Develop Reference

Docker container runs on aws fargate SSL issue

I am trying to make my .net core api on live on AWS fargate. I have created an application load balancer on AWS and added to listeners for 80 and 443 ports.
I exposed 8080 port to 80 and 8081 port to 443 in my container.
Here is my task definition file
{
"ipcMode": null,
"executionRoleArn": "my-esc-roles",
"containerDefinitions":
[
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration":
{
"logDriver": "awslogs",
"secretOptions": null,
"options":
{
"awslogs-group": "/ecs/my-tasks",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint":
[],
"portMappings":
[
{
"hostPort": 8080,
"protocol": "tcp",
"containerPort": 8080
},
{
"hostPort": 8081,
"protocol": "tcp",
"containerPort": 8081
}
],
"command":
[],
"linuxParameters": null,
"cpu": 0,
"environment":
[],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints":
[],
"workingDirectory": null,
"secrets":
[
{
"valueFrom": "LiveDb",
"name": "LiveDb"
},
{
"valueFrom": "SSLPath",
"name": "ASPNETCORE_Kestrel__Certificates__Default__Path"
},
{
"valueFrom": "SSLPassword",
"name": "ASPNETCORE_Kestrel__Certificates__Default__Password"
}
],
"dockerSecurityOptions": null,
"memory": 500,
"memoryReservation": 400,
"volumesFrom":
[],
"stopTimeout": null,
"image": "my-ecr-repo/image:latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "my-container"
}
],
"placementConstraints":
[],
"memory": "2048",
"taskRoleArn": "**********************",
"compatibilities":
[
"EC2",
"FARGATE"
],
"taskDefinitionArn": "*******************",
"family": "supplierportal-tasks",
"requiresAttributes":
[
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities":
[
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform":
{
"operatingSystemFamily": "LINUX",
"cpuArchitecture": null
},
"cpu": "1024",
"revision": 10,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes":
[]
}
And here is my dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 8080
EXPOSE 8081
ENV ASPNETCORE_URLS=http://+:8080;https://+:8081
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-dotnet-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["WebAPI/WebAPI.csproj", "WebAPI/"]
RUN dotnet restore "WebAPI/WebAPI.csproj"
COPY . .
WORKDIR "/src/WebAPI"
RUN dotnet build "WebAPI.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "WebAPI.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebAPI.dll"]
When it comes to port 80 everything works perfectly. but on port 443 I could not be able to set up SSL.
Here is the error log I receive.
Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
I have stored my pfx file in s3 but it did not work. Where should I put my pfx file to deploy it in a container?
I have used the below paths for SSL on S3.
s3://mycert/WebAPI.pfx => did not work
https://my-cert.s3.amazonaws.com/ebAPI.pfx => did not work
arn:aws:s3:::my-cert/WebAPI.pfx => did not work

I have stored my pfx file in s3 but it did not work. Where should I put my pfx file to deploy it in a container?
You would need to add a step to the startup of your docker container to copy the file from S3 into the container, using either the AWS CLI tool, or the AWS SDK.
You really only need the SSL certificate that is installed on the load balancer, unless you have some sort of regulatory requirement for end-to-end encryption. The Application Load Balancer is doing SSL termination, so the network connection between the user's web browser and your AWS private network is encrypted. The SSL listener on the load balancer's port 443 can forward traffic to your unencrypted port 8080.

