I am trying to create an apache container in docker by following below link:
https://www.assistanz.com/installing-apache-web-server-in-windows-container-using-docker-file/
Version Details:
Host OS: Windows Server 2016 (VMWare virtualized machine)
Docker Version:
PS C:\Windows\system32> docker version
Client:
Version: 17.06.2-ee-16
API version: 1.30
Go version: go1.8.7
Git commit: 9ef4f0a
Built: Thu Jul 26 16:43:19 2018
OS/Arch: windows/amd64
Server:
Engine:
Version: 17.06.2-ee-16
API version: 1.30 (minimum version 1.24)
Go version: go1.8.7
Git commit: 9ef4f0a
Built: Thu Jul 26 16:52:17 2018
OS/Arch: windows/amd64
Experimental: false
I managed to create the container and run it with below command:
docker run -it -p 8080:80 apache powershell
PS C:\> ipconfig
Windows IP Configuration
Ethernet adapter vEthernet (Container NIC 258c52dd):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::706a:94f1:9a6:6c49%31
IPv4 Address. . . . . . . . . . . : 172.21.60.107
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 172.21.48.1
Confirm if the apache is running on port 80 from inside of the container:
PS C:\> iwr http://localhost -usebasicparsing
StatusCode : 200
StatusDescription : OK
From host machine:
Access http://container-ip:80 and failed
PS C:\Windows\system32> iwr http://172.21.60.107:80 -usebasicparsing
iwr : Unable to connect to the remote server
Access http://host-ip:8080 and failed
PS C:\Windows\system32> iwr http://192.168.105.87:8080 -usebasicparsing
iwr : Unable to connect to the remote server
Tried to access from other pc using http://host-ip:8080 and also failed.
Few things that i did for troubleshooting:
Check container port forwarding by running docker ps
PS C:\Windows\system32> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8bdaf5b11ab9 apache "powershell" 14 minutes ago Up 14 minutes 0.0.0.0:8080->80/tcp inspiring_turing
Check Static Mapping by running Get-NetNatStaticMapping
PS C:\Windows\system32> Get-NetNatStaticMapping
StaticMappingID : 3
NatName : Hf41327a7-ce0a-464c-83ff-21223867c9ea
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 8080
InternalIPAddress : 172.21.60.107
InternalPort : 80
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : True
Ensure again that Firewall and Antivirus are disabled
Ensure there is no proxy
PS C:\Windows\system32> Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
DisableCachingOfSSLPages : 1
IE5_UA_Backup_Flag : 5.0
PrivacyAdvanced : 1
SecureProtocols : 2688
User Agent : Mozilla/4.0 (compatible; MSIE 8.0; Win32)
CertificateRevocation : 1
ZonesSecurityUpgrade : {75, 36, 102, 206...}
WarnonZoneCrossing : 0
EnableNegotiate : 1
MigrateProxy : 1
ProxyEnable : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
PSParentPath : Microsoft.PowerShell.Core\Registry::HKCU\Software\Microsoft\Windows\CurrentVersion
PSChildName : Internet Settings
PSProvider : Microsoft.PowerShell.Core\Registry
Check container network
PS C:\Windows\system32> Get-ContainerNetwork
Name Id Subnets Mode SourceMac DNSServers DNSSuffix
---- -- ------- ---- --------- ---------- ---------
nat f41327a7-ce0a-464c-83ff-21223867c9ea {172.21.48.0/20} NAT
Ping container IP from host => Okay
Telnet to container IP and Port from host => Failed
PS C:\Windows\system32> telnet 172.21.60.107 80
Connecting To 172.21.60.107...Could not open connection to the host, on port 80: Connect failed
Ping host IP from container => Failed
Have googled this issue and tried a lot of troubleshooting but seems like i could not find the solution for my issue. Most of the issue reported is due to the localhost loopback issue in window.
Any pointer on how to troubleshoot this further?
I am suspecting there is something blocking the container port. But i cant find it.
Thanks
Related
I need to connect to docker host from a linux container in my windows server machine. But docker dns is not able to resolve docker.host.internal.
