In case of I have a machine that running docker (docker host) and spin up some containers inside this docker host,
I need containers' services be able to talk to each other - container expose ports and they also need to resolve by hostname (e.g: example.com)
container A needs to talk to container B with URL: example.com:3000
I've read this article but not quite sure about "inherit" from docker host, does docker host's /etc/hosts will be appended to container's /etc/hosts that running inside docker host?
https://docs.docker.com/engine/reference/run/#managing-etchosts
How to achieve?
Does this "inherit" has any connect to type of docker container networking https://docs.docker.com/v17.09/engine/userguide/networking/ ?
It does not inherit the host's /etc/hosts file. The file inside your container is updated by docker when using the --add-host parameter or extra_hosts in docker-compose. You can add individual records by using extra_hosts in docker-compose (https://docs.docker.com/compose/compose-file/#extra_hosts).
Although if you're just trying to get 2 containers talking to each other you can alternatively connect them to the same network. In docker-compose you can create what's called an external network and have all your docker-compose files reference it. you will then be able to connect by using the full docker container name (eg. http://project_app_1:3000).
See https://docs.docker.com/compose/compose-file/#external
Related
I'm using a docker container to run some browser tests.
For some OAuth workflow, I need a custom hostname that I can forward to the OAuth site, for example my.dev.site.
Usually in non-docker environments, I just add an entry to the /etc/hosts file that casts my.dev.site to 127.0.0.1
Is this possible with docker and if so, how?
By default, docker container hosts are identified by their name.
However, in a compose file, you could use extra_host field to add hostnames to /etc/hosts within containers.
https://docs.docker.com/compose/compose-file/compose-file-v3/#extra_hosts
extra_hosts:
- "my.dev.site:127.0.0.1"
And the docker run version
https://docs.docker.com/engine/reference/run/#network-settings
docker run --add-host my.dev.site:127.0.0.1 <image>
I am trying to make a shared folder from a container with Ubuntu installing samba.
It is a test and I want to do it without creating volumes.
So, how could I see the IP of the container to create the folder in Windows?
I've been doing it with docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' containerId but the IP that it returns are only for internal networks to docker
Run the container by mapping a host port and you should be able to access the container instance with HostIP:HostPort
RUN A FTP server in the container and Expose necessary ports, including SSH PORT.
Try accessing the files over FTP
Have you tried the following command?
docker container ps
Check out the ports attribute, this should give you the output you need.
I was following the below youtube video linked in the article which allows a docker container to get root access on the host.
There are a few steps which are unclear, can someone please explain how they work further?
https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html
Step 1> Bind mount /var/run/docker.sock from host to container
Step 2> Install docker in container <<< at this stage I see that docker ps
-a shows all the containers which are present on the host.
**QUESTION:** How can the container see the containers present on the host? Is it because dockerd on the new container is using /var/run/docker.sock on the host? netstat/ss in the new container doesn't show anything..
Step 3> Run another container from the 1st container. Pass the following parameters to it:
docker run -dit -v /:/host ubuntu
Intention of this is to mount / from host filesystem to /host in the 2nd container being created
**QUESTION:** How does the 1st container have access to / (being filesystem of the host?)
Thanks.
Docker runs as a service on the host machine. This service communicates with clients via a socket which, by default, is the unix socket: unix:/var/run/docker.sock.
When you share this socket with any container, that container will get full access to the docker daemon. From there, the container could start other containers, delete containers/volumes/etc or even map volumes at will from the host to a new container, for example, as is described in your question with -v /:/host. Doing that will give the container root access to the host file system in /host/.
In short: you should be careful sharing this precious socket with any container you don't trust. In some cases the shared socket makes sense (for example portainer: a container that serves as a management GUI to docker).
On a docker container setup (3 containers) using user-defined bridge network.
I am able to reach a container from another container (using both IP and container name).
But I am not able to ping the process (running in container) from my host machine. Can any one help me in this? is it possible?
See my docker compose file
Set up is on windows 8
Of the 4 containers mentioned in the compose file - none is accessible from host machine. (neither using container names nor IP ). Although I can access one container from another one using both IP and container name.
I assume you are trying to access your container from its service name declared in the compose file, but you cannot do that outside the bridge network declared in the compose file.
From your host, you need to use the container ip address and you can get it with the following command:
docker inspect <container> -f '{{.NetworkSettings.Networks.<network>.IPAddress}}'
Obviously you need to replace the <container> placeholder by your container name and the <network> by you network name.
For example, based on you servers.yml file, you can get the zookeeper ip address with docker inspect zookeeper -f '{{.NetworkSettings.Networks.bridge.IPAddress}}'
See the docker documentation for more details on the inspect command and
I don't have much more idea about Docker setup on windows but I guess your service is listening on localhost(inside the container) that's why it is not accessible from outside
To access any of the service running on the container from outside you need to bind the service port with 0.0.0.0 IP address
Example:
If Nginx is running on port 80 inside the container but the bind address is 127.0.0.1 or localhost(It will be accessible only from inside the container not outside or from host machine), If you want to access your nginx from outside you need to change its bind address localhost to 0.0.0.0
Hope it will help.
how is it possible to resolve names defined in Docker host's /etc/hosts in containers?
Containers running in my Docker host can resolve public names (e.g. www.ibm.com) so Docker dns is working fine.
I would like to resolve names from Docker hosts's (e.g. 127.17.0.1 smtp) from containers.
My final goal is to connect to services running in Docker host (e.g. smtp server) from containers. I know I can use the Docker Host IP (127.17.0.1) from containers, but I thought that Docker would have used the Docker host /etc/hosts to build containers's resolve files as well.
I am even quite sure I have seen this working a while ago... but I could be wrong.
Any thoughts?
Giovanni
Check out the --add-host flag for the docker command: https://docs.docker.com/engine/reference/run/#managing-etchosts
$ docker run --add-host="smtp:127.17.0.1" container command
In Docker, /etc/hosts cannot be overwritten or modified at runtime (security feature). You need to use Docker's API, in this case --add-host to modify the file.
For docker-compose, use the extra_hosts option.
For the whole "connect to services running in host" problem, see the discussion in this GitHub issue: https://github.com/docker/docker/issues/1143.
The common approach for this problem is to use --add-host with Docker's gateway address for the host, e.g. --add-host="dockerhost:172.17.42.1". Check the issue above for some scripts that find the correct IP and start your containers.
You can setup on host simple DNS server, and in container setup /etc/resolve.conf to Docker host DNS server.
For example in dnsmasq you can add addn-hosts=/etc/hosts to config file. So container, by using Docker host DNS server, will be able to resolve hosts /etc/hosts.