Related
I have a containerized FastAPI server that I'm trying to spin up on an EC2 instance. The container starts up fine and I see the server is running:
INFO: Started server process [7]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:8383 (Press CTRL+C to quit)
I am also able to ssh into the running instance, and can successfully curl the root page (http://localhost:8383). However, curl-ing the same endpoint (http://localhost:8383) from the host results in the Failed to connect to localhost port 8383 after 0 ms: Connection refused error. This would seem to me like the container is not actually exposing the port, but I've docker inspected the container and it lists that the port is exposed:
[
{
"Id": "b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98",
"Created": "2022-12-26T05:52:07.64024483Z",
"Path": "/bin/sh",
"Args": [
"-c",
"uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4269,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-12-26T05:52:08.146104473Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:e566997f3a37510422d9b8d0a1f8ae029908acef739a7698cc9a4f96cbb78e39",
"ResolvConfPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/hostname",
"HostsPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/hosts",
"LogPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98-json.log",
"Name": "/great_wilbur",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": [
{
"Name": "nofile",
"Hard": 65536,
"Soft": 32768
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95-init/diff:/var/lib/docker/overlay2/437dd322c1bf7514439ed292f206668ac2ef9bc32d547a83fea117de1b8891cd/diff:/var/lib/docker/overlay2/33ecdfbef40d3b64accdbb7f1afeb34f388d02ea3112c199e5ccbd5d2c1c0c20/diff:/var/lib/docker/overlay2/fffd586b2f98b234d41316049b0c2aa913c8ecd5a57b7a2211713642e843bdcf/diff:/var/lib/docker/overlay2/4cc3a93536b947370eece5d8ac70e4cbd8acd638afb755affe8f2e01fa54e963/diff:/var/lib/docker/overlay2/fd3d745ac50f60030e2e31b68af2b82c756c827f4b49e2494eedcde0ddd128ab/diff:/var/lib/docker/overlay2/33503f91ec320f8c59608f126ad3a989c42a1381caa70d3064de6dcf12efdfac/diff:/var/lib/docker/overlay2/eb27f4d7a55facde479cdc9af26888718e5bd4a7b1d91fa63a764e1d1e20bb1b/diff:/var/lib/docker/overlay2/381ce07905d9c327bcbfb6f0d88749a0302e345437d2f9bdccae54fb71e7f6a7/diff:/var/lib/docker/overlay2/29f0b55df9fb5b24a59c06607a68a50166365f5642695891000dd97f20516a1d/diff:/var/lib/docker/overlay2/d18099aa9e5adf9bb6df28caa0abe604d44dabe0f31eb2c295c0b2dc0f75fd6e/diff:/var/lib/docker/overlay2/7b38671006ea070a4fcb97484b7c21c20fa39b023086bec65dc268a469f629a7/diff:/var/lib/docker/overlay2/f32dd15abece1ab3fabec84297fea1079f6f91b08362a0d222a61e7c50321615/diff:/var/lib/docker/overlay2/a8f5689625f0d78f13f5c3cd657f7a04a502c3e47f0cff4587e7dcc8668ff747/diff:/var/lib/docker/overlay2/6b4fa824255789e5d44343ea5bcf90862fe39af967d643f9f2168c4f23917210/diff:/var/lib/docker/overlay2/2a3fa1727233ff7745d6e6c8dc7a0ddffa512cb32f96d8d7fa622df6701e7931/diff:/var/lib/docker/overlay2/8fbcc58834bb2f1c5bc1985cf9aabd225207b9033b90c3d703c8c4a87fd5a16e/diff:/var/lib/docker/overlay2/b367ef9dfbe273846d6c8f407c0ccea8cb285d5435dc1fae3f7f85857fa0706c/diff:/var/lib/docker/overlay2/8d3b3ecf1826b2c141b66fb0e32a35ba3270d54dc88df38175dabe63d2830e46/diff:/var/lib/docker/overlay2/548ae9d6f5ebf520b188095efe2cb919f27a0426b32c143e5f586405fb0664b4/diff:/var/lib/docker/overlay2/35075f5f806338f0bc0e7edeaa2685258d5f4b16414842975b020e163f370742/diff:/var/lib/docker/overlay2/371e969fdbc6704d286937e954702bf73b7c915af9976ebdc31e271c2f3d78b6/diff:/var/lib/docker/overlay2/76968331d384e901ee3a3f16cc93a5ce3bd436f7dc03f6fc1e8f29ef495a1d84/diff:/var/lib/docker/overlay2/a9e99d5ffe2d4afeb344cdb14dcf643c854594778350c4cf616673644e3df17b/diff:/var/lib/docker/overlay2/15232d7ec0afec6b908daafa53883948a1724ba0d61b01fc37746487d503bc57/diff:/var/lib/docker/overlay2/514dfee88f42cd6d1d238200b0a320ee3d67ddd7ff3eebda91db2d378f06f8b4/diff",
"MergedDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/merged",
"UpperDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/diff",
"WorkDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "b33deb28c5fc",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"8383/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PORT=8383",
"API_KEY=113631f4-d72a-4290-ba9e-f62a566fa689",
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568",
"PYTHON_VERSION=3.9.16",
"PYTHON_PIP_VERSION=22.0.4",
"PYTHON_SETUPTOOLS_VERSION=58.1.0",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66030fa03382b4914d4c4d0896961a0bdeeeb274/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=1e501cf004eac1b7eb1f97266d28f995ae835d30250bec7f8850562703067dc6"
],
"Cmd": [
"/bin/sh",
"-c",
"uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app"
],
"Image": "<my-image>:<version>",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "ae7182ddcb5da4667f5964337e7d8c8b63b9eb90d3852c17bcba50f22aa79b8e",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8383/tcp": null
},
"SandboxKey": "/var/run/docker/netns/ae7182ddcb5d",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "6bbf108cedee5f05ae30b9f3bf98b49a30252c1829b118024993f99242c0d64b",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ec570411e1b31a214509d625551344fe7534e1c3eddd6cb349ff75249bbd1822",
"EndpointID": "6bbf108cedee5f05ae30b9f3bf98b49a30252c1829b118024993f99242c0d64b",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
Components:
Docker container for server application (FastAPI)
Nginx reverse proxy
letsencrypt for https
instance created via: docker run --rm --expose 8383 <my-image>
Dockerfile
FROM python:3.9
WORKDIR /app
# RUN commands installing dependencies
COPY . .
ARG PORT=8383
ENV PORT ${PORT}
EXPOSE ${PORT}
CMD uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app
nginx conf
server {
server_name mydomain.com;
location / {
proxy_pass http://localhost:8383;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.com;
return 404; # managed by Certbot
}
The problem was using expose instead of publish:
docker run --rm -p 8383:8383 <image-name>
I have a docker deployment with 3 services (using docker-compose) and the following port mappings:
nginx (90 → 80)
node (3000 → 3000)
python (8001 → 8000)
Python is a demo aiohttp app (aiohttp-based) served on port 8000
The node app is a simple ssr frontend served on port 3000
Nginx acts as a reverse proxy and has this clause to route traffic to the python app:
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://python:8000;
}
And this one to route to the node app:
location / {
proxy_pass http://node:3000;
include /etc/nginx/node_params;
}
The problem is that the none of the other two containers can connect to the python container:
$ docker-compose exec nginx curl 'http://python:8000/api/'
curl: (7) Failed to connect to python port 8000: Connection refused
Same by using the IP directly:
$ docker-compose exec node curl 'http://172.18.0.5:8000/api/'
curl: (7) Failed to connect to 172.18.0.5 port 8000: Connection refused
Checking open ports also fails:
$ docker-compose exec nginx nc -vz python 8000
$ <no response>
Only the python container can connect to itself:
$ docker-compose exec python curl 'http://python:8000/api/'
Response ok
$ docker-compose exec python nc -vz python 8000
python (172.18.0.5:8000) open
The other service (node) can be accessed normally. Pinging the container also works.
The only way it can be accessed is from outside the docker network by the mapped port (8001), i.e.:
$ curl http://localhost:8001/api/
Response ok
It works with any IP and even from another hosts over the internet:
$ curl http://my-app.mydomain.com:8001/api/
Response ok
I am also not able to reproduce this problem because the same project run on my local machine works completely fine. The only difference is that where I'm trying to run it it's using docker 17 (Docker version 17.06.0-ce, build 02c1d87) whereas my local machine runs docker 18 (Docker version 18.09.5, build e8ff056). Also the server is running fedora 24 vs fedora 29 on my machine.
What am I doing wrong?