I have tried to add host.docker.internal in docker compose extra_hosts tag and have also tried to map my machine ip with this. But none of this is working.
extra_hosts:
"host.docker.internal:host-gateway"
extra_hosts:
"host.docker.internal:my_ip"
I have also tried to check the /etc/hosts file in my container and its is not there. Since the hosts file is not there so docker dns cannot resolve host.docker.internal.
docker exec my_container_id cat /etc/hosts
/etc/hosts: No such file or directory
My Environment:
Host Machine: Windows Server 2019
docker version: 20.10.10
lcow version: v4.14.35-v0.3.9
docker-compose version: v2.9.0
I have also tried to update my docker version to 20.10.11 which is working fine on my windows 10 machine.
PS C:\Windows\system32> docker version
Client:
Version: 20.10.11
API version: 1.41
Go version: go1.16.10
Git commit: dea9396
Built: Thu Nov 18 00:42:51 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.11
API version: 1.41 (minimum version 1.24)
Go version: go1.16.9
Git commit: 847da18
Built: Thu Nov 18 00:38:11 2021
OS/Arch: windows/amd64
Experimental: true
I am unable to understand why docker is unable to create /etc/hosts file.
I have made this work by adding a manual entry in /etc/hosts file. Since I was not using docker desktop so docker deamon was not able to create /etc/hosts file inside my container. And due to this missing file my container was not able to connect to host.docker.internal. I made sure few things before doing this.
I checked if bridge network was created (from my host machine):
PS C:\Windows\system32> docker network ls
NETWORK ID NAME DRIVER SCOPE
9f3ee06eaa1f nat nat local
1b17a917b877 none null local
56f23d8f2228 talflow_code-default nat local
Then I inspected the nat network which is the default bridge network created by docker deamon:
PS C:\Windows\system32> docker network inspect nat
[
{
"Name": "nat",
"Id": "9f3ee06eaa1f3ec923e734b18228d08b2cda9242293a2b71fd82c7a413109609",
"Created": "2022-08-11T12:18:01.4356971-07:00",
"Scope": "local",
"Driver": "nat",
"EnableIPv6": false,
"IPAM": {
"Driver": "windows",
"Options": null,
"Config": [
{
"Subnet": "172.31.80.0/20",
"Gateway": "172.31.80.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.windowsshim.hnsid": "9C6F07F8-D106-4CD4-B3B7-C303886D4815",
"com.docker.network.windowsshim.networkname": "nat"
},
"Labels": {}
}
]
Here the bridge IP is 172.31.80.1
Next I verified if this IP is accessible inside my container. Note that I had to use ubuntu container to verify this. As containers only have basic commands so I pulled the latest ubuntu image from dockerhub and installed ping, ip and route commands on it to verify the connectivity of container with host.
Inside my ubuntu container I typed route command to check the IP table
root#8a7d33102d90:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.31.80.1 0.0.0.0 UG 1 0 0 eth0
172.31.80.0 * 255.255.0.0 U 0 0 0 eth0
In the IP route table I can see the bridge IP as default route. This entry verifies that my container can communicate with the docker bridge network. I can either use this IP to access any service on my host machine or my host machine IP (I used the host machine IP as this was static, in case of dynamic IP prefer to use bridge network IP or dns)
Now inside my ubuntu container I can ping bridge IP and my host machine IP both:
root#8a7d33102d90:/# ping 172.31.80.1
PING 172.31.80.1 (172.31.80.1) 56(84) bytes of data.
64 bytes from 172.31.80.1: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 172.31.80.1: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 172.31.80.1: icmp_seq=3 ttl=64 time=0.116 ms
root#8a7d33102d90:/# ping 10.25.241.37
PING 10.25.241.37 (10.25.241.37) 56(84) bytes of data.
