I started learning docker and I use it on Linux ubuntuserver 4.15.0-34-generic. I created container by this command:
sudo docker run -d --privileged --name FBSServer --hostname BACKUPSERVER --restart=always -p 4530:4530 -p 4531:4531 -v /home/adminek/synology:/fbs ferro/backupsystem FBS_Server
As you see container is listening on ports 4530 and 4531. When I ran this command for the first time, everything was OK. The container is running and I can communicate with an app using ports 4530/4531.
But after rebooting the host system the container is in Exited state
root#ubuntuserver:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e77a4729847 ferro/backupsystem "/start.sh FBS_Server" 7 hours ago Exited (128) About a minute ago FBSServer
and I can not start the container. I see this:
root#ubuntuserver:~# docker container start FBSServer
Error response from daemon: driver failed programming external connectivity on endpoint FBSServer (c2afb35a61a18c65e8c306bbf36d4e2c9cdf428aafa386e12281d2d9e714b238): Error starting userland proxy: listen tcp 0.0.0.0:4531: bind: address already in use
Error: failed to start containers: FBSServer
In order to start I have to type these commands:
root#ubuntuserver:~# lsof -i :4530 | grep LISTEN
docker-pr 1328 root 4u IPv6 35086 0t0 TCP *:4530 (LISTEN)
root#ubuntuserver:~# lsof -i :4531 | grep LISTEN
docker-pr 1316 root 4u IPv6 35059 0t0 TCP *:4531 (LISTEN)
Then I kill the processes (in this example 1328 and 1316) and then I can start container by typing:
docker container start FBSServer
So the question number 1:
Why after rebooting host system ports are "busy"?
and number 2:
Why sometimes after rebooting host system I see that the changes in container were not saved? In other words - after reboot and made commands from above container is up, but it is in state without last changes I made a while before reboot the host.
Try restarting your docker service after , sudo /etc/init.d/docker restart it should resolve the problem
Normally if your docker container is starting automatically and allocating some port, you added by mistake the option --restart to start containers automatically.
So If after you restart the docker service, the docker-pr service allocates the port of some container, your container is starting automatically.
After starting the docker, to check if you have some container running use:
docker ps
To stop this container, we can use:
docker stop container_name
If you have more than one container, we can use:
docker stop $(docker ps -a -q)
Normally, if you have some container starting automatically, you set this using docker --restart we need to remove it from the auto restart.
To do this use the following command:
docker update --restart=no container_name
After this, you will able to restart your docker service and you will not found any container starting automatically.
Related
Related to question Docker and netstat: netstat is not showing ports, exposed by docker containers where only solutions are discussed, I would like to know why this happens?
What happens:
If I serve a service using docker (e.g. docker run --rm -p 8080:80 httpd), executing netstat -anp | grep 8080 on host shows docker listening on 8080, but it does not show open connections! I would expect to see connections also on host, because clients are connected to the host which forwards the port to the docker container.
Why is it not possible to see these connections?
netstat -a shows open socket connections. But the client is not connected to the host socket, because docker routes the packages before connection to the container by applying masquerading rules. This can be seen with iptables -L -n -t nat.
So the only way to see this connections with netstat is by executing it in the container. For example by running docker exec CONTAINER netstat -anp.
I have launched Jenkins as a Docker container and in the Jenkins dashboard I am configuring the Docker plugin to communicate with the Docker daemon. However, when I add "-H tcp://0.0.0.0:2375" in the Docker daemon and I restart Docker, executing any docker commands results in the message: "Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
This is the first time I am working with Docker and Jenkins and I have spent a lot of time looking for a solution everywhere.
I have modified the /lib/systemd/system/docker.service by replacing the line:
ExecStart=/usr/bin/dockerd
with
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375
Then I restart the Docker daemon:
systemctl daemon-reload
systemctl reload docker
systemctl restart docker.service
I check that the process is listening in the port 2375:
netstat -lntp | grep dockerd
tcp6 0 0 :::2375 :::* LISTEN 10855/dockerd
When I try any docker command I get the following:
docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Docker normally listens on the unix socket /var/run/docker.sock. You have asked it to instead listen on the tcp socket tcp://0.0.0.0:2375, so attempts by the client to connect to the default unix socket will fail.