docker nginx, exit code 139

I'm trying to run a nginx webserver in docker, but it immediately stops with exit code 139.
This is a fresh setup, and the container doesn't generate a log.
Error 139: Indicates failure as container received SIGSEGV.
So no idea what it can be:
setup:
Raspberry Pi 3b+ & 16GB microSD
running: hypriotos-rpi-v1.12.3.img.zip
Docker 19.03.12
I try to run nginx with:
docker run nginx
This stops with exit code 139 after a few seconds.
It uses the nginx:latest image (from 'pull nginx'). No other containers are running.
Other containers that don't give any problem: portainer, netdata, busybox.
also tried the 'rpi-nginx' image, but same error 139.
The result of 'docker inspect nginx':
[
{
"Id": "sha256:7c554206e557aea70d592e48b168d66c8e5ee6604e064cbc20b92bff10a3bc3a",
"RepoTags": [
"nginx:latest"
],
"RepoDigests": [
"nginx#sha256:c3a1592d2b6d275bef4087573355827b200b00ffc2d9849890a4f3aa2128c4ae"
],
"Parent": "",
"Comment": "",
"Created": "2020-11-17T22:54:26.514640916Z",
"Container": "758473294fb95509727018334cc52a102816a0c1c57e6e85a4dcf1158a5be180",
"ContainerConfig": {
"Hostname": "758473294fb9",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.19.4",
"NJS_VERSION=0.4.4",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"nginx\" \"-g\" \"daemon off;\"]"
],
"Image": "sha256:3f83e43f035de87c25066e7044216d38353611558187fa4a3335b2c18d3e06a8",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint#nginx.com>"
},
"StopSignal": "SIGTERM"
},
"DockerVersion": "19.03.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.19.4",
"NJS_VERSION=0.4.4",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "sha256:3f83e43f035de87c25066e7044216d38353611558187fa4a3335b2c18d3e06a8",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint#nginx.com>"
},
"StopSignal": "SIGTERM"
},
"Architecture": "arm",
"Os": "linux",
"Size": 102509632,
"VirtualSize": 102509632,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/b7377edf293c2cca280779320a3eb4f9210f9149ca768798a43afa3b5d1aacef/diff:/var/lib/docker/overlay2/0751d900e8d7ab471e0876112be7a098be618e179702c5c547ea2f66ebcc4717/diff:/var/lib/docker/overlay2/c3e60839ffc1ebd5cc4ecf21eae2bf2467fe504b953df4a8fa9f87bcfc23c72d/diff:/var/lib/docker/overlay2/ef6e643beefb584790dda69a79126eb46236d651caed98e415abb1304b0ed5ec/diff",
"MergedDir": "/var/lib/docker/overlay2/5c4b8c7ab51f07f20e6ab25b3ad9f125f7d64c7dc56d84cddc650345e2b3d40f/merged",
"UpperDir": "/var/lib/docker/overlay2/5c4b8c7ab51f07f20e6ab25b3ad9f125f7d64c7dc56d84cddc650345e2b3d40f/diff",
"WorkDir": "/var/lib/docker/overlay2/5c4b8c7ab51f07f20e6ab25b3ad9f125f7d64c7dc56d84cddc650345e2b3d40f/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:70d894963bcc7f1b789cc5a26b02403a8144d4588bbc87739641155f5189b2ef",
"sha256:310c1dc973cc0500d3367cc708b7268a2c44919acff89df8b17ac8898a7f9615",
"sha256:7f24751cfac568fdbd1c646bfcc405fd952f7a4bfa3d55abb46782f6c65ff5f3",
"sha256:d044176104cf5ee41702563ed781f9f38d71f78df9e25f6cf862a427d55f6970",
"sha256:052ab1c348864a58088c6d1ccff5a8a5e32e5d5fed997bab49e7437f97fcf5d6"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]

The nginx image is build for amd64 architecture.
There is a variant targeting the arm64 architecture: arm64v8/nginx.

I am running my personal blog on a rpi at home with nginx. I even wrote an entire blog post on how to quickly set it up. You can clone it and have it up and running in minutes. I use balena.io to orchestrate it, it's super easy.
Here is the post: https://odyslam.me/blog/balena-nginx-rpi/
If you have any more questions, just shoot them up :)
P.S I am also using netdata in this setup. It's nuts (and for disclaimer, I work at Netdata).

I also encountered the same error , but solve it when I change the version of nginx to V1.18.0 now.