This is my docker-compose.yml file
version: '3.7'
services:
python:
build: api
ports:
- 8001:8000
networks:
default:
aliases:
- python
restart: always
volumes:
- cdn:/app/cdn
frontend:
build:
context: nuxt
ports:
- 3000:3000
networks:
default:
aliases:
- node
restart: always
nginx:
build:
context: nginx
ports:
- 90:80
restart: always
volumes:
- cdn:/app/cdn
volumes:
cdn:
Edit:
$ docker inspect project_python_1
[
{
"Id": "98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e",
"Created": "2019-05-07T14:03:17.714587695Z",
"Path": "/bin/sh",
"Args": [
"-c",
"cd src && python -m api"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 5268,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-05-07T14:03:18.860468562Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:6b9059304a2e0f5316204acaf37423a557dc8d14dbc3bc72e169430ff38df73c",
"ResolvConfPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/hostname",
"HostsPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/hosts",
"LogPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e-json.log",
"Name": "/project_python_1",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"cdn:/app/cdn:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "project_default",
"PortBindings": {
"8000/tcp": [
{
"HostIp": "",
"HostPort": "8001"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9-init/diff:/var/lib/docker/overlay2/b1986769f12e6919ad34bb2184a4822a18d01c402b187d8caf7d1088f6020da1/diff:/var/lib/docker/overlay2/919b177579f26bde763973564af0a3762db5fb9d801b9804f5038fb9c60e4250/diff:/var/lib/docker/overlay2/22389c009280043fe76e9e2631e59aa3d6ee35a827613114e39db5f4d29783b7/diff:/var/lib/docker/overlay2/098414feeb05448f0b70dad272c9c81976171d7626e902c9325c5a454b666e59/diff:/var/lib/docker/overlay2/91cf4d7cef0ffb067991afc5b99ebb7ffee6fb02ce6e258304b23202a49d71a9/diff:/var/lib/docker/overlay2/7d13e7a43ebd06c9babf901e9630ff663c5036886df08038ccbda5f730e7c3a5/diff:/var/lib/docker/overlay2/f8db754b7d72fc8cd0fcfdd758a9491ffc1029e7cac0f5f884d8f0ca26aee253/diff:/var/lib/docker/overlay2/b0cb3c0f4b0d1eba56f353767142bdccbe08b9d15cddf0b52f2173cb771f850a/diff:/var/lib/docker/overlay2/228b0ee3f88b6b9ab9a436612f416acb02dd7196fb3870ba632c973f560ca75e/diff:/var/lib/docker/overlay2/ee2d7a211a67bc164f787443de343de51efc89e00592a7516acd26f1a02bf520/diff:/var/lib/docker/overlay2/40a529d74eb8c72cbc3e57db301678996e229b4b4de31a5b3f5642c44018c499/diff:/var/lib/docker/overlay2/95534c69b64738866cd6a87a73dda2f049a28745bea72dbd54c6fb6f662202e3/diff:/var/lib/docker/overlay2/69ce7a7e7ad79423e0abab05a3b4270a4a309686ab4410759e05248286799cb6/diff:/var/lib/docker/overlay2/6525630fd688dbae59699c3cf1246cc5a202e4a4265b6cc17e238cd90867ad54/diff:/var/lib/docker/overlay2/66f8ad83ba1c1bd4c719ebfc004b85f4b6aef9bb15fba5f5ea9b5a58f7eb198c/diff:/var/lib/docker/overlay2/a1ca64fad83b74d88984bd7378905308ed5e9bc142f9fb50392b4414b6076eb2/diff",
"MergedDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/merged",
"UpperDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/diff",
"WorkDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "cdn",
"Source": "/var/lib/docker/volumes/cdn/_data",
"Destination": "/app/cdn",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "98f3624ea086",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"8000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"DEBUG=1",
"PATH=scripts:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D",
"PYTHON_VERSION=3.7.3",
"PYTHON_PIP_VERSION=19.1"
],
"Cmd": [
"/bin/sh",
"-c",
"cd src && python -m api"
],
"ArgsEscaped": true,
"Image": "project_python",
"Volumes": {
"/app/cdn": {}
},
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "0f0fe6053d92416fd77f6efba7e8282f385c447b8a8d40aa866554ee282896d7",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "project",
"com.docker.compose.service": "python",
"com.docker.compose.version": "1.24.0"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "397d60b1dbe4733910c9ae2c0dabc1bdb3046d784b25f8fb4f72c28f6d458ff2",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8001"
}
]
},
"SandboxKey": "/var/run/docker/netns/397d60b1dbe4",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"project_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"98f3624ea086",
"api",
"python"
],
"NetworkID": "4145a30ce48519a895707d607265635012341f73db63b9fedf6e86d68fad6641",
"EndpointID": "4b4bafed80cb88693e2c3f3c1b0268f95afefc3eb7e713ce88d20392d36fa85c",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:05",
"DriverOpts": null
}
}
}
}
]
Okay, so I found the culprit, the problem was that the machine I was deploying to had a port mapping set up via firewalld, 8000→80, on the main interface eth0, and docker was using that when trying to access the container. I.e. When the nginx container tried to connect to the python container in port 8000, it was actually using 80 as upstream and thus failing. A workaround is to either remove the port mapping or using an unmapped port. I have no idea why would docker apply the same rules of the system's firewalld in its internal networks.