If you want it to listen to both places, then you need:
dockerd -H tcp://0.0.0.0:2735 -H unix:///var/run/docker.sock
Thank so much, I was forgetting to also add listening on the default UNIX socket /var/run/docker.sock. Now, I can use Jenkins and and its Docker plugin.
I have setup Docker container for access my machine docker container to another machine in local.
Create a container below command:
docker run -it -d --name containerName -h www.myhost.net -v /var/www/html -p 7000:8000 --net mynetwork --ip 172.11.0.10 --privileged myimagename bash
After Create A Container Details:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e1e5e9b74b4 myimgaename "bash" 21 minutes ago Up 6 minutes 0.0.0.0:7000->8000/tcp containername
NetWork Details:
"NetworkSettings": {
"Bridge": "",
"SandboxID": "fe357c54c816fff0f9d642037dc9a173be7f7e42a80776d006572f6a1395969e",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "7000"
}
]
}
if I access docker ipaddr(172.11.0.10) or hostname(www.myhost.net) in mymachine(hostmachine) it working
But if I access with Port doesn't work: hostmachine ip: 192.168.1.1
go to the browser 192.168.1.1:7000 hostmachine and locally connected anoter machine also.
But My 7000 port are listen in hostmachine:
# ps aux | grep 7000
root 10437 0.0 0.2 194792 24572 pts/0 Sl+ 12:33 0:00 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7000 -container-ip 172.11.0.10 -container-port 8000
root 10941 0.0 0.0 118492 2324 pts/3 R+ 12:44 0:00 grep --color=auto 7000
update 1:
$ docker version
Client:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 21:39:21 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.2
API version: 1.23
Go version: go1.5.4
Git commit: b9f10c9
Built: Wed Jun 1 21:39:21 2016
OS/Arch: linux/amd64
Suggest me Why Cannot access my Container to another machine. How to Resolve this Problem
A very common problem can be this:
Bind your app inside Docker to 0.0.0.0, not to 127.0.0.1 address to let Docker reach the app inside container.
UPD: Don't try to solve it with docker. There is no docker command to fix that. It strictly depends on the using app, web-framework, etc. Read the manual of the tool you use inside the container. Try to google "how to bind [using framework] to the specific address and port". It could be an environment variable, cli parameter, code, etc.
Port 7000 on the host is redirecting to port 8000 in the container, but is anything listening on that port in the container?
Your docker run command is a bit odd: -it is for running a container interactively with a terminal attached; -d is for running detached, in the background; bash at the end overrides whatever the image configures as the startup command, which is why I think there's nothing listening on port 8000.
Try running the simplest NGINX container with this:
docker run -d -p 8081:80 nginx:alpine
And then verify you can get to the homepage:
curl http://localhost:8081
If that's working then I'd look at how you're running your image.
This was happening for me w/ Docker for Mac. Clicking the Docker icon, then Restart did the trick.
For anyone running serverless-offline inside a docker container:
I was trying to map localhost:3000 on my mac to the default serverless-offline app port of 3000 (which was running inside docker), achieved the desired result as follows:
(1) Added --host:0.0.0.0 to the usual serverless offline command like so:
serverless offline --host 0.0.0.0
(2) Then ran the docker container with the usual port mapping:
docker run -p 3000:3000 <your-image-name>
NOTE: Needed to rebuild my image (before running it) to get everything working properly.
Hi I have encountered this problem as I'm using Dockerfile to build image. I realised I can't set address to specific IP address meaning after I change
srv := &http.Server{
Handler: s,
Addr: "127.0.0.1:5000",
}
to
srv := &http.Server{
Handler: s,
Addr: ":5000",
}
the command docker run -dp 5000:5000 --name myapiserver api_server:v1 is working properly.
I can access the the container port 5000 without issue. So to conclude in container you can only set the server's port?