Why Docker run failed? exec user process caused "no such file or directory"

I am trying to reproduce the swarm cluster using go microservices
The guy who wrote the original code worked on Mac, I am on Ubuntu 18.04.
I managed to build the image but when I go for
docker run --rm someprefix/accountservice
I have serious problem
standard_init_linux.go:207: exec user process caused "no such file or directory"
Docker inspect
docker inspect someprefix/accountservice
[
{
"Id": "sha256:a5e37628d346dba85c07933c0d564d097090e23e3fc86e27d75c2a1a2996598e",
"RepoTags": [
"someprefix/accountservice:latest"
],
"RepoDigests": [],
"Parent": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Comment": "",
"Created": "2019-04-30T18:06:08.292837947Z",
"Container": "ea592f14dd2969078725ca8180335a1844a90270415256bc9466d526f35fc1a6",
"ContainerConfig": {
"Hostname": "536a453ae03e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6767/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"ENTRYPOINT [\"./accountservice-linux-amd64\"]"
],
"ArgsEscaped": true,
"Image": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"./accountservice-linux-amd64"
],
"OnBuild": [],
"Labels": {}
},
"DockerVersion": "18.09.5",
"Author": "",
"Config": {
"Hostname": "536a453ae03e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6767/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"ArgsEscaped": true,
"Image": "sha256:9120fa959fd47ffeb5275f4a30a97508b90279e80fccbce238c56d80048abebe",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"./accountservice-linux-amd64"
],
"OnBuild": [],
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 13093818,
"VirtualSize": 13093818,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a3601e0c28ae2733092fff04b223561787158d743e0038e889af5f978bd03cf2/diff:/var/lib/docker/overlay2/2ea56a1556aac38a84a911dbad39b82d2cd060ceb21fc8e01619c382945a045f/diff",
"MergedDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/merged",
"UpperDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/diff",
"WorkDir": "/var/lib/docker/overlay2/cb37e949bab85bf65be5ef6a5b6db6f7fefc12115825f7e6a458b8b45b697d30/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215",
"sha256:f66908b454c81aae190cc6ae4f430edda3dba86b2c0ba92cadfe817153a6f841",
"sha256:d2e3740a7dc7513f02913179b3090d6bc6581cf3e7ffa9ebea946403643ee55a"
]
},
"Metadata": {
"LastTagTime": "2019-04-30T20:06:08.366158681+02:00"
}
}
]
I have seen similiar issues here on SO,but none of them is related to my problem.

I solved it by disabling CGO
CGO_ENABLED=0 go build -o accountservice-linux-amd64
Next step
docker build -t someprefix/accountservice accountservice/
Sending build context to Docker daemon 8.439MB
Step 1/4 : FROM iron/base
---> b438fe7f76e9
Step 2/4 : EXPOSE 6767
---> Running in b3e84e962cf8
Removing intermediate container b3e84e962cf8
---> 924d21d06a29
Step 3/4 : ADD accountservice-linux-amd64 /
---> b92d16e8701b
Step 4/4 : ENTRYPOINT ["./accountservice-linux-amd64"]
---> Running in cb311a684b5a
Removing intermediate container cb311a684b5a
---> 1aedce37d586
Successfully built 1aedce37d586
Successfully tagged someprefix/accountservice:latest
No problems at all with docker run
docker run --rm someprefix/accountservice
Starting accountservice
Seeded 100 fake accounts...
2019/05/01 08:35:34 Starting HTTP service at 6767

How Docker will resolve hostname or IP present in properties file?

