. Why?

I have a docker file userPermissionDenied.df, here is its content:
FROM busybox:1.29
USER 1000:1000
ENTRYPOINT ["nc"]
CMD ["-l", "-p", "80", "0.0.0.0"]
I run the following commands:
> docker image build -t fooimg -f userPermissionDenied.df .
> docker container run fooimg
Now I expect the following output:
> nc: bind: Permission denied
But I am not getting any output at all:
the container just hangs. Why?
I am learning Docker through the Docker in Action by Jeff Nickoloff and that is where I got the use case from.
Given that you are running the nc command as a non-root user (due to the USER 1000:1000 directive in your Dockerfile), you might expect to see a "permission denied" error of some sort when nc tries to bind port 80.
In earlier versions of Docker that is exactly what would have happened, but a few years ago Docker was modified so that containers run with net.ipv4.ip_unprivileged_port_start=0, which means there are no longer any "privileged ports": any UID can bind any port.
You can see this setting by running sysctl inside a container:
$ docker run -it --rm -u 1000:1000 alpine sysctl -a |grep net.ipv4.ip_unprivileged_port_start
net.ipv4.ip_unprivileged_port_start = 0
the container just hangs. Why?
The container isn't "hanging"; it is successfully running nc -l -p 80, which is waiting for a connection to the container on port 80. If you were to use curl or some other tool to connect to port 80 in that container, it would display any data send over the connection and then the container would exit when the connection is closed.

Access Docker hosted web application from Host machine

I have created a php web application and hosted it in Docker.
Now Im trying to access the application from the host machine(not through docker) and Im unable to open it.Any help will be greatly appreciated!
Details-
OS - Catalina
Accessing :- http://localhost:60
Error-
This page isn’t workinglocalhost didn’t send any data.
ERR_EMPTY_RESPONSE
Followed the below steps :-
Shrutis-MacBook-Pro:MyDockerImages shrutipatnaik$ ls
index.php world.txt
Dockerfile
Shrutis-MacBook-Pro:MyDockerImages shrutipatnaik$ docker build -t jenkins_php .
Sending build context to Docker daemon 653.8MB
Step 1/3 : FROM php:7.4-apache
---> 05e7c943eaa9
Step 2/3 : COPY . /var/www/html
---> e30136f8e0c7
Step 3/3 : CMD ls && whoami && pwd ;
---> Running in 4c29020952fb
Removing intermediate container 4c29020952fb
---> dd0a9d7f8ccd
Successfully built dd0a9d7f8ccd
Successfully tagged jenkins_php:latest
Shrutis-MacBook-Pro:MyDockerImages shrutipatnaik$docker run -it -d -p 60:60
jenkins_php:latest /bin/sh
26e3590f0e6a249f26251c33020a8180610ce07ff11004dc3dc2460a3aa41790
Shrutis-MacBook-Pro:MyDockerImages shrutipatnaik$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
26e3590f0e6a jenkins_php:latest "docker-php-entrypoi…" 6 hours ago
Up 6 hours 60/udp, 0.0.0.0:60->60/tcp, 80/tcp kind_chatelet
OK two things:
first - when you run the container with the /bin/sh command in the end that's the command the container is running, not your web app.
See your used docker image dockerfile and ENTRYPOINT and CMD commands.
when you add the command in the end of the docker run command you override the preconfigured startup commands:
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
For that run docker run -dp 60:60 jenkins_php:latest
example with nginx:
when running like suggested in question:
docker run -itdp 80:80 nginx /bin/sh
We get trying to access through chrome:
when running "regularly" with:
docker run -dp 80:80 nginx
or even
docker run -itdp 80:80 nginx
We get trying to access through chrome:
and in either case when running docker ps it doesn't show the new command but the old entry-point script (just like in the question) even though it was overridden:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fe92585a40c nginx "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp adoring_heisenberg
second - it is also possible that after fixing that it wont work cause you also publish port 80/tcp and unless you specifically chose that it would make more sense to publish on 80 by default so I'd check that along the way.
for that run docker run -dp 80:80 jenkins_php:latest
if we try to replicate like in the previous misconfiguration we get the same error
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
146d05cc5275 nginx "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 80/tcp, 0.0.0.0:80->1000/tcp, :::80->1000/tcp goofy_lamport
localhost didn’t send any data.
ERR_EMPTY_RESPONSE

Wiremock Docker Container not using the supplied port (instead using 8080)