This is the output of firewall-cmd --list-all
FedoraServer (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client
ports: 22/tcp 9090/tcp 90/tcp 8001/tcp 3000/tcp
protocols:
masquerade: no
forward-ports: port=8000:proto=tcp:toport=80:toaddr=
source-ports:
icmp-blocks:
rich rules:
And this is the output of docker network inspect project_default:
[
{
"Name": "project_default",
"Id": "4145a30ce48519a895707d607265635012341f73db63b9fedf6e86d68fad6641",
"Created": "2019-05-07T09:03:17.425575867-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"02f1f96b74eb292eeff1eb623e725a41c2a14aa0fc40f727ba78e0a620812254": {
"Name": "project_nginx_1",
"EndpointID": "68c3c7fb40d2e56d6601136a123fc8b7834c0503e3da99be56fac40750247a37",
"MacAddress": ...,
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"1e93a55f0d329f4cc8beb681c3e17c6aec1ded73de5dca2fc1eaf49dae788516": {
"Name": "project_mongo_1",
"EndpointID": "3a0a6ae0dfdc922b5fa6032c492376643e4b61415743af7afae2de33576f3acf",
"MacAddress": ...,
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"39ac596559da13506abcce9941a06441f42bd1c2d153d118bd13ff9a57f8c538": {
"Name": "project_node_1",
"EndpointID": "6753668d5fb20d908660b48bb757f9b6755c5f4f0bae69c7e02f5431c8f0e575",
"MacAddress": ...,
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e": {
"Name": "project_python_1",
"EndpointID": "4b4bafed80cb88693e2c3f3c1b0268f95afefc3eb7e713ce88d20392d36fa85c",
"MacAddress": ...,
"IPv4Address": "172.18.0.5/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "project",
"com.docker.compose.version": "1.24.0"
}
}
]
This is the stripped output of docker ps:
PORTS NAMES
0.0.0.0:8001->8000/tcp project_python_1
27017/tcp, 28017/tcp project_mongo_1
0.0.0.0:90->80/tcp project_nginx_1
0.0.0.0:3000->3000/tcp project_node_1
I am trying to setup docker on one of my servers (gitlab instance), but I cannot get the instance to work correctly. Especially the network is the thing I cannot get correct.
This is the command I use to start the docker:
docker run --name gitlab --hostname gitlab -p 32790:32790 -e GITLAB_OMNIBUS_CONFIG="gitlab_rails['lfs_enabled'] = true; external_url = 'http://gitlab:32790';" gitlab/gitlab-ce:10.3.3-ce.0
This is the network info I get back from the docker:
"NetworkSettings": {
"Bridge": "",
"SandboxID": "8646b3f0e8106eb9e8ea574ce69b48c1782b75f3f3aab52d2d66d8972ac4aa4b",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"22/tcp": null,
"32790/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "32790"
}
],
"443/tcp": null,
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/8646b3f0e810",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "a400fd17542a2be0b7e6ff2e96770c6890f61e91324c3970a8c6425904fbf0b0",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "924e23784ebcaaf5cf27a91259095c1109c28a09d928e2425b794015c129b736",
"EndpointID": "a400fd17542a2be0b7e6ff2e96770c6890f61e91324c3970a8c6425904fbf0b0",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
The ideal result would be that I can both connect through an IP address, and through http://gitlab:32790
But I cannot get it to work correctly...
Here is my docker-compose file:
version: '2'
services:
app:
image: mykiwi/ttrss
database:
image: postgres:10-alpine
environment:
- POSTGRES_USER=ttrss
- POSTGRES_PASSWORD=ttrss
volumes:
- database:/var/lib/postgresql/data
volumes:
database: ~
But when I inspect my main container, there is no ip address:
$ docker inspect 40f78d12c178
...