I have 2 Spring Boot micro-service applications i.e web application and metastore application. This is the properties file for my web application.
spring:
thymeleaf:
prefix: classpath:/static/
application:
name: web-server
profiles:
active: native
server:
port: ${port:8383}
---
host:
metadata: http://10.**.**.***:5011
Dockerfile for web application:
FROM java:8-jre
MAINTAINER **** <******>
ADD ./ms.console.ivu-ivu.1.0.1.jar /app/
CMD chmod +x /app/*
CMD ["java","-jar", "/app/ms.console.web-web.1.0.1.jar"]
EXPOSE 8383
Dockerfile for metadata application:
FROM java:8-jre
MAINTAINER ******* <********>
ADD config/* /deploy/config/
CMD chmod +x ./deploy/config/*
COPY ./ms.metastore.1.0.1.jar /deploy/
CMD chmod +x ./deploy/ms.metastore.1.0.1.jar
CMD ["java","-jar","./deploy/ms.metastore.1.0.1.jar"]
EXPOSE 5011
I am using Mesos and Marathon for cluster management. The Marathon scripts for metastore is :-
{
"id": "/ms-metastore",
"cmd": null,
"cpus": 1,
"mem": 2000,
"disk": 0,
"instances": 0,
"acceptedResourceRoles": [
"*"
],
"container": {
"type": "DOCKER",
"docker": {
"forcePullImage": true,
"image": "*****/****:ms-metastore",
"parameters": [],
"privileged": true
},
"volumes": [],
"portMappings": [
{
"containerPort": 5011,
"hostPort": 0,
"labels": {},
"protocol": "tcp",
"servicePort": 10000
}
]
},
"networks": [
{
"mode": "container/bridge"
}
],
"portDefinitions": [],
"fetch": [
{
"uri": "file:///etc/docker.tar.gz",
"extract": true,
"executable": false,
"cache": false
}
]
}
Web marathon:
{
"id": "/ms-console",
"cmd": null,
"cpus": 1,
"mem": 2000,
"disk": 0,
"instances": 0,
"acceptedResourceRoles": [
"*"
],
"container": {
"type": "DOCKER",
"docker": {
"forcePullImage": true,
"image": "****/****:ms-console",
"parameters": [],
"privileged": true
},
"volumes": [],
"portMappings": [
{
"containerPort": 8383,
"hostPort": 0,
"labels": {},
"protocol": "tcp",
"servicePort": 10000
}
]
},
"networks": [
{
"mode": "container/bridge"
}
],
"portDefinitions": [],
"fetch": [
{
"uri": "file:///etc/docker.tar.gz",
"extract": true,
"executable": false,
"cache": false
}
]
}
Web application I am connecting to metastore with IP which is hard coded (mentioned in properties). I created docker images for both and run in my server. The metastore server now running in different machine, so my web application is unable to resolve this IP.

All you need to do here is expose 5011 as the host port on the metadata server running on "different machine" using -p -
docker run -d -p 5011:5011 metadata_image ....
Now your web application should be able to access metadata server by using http://$different_machine_ip:5011/
$different_machine_ip = Metadata server IP
However since they need to be tightly coupled, i would suggest you run web app & metadata server on the same machine in case your metadata server is stateless.