Update
127.0.0.1 is the IP address that your host will not send to outsite, the proper way to handler way is to send through all IP address which is 0:0:0:0 or in short just port only.
I hit this problem with a Docker Wordpress container.
Troubleshooting:
curl -Is http://192.168.X.X executed on the Docker host itself would return a result as expected, but the same command executed on my laptop on a different subnet would just hang.
Same with telnet 192.168.X.X 80: this would connect as expected on port 80 from the Docker host itself, but not outside the Docker host; it too would just hang.
docker logs containerName provided no useful clues.
On the router's firewall I allowed everything between the Docker host and my laptop to ensure the router's firewall wasn't breaking connectivity on port 80.
Solution:
Struggling to clear the error, I decided to remove my custom networking from the docker run command to reduce complexity.
Like the OP, I had specified my own custom network and IP address in the docker run command. But when I removed --net and --ip from the docker run command, the container rose-up using the default bridge and a Docker DHCP assigned address.
Test Solution:
I found the IP of my Wordpress container using:
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' wordpressContainerName
and tried loading Wordpress in a browser on my laptop. The container could now be contacted on the forwarded port 80 outside the Docker host on a different subnet.
Conclusion:
Removing --net and --ip from the docker run command fixed the issue in my case; YMMV of course.
You can use docker run -d -p 127.0.0.1:9000:4000 --name some-container some-image-name or you can use -it flag
After thousand of hours digging this problem, i finally solve it by this silly way:
Uninstalled docker:
sudo yum remove docker
docker-client
docker-client-latest
docker-common
docker-latest
docker-latest-logrotate
docker-logrotate
docker-engine
docker-ce
Update my centos system:
yum -y update
Reboot
Re-install docker
Re-install container/image
Now it work like a charm.
In my case I logged in the docker container (postgresql) and saw that it's ip was 172.18.0.13 (by running ifconfig or ip a, install by e.g. apt-get install net-tools if you are running Debian derived containers).
I was able to connect to the container from the host machine fine (netcat, install by running apt-get install netcat-traditional) :
nc -vz 172.18.0.13 5432
but trying to connect from outside to the exposed port 5433 did not work.
Next I checked the iptables -settings:
iptables -nL -t nat --line-numbers |grep 5433
and saw output
7 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5433 to:172.18.0.2:5433
So the IP address of the port forwarding is pointing to docker_gwbridge (or wrong ip). I think there is some older container lingering around, or the port forward settings of it, or some malfunction in docker gwbridge. Restarting docker might help, and/or clearing/flushing all iptables -settings before starting docker. However, I had some production containers running there and I tried to avoid service break, so I fixed it manually by deleting the offending rule (line 7):
iptables -t nat -D DOCKER-INGRESS 7
Then I manually added forward to the right container (Note! please change the interface -i to your egress interface):
iptables -t nat -I DOCKER-INGRESS -p tcp -i eth0 --dport 5433 -j DNAT --to-destination 172.18.0.13:5432
Please note that this is a temporary hack, since docker keeps changing the rule back to a non-working version, so restart might be required sooner or later.
Partial Answer:
Now I solved this problem partially, While i try without bash in create a container and change my port to 3000(-p 3000:80) it worked for me.
Before Command:
docker run -it -d --name containerName -h www.myhost.net -v /var/www/html -p 3000:80 --net mynetwork --ip 172.11.0.10 --privileged myimagename bash
After Command:
docker run -it -d --name containerName -h www.myhost.net -v /var/www/html -p 3000:80 --net mynetwork --ip 172.11.0.10 --privileged myimagename
Then,
execute the container with bin/bash
docker exec -it containerName bin/bash
Now , works locally Connected Another machine.
hostmachineip:3000
I don't know docker have any port restrictions.But This solution works for me.