64 bytes from 10.25.241.37: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 10.25.241.37: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 10.25.241.37: icmp_seq=3 ttl=64 time=0.116 ms
Note that 10.25.241.37 is the IPv4 address of my Ethernet0 adapter, you can check this by typing ipconfig command in powershell:
PS C:\Windows\system32> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.25.241.37
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . : 10.25.241.33
Ethernet adapter vEthernet (nat):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::81af:fd91:a6cf:6158%15
IPv4 Address. . . . . . . . . . . : 172.31.80.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Ethernet adapter vEthernet (56f23d8f2228039):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7453:b5f6:e090:b8a4%22
IPv4 Address. . . . . . . . . . . : 172.20.0.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Once I verified that there was no issue with networking. I simply created the /etc/hosts file inside my actual container from where I wanted to access docker host.
PS C:\Windows\system32> docker exec -it a027f718c24e /bin/bash
root#a027f718c24e:/usr/local/airflow# echo '10.25.241.37 host.docker.internal' | tee -a /etc/hosts
After adding this entry I can access host.docker.internal from my container. Not that I added this entry only for testing purpose. As I had to add this inside the running container. So once the container is stopped this file will be gone and you will need to create that again which is not right. So I will instead use the staic IP (10.25.241.37) of my machine instead of host.docker.internal to make request to services hosted on host machine.
I was trying to run docker app...
λ docker run -p 80:80 -p 8080:8080 --name billingapp sotobotero/udemy-devops:0.0.1
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
I was trying to apply this answer...
https://stackoverflow.com/a/65274083/811293
λ netsh int ipv4 add excludedportrange protocol=tcp startport=80 numberofports=1
The process cannot access the file because it is being used by another process.
I was trying with https://stackoverflow.com/a/66198584/811293
D:\Programs\cmder\config\profile.d
λ docker container rm billingapp
billingapp
D:\Programs\cmder\config\profile.d
λ net stop winnat
The Windows NAT Driver service is not started.
More help is available by typing NET HELPMSG 3521.
D:\Programs\cmder\config\profile.d
λ docker run -p 80:80 -p 8080:8080 --name billingapp sotobotero/udemy-devops:0.0.1
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
D:\Programs\cmder\config\profile.d
λ
Checking with Resource Monitor...
Checking with netstat
D:\Programs\cmder\config\profile.d
λ netstat -aon | find /i "listening" | findStr ":80"
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:808 0.0.0.0:0 LISTENING 4140
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:808 [::]:0 LISTENING 4140
D:\Programs\cmder\config\profile.d
λ
Using tasklist
D:\Programs\cmder\config\profile.d
λ tasklist /FI "PID eq 4"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System 4 Services 0 144 K
D:\Programs\cmder\config\profile.d
λ
VERSION Docker Desktop:
PS C:\WINDOWS\system32> Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,DisplayVersion | where {$_.DisplayName -like "Docker*"}
DisplayName DisplayVersion
----------- --------------
Docker Desktop 2.5.0.0
PS C:\WINDOWS\system32>
In other side:
D:\Programs\cmder\config\profile.d
λ docker --version
Docker version 19.03.13, build 4484c46d9d
D:\Programs\cmder\config\profile.d
λ docker version
Client: Docker Engine - Community
Cloud integration: 1.0.1
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:00:27 2020
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:07:04 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
D:\Programs\cmder\config\profile.d
What other solution I need try to apply?
I had the same problem, got rid of it with this command
NET stop HTTP
it stopped the print queue service ("Druckwarteschlange" in German).
Bad side effect, you can't use your printer anymore..
I have a gMSA credential spec working with docker run but not with docker-compose. Details for the compose file and the docker run command are below. I'm completely lost as to what I'm missing. I did a lot of googling and I'm not sure what's going on. My primary thoughts is that something with the docker-compose file is off, but I'm not sure.