Unable to ping docker container

New to docker on mac osx. I am building a ubuntu image from the base phusion image to use as a git server. Using the following file to install the base and needed software. This works great. However, I am unable to ping the machine.
EDIT
I am unable to ping the machine. I can run the image and see the container in the ps command. I can also exec bash into it.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
54e4cef78445 git-ssh_img "/usr/sbin/sshd -D" 44 minutes ago Up 44 minutes 22/tcp git-ssh
The following also works
docker exec -it 54e4cef78445 ping www.google.com
PING www.google.com (173.194.219.147) 56(84) bytes of data.
64 bytes from ya-in-f147.1e100.net (173.194.219.147): icmp_seq=1 ttl=61 time=65.1 ms
64 bytes from ya-in-f147.1e100.net (173.194.219.147): icmp_seq=2 ttl=61 time=67.1 ms
Dockerfile:
# Use phusion/baseimage as base image. To make your builds reproducible, make
# sure you lock down to a specific version, not to `latest`!
# See https://github.com/phusion/baseimage-docker/blob/master/Changelog.md for
# a list of version numbers.
FROM phusion/baseimage:0.9.18
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
# ...put your own build instructions here...
ENV TERM xterm
RUN apt-get -y update
RUN apt-get -y install openssh-server
RUN apt-get -y install git \
libxml2-dev \
python \
build-essential \
make \
gcc \
python-dev \
python-pip
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Setting openssh
# RUN mkdir /var/run/sshd
RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
# Adding git user
RUN adduser --system git
RUN mkdir -p /home/git/.ssh
# Clearing and setting authorized ssh keys
RUN echo '' > /home/git/.ssh/authorized_keys
RUN echo 'First key' >> /home/git/.ssh/authorized_keys
# RUN echo 'Second SSH public key' >> /home/git/.ssh/authorized_keys
# ...
# Updating shell to bash
RUN sed -i s#/home/git:/bin/false#/home/git:/bin/bash# /etc/passwd
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
Inspect command:
[
{
"Id": "54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2",
"Created": "2015-12-10T21:01:16.683875853Z",
"Path": "/usr/sbin/sshd",
"Args": [
"-D"
],
"State": {
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 13930,
"ExitCode": 0,
"Error": "",
"StartedAt": "2015-12-10T21:01:16.763739339Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "b2c6f9604ceca1e112dc0560aa4d0c50596d27c80256c544613f1d6badf6ccda",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "87f12f9b527f3e0d7f823f1e2c88b0d0e860ff2d1687568d0a15cfa9fdfe22c3",
"Gateway": "172.17.42.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "172.17.0.26",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:1a",
"NetworkID": "a60ea78a8239baed013f9bfb1b2719a599ddef7745170e3c17eeab743a391ebe",
"PortMapping": null,
"Ports": {
"22/tcp": null
},
"SandboxKey": "/var/run/docker/netns/54e4cef78445",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null
},
"ResolvConfPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/resolv.conf",
"HostnamePath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/hostname",
"HostsPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/hosts",
"LogPath": "/mnt/sda1/var/lib/docker/containers/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2/54e4cef78445e1308b744297edc1d3d153932ce7724e87b35dc3690f8ffe41a2-json.log",
"Name": "/git-ssh",
"RestartCount": 0,
"Driver": "aufs",
"ExecDriver": "native-0.2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LxcConf": [],
"Memory": 0,
"MemorySwap": 0,
"CpuShares": 0,
"CpuPeriod": 0,
"CpusetCpus": "",
"CpusetMems": "",
"CpuQuota": 0,
"BlkioWeight": 0,
"OomKillDisable": false,
"MemorySwappiness": -1,
"Privileged": false,
"PortBindings": {},
"Links": null,
"PublishAllPorts": false,
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"VolumesFrom": null,
"Devices": [],
"NetworkMode": "default",
"IpcMode": "",
"PidMode": "",
"UTSMode": "",
"CapAdd": null,
"CapDrop": null,
"GroupAdd": null,
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"SecurityOpt": null,
"ReadonlyRootfs": false,
"Ulimits": null,
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"CgroupParent": "",
"ConsoleSize": [
0,
0
]
},
"GraphDriver": {
"Name": "aufs",
"Data": null
},
"Mounts": [],
"Config": {
"Hostname": "54e4cef78445",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"22/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"Cmd": [
"/usr/sbin/sshd",
"-D"
],
"Image": "git-ssh_img",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
}
}
]

As mentioned in "Can't visit http://172.17.0.2:5000 after starting docker registry", you cannot use the internal IP made for container-to-container communication.
You need to use the IP returned by $(docker-machine ip <yourMachine>) to actually ping the machine which runs your container.
Update February 2017, docker 1.13+: as commented by kboom, you now have Docker for Mac which uses a lightweight hypervisor (HyperKit), which allows to be bound to localhost (but still you cannot visit internal addresses).