"NetworkSettings": {
"Bridge": "",
"SandboxID": "70479dc6e987e744e376f6e4222e8d26174b724b686da52924a7e539ef4d4f0c",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/70479dc6e987",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"none": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2c6c546b04398c4b4c7b9e52fdb16b89aacfea33b9038b6aa90b4b44fbd99ac7",
"EndpointID": "ac4da8b1b38118732a6e9e99a0ba56b271e6810afd78975c5f329185cf047bf7",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
I run it through rancher, is it related ?
Rancher uses CNI drivers for networking and so the network is "none" as far as Docker is concerned and no IP addresses or port info appears in Docker inspect. You can get it from the metadata service.
I am having two docker containers in IBM Bluemix. One is MQTT and other php-python.
The PHP application executes a python script that should connect to the MQTT docker container and subscribe to a topic.
However, the php-python docker fails to connect. It also fails to ping to the MQTT docker container.
The MQTT container is working perfect as I am able to connect to it from my local machine.
I have tried linking the two containers using the following command:
cf ic run -p 443 -p 80 --name connector --link moscacontainer:source
registry.ng.bluemix.net/fortspace/php-mqtt
I have exposed the ports 1883 and 80 for the MQTT container.
I have used the following link as reference:
https://github.com/dceejay/nrdock/blob/master/README.md#linking-containers
Can someone guide on this?
EDIT: The output for cf ic inspect
[
{
"BluemixApp": null,
"BluemixServices": null,
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [],
"Dns": "",
"Env": [
"logging_password=",
"space_id=f874124c-cea6-460e-9bf2-b633eeeefcdf",
"logstash_target=logmet.opvis.bluemix.net:9091",
"metrics_target=logmet.opvis.bluemix.net:9095"
],
"Hostname": "instance-0018c601",
"Image": "registry.ng.bluemix.net/fortspace/php-mqtt:latest",
"ImageArchitecture": "amd64",
"Labels": {},
"Memory": 256,
"MemorySwap": "",
"OpenStdin": true,
"PortSpecs": "",
"StdinOnce": false,
"Tty": true,
"User": "",
"VCPU": 1,
"VolumesFrom": "",
"WorkingDir": ""
},
"ContainerState": "Running",
"Created": "2017-01-11T06:21:38.000000000Z",
"Group": {},
"HostConfig": {
"Binds": [],
"CapAdd": [],
"CapDrop": [],
"ContainerIDFile": "",
"Links": [
"moscacontainer:source"
],
"LogConfig": {
"Config": {},
"Type": "json-file"
},
"LxcConf": [],
"PortBindings": {
"443/tcp": [
{
"HostPort": "443"
}
],
"80/tcp": [
{
"HostPort": "80"
}
]
},
"Privileged": false,
"PublishAllPorts": false
},
"HostId": "46f8e5e8739f205e67ec852485095e953f079ff5c8f95b9e7c16f331",
"Human_id": "connector",
"Id": "4920a824-66bf-49bd-be71-549d0adeeffc",
"Image": "sha256:080893a1e47927b2fdf3f24a8b0b803fab035c236551e32df9527654c8af698c",
"Mounts": [],
"Name": "connector",
"NetworkSettings": {
"Bridge": "",
"Gateway": "",
"IPAddress": "172.29.0.53",
"IPPrefixLen": 0,
"MacAddress": "fa:16:3e:3a:2e:04",
"Networks": {
"default": {
"Aliases": null,
"EndpointID": "4920a824-66bf-49bd-be71-549d0adeeffc",
"Gateway": "172.29.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAMConfig": null,
"IPAddress": "172.29.0.53",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"Links": null,
"MacAddress": "fa:16:3e:3a:2e:04",
"NetworkID": "bd84d27c-8909-4dcc-a9cf-7dca5453f55c"
}
},
"PortMapping": null,
"Ports": {
"443/tcp": [
{
"HostIp": "169.46.22.55",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "169.46.22.55",
"HostPort": "80"
}
]
},
"PublicIpAddress": "169.46.22.55"
},
"Path": "date",
"ResolvConfPath": "/etc/resolv.conf",
"State": {
"Error": "",
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"Ghost": "",
"Pid": 1,
"Running": true,
"StartedAt": "2017-01-11T06:22:54.000000000Z",
"Status": "Running"
},
"Volumes": {},
"VolumesRW": {}
}
]
You can review information in this page:
https://console.ng.bluemix.net/docs/containers/container_linking.html
I am afraid the the --link is incorrect and you will may have to ensure alias and name are correct.
This command output should help you:
cf ic inspect recipient_container_name