Docker-compose
version: '3.3'
services:
basic:
image: mcr.microsoft.com/windows/servercore:ltsc2019
entrypoint: ping -t localhost
hostname: server01
security_opt:
- credentialspec=file://server01.json
dns:
- "192.168.43.2"
user: "NT AUTHORITY\\NETWORK SERVICE"
networks:
default:
external:
name: "Net"
After running docker-compose up
C:\Users\administrator> docker exec -it b9e2a783ab09 powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\> ipconfig
Windows IP Configuration
Ethernet adapter vEthernet (Ethernet) 10:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4416:3381:8d1a:122a%43
Autoconfiguration IPv4 Address. . : 169.254.18.42
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
PS C:\> ipconfig /renew
Windows IP Configuration
Ethernet adapter vEthernet (Ethernet) 10:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::4416:3381:8d1a:122a%43
IPv4 Address. . . . . . . . . . . : 192.168.43.198
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
PS C:\> nslookup testdomain.local
Server: UnKnown
Address: 192.168.43.2
Name: testdomain.local
Addresses: 192.168.43.2
192.168.52.133
PS C:\> nltest /sc_verify:testdomain.local
I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED
docker run
docker run -it --security-opt "credentialspec=file://server01.json" --user="nt authority\system" --hostname="server01" --network="Net" --dns="192.168.43.2" mcr.microsoft.com/windows/servercore:ltsc2019 powershell
PS C:\> nslookup testdomain.local
Server: UnKnown
Address: 192.168.43.2
Name: testdomain.local
Addresses: 192.168.43.2
192.168.52.133
PS C:\> nltest /sc_verify:testdomain.local
Flags: b0 HAS_IP HAS_TIMESERV
Trusted DC Name \\dc01.testdomain.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
PS C:\>
Hey so I'm leaving this up as a mark of shame.
Notice that I used different users? Turns out I needed to use system and not the network service account. That fixed it.
Use double-quoted:
security_opt:
- "credentialspec=file://server01.json"
I'm unable to connect to the Docker daemon. I'm running on a Operating System CoreOS, when I run docker info I get the following
error during connect: Get http://127.0.0.1:2375/v1.37/info: http:
server closed idle connection
Before I had set the host to port 2375
$ unset DOCKER_TLS_VERIFY
$ unset DOCKER_CERT_PATH
$ export DOCKER_HOST=tcp://127.0.0.1:2375
and Vagrant worked fine: I run vagrant up successfully
Why am I getting an error when I try to connect?
docker version
Client: Version: 18.04.0-ce API version: 1.37 Go
version: go1.10.1 Git commit: 3d479c0 Built: unknown-buildtime
OS/Arch: darwin/amd64 Experimental: false Orchestrator: swarm
coreos-vagrant/user_data
#cloud-config
coreos:
units:
- name: docker-tcp.socket
command: start
enable: yes
content: |
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target
- name: enable-docker-tcp.service
command: start
content: |
[Unit]
Description=Enable the Docker Socket for the API
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl enable docker-tcp.socket
When I run docker-machine ls
I had to download the CE for Mac Here is the link:
https://store.docker.com/editions/community/docker-ce-desktop-mac
I solved this issue like below;
goto your Docker Desktop -> Settings -> General and
then tick "Expose daemon on tcp://localhost:2375 without TLS" checkbox
Couldn't manage simple task I did before many times (I've updated Docker few days ago if it matters and had a lot of errors with docker-compose which couldn't even give a version): run a container locally and access an exposed path. Simple, but I have an Error 61. Connection refused
What I do:
docker build container_name . -- in a Dockerfile I exposed both 80 and 5000
docker run -d -p 80:5000 container_name
Chech my docker-machine dev ip address on port 80 -- connection refused.
Inside the container I have a running gunicorn on port 5000. It works fine.
When I login to the container I could easily curl localhost:5000. And have a fine response from working server on localhost:5000.
So I need only map port 80 on my host to port 5000 inside the container, that's what the cmd -p 80:5000 should do, right? But it doesn't work. What do I do wrong?
docker version:
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: darwin/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: linux/amd64
Don't listen to localhost listen to 0.0.0.0 (or * depending on how the config does it)
localhost is specifically loop back within your container. To port map to host, you'll need to listen to a non-loopback address.
You don't need to EXPOSE if you're specifying -p though - that does it implicitly.