I am using WireMock Docker image and spinning off the container using it. I can verify the container is up and running but after looking at container logs, looks like it is still running on 8080? At least, I am not able to access Wiremock using localhost:9999/__admin
Create Wiremock container: docker run -d -p 9999:9999 my-registry.com/rodolpheche/wiremock --verbose
Verify container: docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7b9847734cd4 my-registry.com/rodolpheche/wiremock "/docker-entrypoint.…" 7 seconds ago Up 5 seconds 8080/tcp, 8443/tcp, 0.0.0.0:9999->9999/tcp elegant_elion
You need to run docker run -it --rm -p 9999:8080 rodolpheche/wiremock in order to run the Wiremock as clearly mentioned in the documentation. It will be accessible using this url: http://localhost:9999/__admin
This fixed my issue (appending --port 9999):
docker run -d -p 9999:9999 my-registry.com/rodolpheche/wiremock --verbose --port 9999

Docker - Unable to Access Service from Localhost

I've created a Dockerfile which looks like this:
FROM openjdk:8-jdk
COPY . .
ENTRYPOINT ["/bin/graphdb"]
EXPOSE 7200
On doing docker run 34a1650b461d -p 127.0.0.1:7200:7200 I see my service running as shown in the terminal output - however when I go to localhost:7200 I keep seeing This site can’t be reached 127.0.0.1 refused to connect.
Could anyone explain what I'm missing?
Also fyi - when I do docker ps, under PORTS I see 7200/tcp.
I read this page and followed what was described but to no luck.
Any help appreciated.
Thanks.
For docker run the order of the parameters matter, so this:
docker run 34a1650b461d -p 7200:7200
Is not the same as:
docker run -p 7200:7200 34a1650b461d
In the first case you are passing the parameters -p 7200:7200 to your ENTRYPOINT command /bin/graphdb; whereas in the second case, you are passing -p 7200:7200 to docker run, which is what you wanted.
How to validate when ports are correctly forwarded?
You can validate this by running docker ps and checking the PORTS column:
$ docker run -d 34a1650b461d -p 7200:7200
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03abc0b390ef mytest "/bin/graphdb -p 720…" 6 seconds ago Up 5 seconds 7200/tcp elegant_wescoff
Do you see how the COMMAND includes your -p? That's not what you wanted. So docker run was not interpreting that parameter at all. Also, you can see the PORTS column, which shows the port is exposed but not forwarded.
Whereas doing it like this:
$ docker run -d -p 7200:7200 34a1650b461d
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03abc0b390ef mytest "/bin/graphdb" 6 seconds ago Up 5 seconds 0.0.0.0:7200->7200/tcp elegant_wescoff
You can see now that -p is not being passed to COMMAND and that the port is forwarded: 0.0.0.0:7200->7200/tcp.

Docker for Mac. docker run -d -p 80:80 --name webserver nginx shows another container with this name. but docker ps shows empty list

I am learning "Docker for Mac"
$ docker run -d -p 80:80 --name webserver nginx
docker: Error response from daemon: Conflict. The name "/webserver" is already in use by container 728da4a0a2852869c2fbfec3e3df3e575e8b4cd06cc751498d751fbaa75e8f1b. You have to remove (or rename) that container to be able to reuse that name..
But when I run
$ docker ps
It shows no containers listed.
But due to the previous error message tells me that there is this container 728da....
I removed that container
$ dockder rm 728da4a0a2852869c2fbfec3e3df3e575e8b4cd06cc751498d751fbaa75e8f1b
Now I run this statement again
$ docker run -d -p 80:80 --name webserver nginx
It is working fine this time.
And then I run $ docker ps, I can see this new container is listed
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ecc0412fd31 nginx "nginx -g 'daemon off" 19 seconds ago Up 17 seconds 0.0.0.0:80->80/tcp, 443/tcp webserver
Note:
I am using "Docker for Mac".
But I had "Docker Box" installed on the Mac before. I don't know if that is the invisible "webserver" container comes from.
As activatedgeek says in the comments, the container must have been stopped. docker ps -a shows stopped containers. Stopped containers still hold the name, along with the contents of their RW layer that shows any changes made to the RO image being used. You can reference containers by name or container id which can make typing and scripting easier. docker start webserver would have restarted the old container. docker rm webserver would remove a stopped container with that name.
You can also abbreviate the container id's to the shortest unique name to save typing or a long copy/paste. So in your example, docker rm 728d would also have removed the container.
The Docker Getting Started document asks the learners trying two statements first.
docker run hello-world
and
docker run -d -p 80:80 --name webserver nginx
I was wondering why I can run
docker run hello-world
many times but if I run
docker run -d -p 80:80 --name webserver nginx
the second time, I got the name conflicts error. Many beginners would be wondering too.
With your help and I did more search, now I understand
docker run hello-world,
we did not use --name, in this case, a random name was given so there will be no name conflicts error.
Thanks!

Resources