When i encountered this problem (with a docker-compose managed set of docker instances), I found that deleting the network that docker-compose fixed the problem:
docker-compose stop
# find the network related to my docker-compose setup
docker network ls
docker network rm NETWORKNAME
# let docker-compose recreate the network:
docker-compose up -d
I am trying to do this lab and type in the following command:
sudo docker run -it --name bdu_spark2 -P -p 4040:4040 -p 4041:4041 -p 8080:8080 -p 8081:8081 bigdatauniversity/spark2:latest /etc/bootstrap.sh -bash
But I get the following error. Is there a conflict between port 8080 of docker using it and other software trying to use it? I have restarted docker and made sure no other containers are running. Thanks for all the input.
Error response from daemon: Cannot start container 3c62472fe5f8481e5ee957550078f06106b45fc6bffe25669272e2ea924b5f36: failed to create endpoint bdu_spark2 on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:8080: bind: address already in use
This is usually caused because another container is using 8080 port on your docker host.
You can see your running containers by running: $ sudo docker ps
Either stop the other container, or choose a different host port to map your container's 8080 to.
In my case doing this with MySQL, I didn't realize it was because I already had a native MySQL running on that port.
docker run --name db --detach --env="MYSQL_ROOT_PASSWORD=123" --publish=3306:3306 mysql:latest
I did a netstat --all --numeric --program --inet --timers | grep 3306 and noticed it gave me 1418/mysqld. Then I did a ps aux | grep mysql and noticed that was the same process number started by /usr/sbin/mysqld which was my local MySQL instance on my host, nothing to do with containers.
Double check nothing is using those ports, especially 8080, which is very common for stand alone web servers, like those that ship with IDEs.
If you are using that port, you can use the --publish option to specify the host port to be different but still use the same port on the container. i.e. --publish=8081:8080, hostport:containerport.
I have installed Ubuntu and Docker. I am trying to launch Raik container:
$ DOCKER_RIAK_AUTOMATIC_CLUSTERING=1 DOCKER_RAIK_CLUSTER_SIZE=5 DOCKER_RIAK_BACKEND=leveldb make start-cluster ./bin/start
and get the error message:
It looks like the environment variable DOCKER_HOST has not been set.
The Riak cluster cannot be started unless this has been set
appropriately. For example:
export DOCKER_HOST="tcp://127.0.0.1:2375"
If I set
export DOCKER_HOST="tcp://127.0.0.1:2375"
all my other containers stop working and said, that can not find the Docker daemon.
It looks like my Docker damon use other than 2375 port. How can I check it ?
By default, the docker daemon will use the unix socket unix:///var/run/docker.sock (you can check this is the case for you by doing a sudo netstat -tunlp and note that there is no docker daemon process listening on any ports). It's recommended to keep this setting for security reasons but it sounds like Riak requires the daemon to be running on a TCP socket.
To start the docker daemon with a TCP socket that anybody can connect to, use the -H option:
sudo docker -H 0.0.0.0:2375 -d &
Warning: This means machines that can talk to the daemon through that TCP socket can get root access to your host machine.
Related docs:
http://basho.com/posts/technical/running-riak-in-docker/
https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
Prepare extra configuration file. Create a file named /etc/systemd/system/docker.service.d/docker.conf. Inside the file docker.conf, paste below content:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
Note that if there is no directory like docker.service.d or a file named docker.conf then you should create it.
Restart Docker. After saving this file, reload the configuration by systemctl daemon-reload and restart Docker by systemctl restart docker.service.
Check your Docker daemon. After restarting docker service, you can see the port in the output of systemctl status docker.service
like /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock.
Hope this may help
Thank you!
Reference docs of docker: https://docs.docker.com/install/linux/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections
There are 2 ways in configuring the docker daemon port
1) Configuring at /etc/default/docker file:
DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"
2) Configuring at /etc/docker/daemon.json:
{
"debug": true,
"hosts": ["tcp://127.0.0.1:5000", "unix:///var/run/docker.sock"]
}
If the docker default socket is not configured Docker will wait for infinite period.i.e
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
Waiting for /var/run/docker.sock
NOTE : BUT DON'T CONFIGURE IN BOTH THE CONFIGURATION FILES, the following error may occur :
Waiting for /var/run/docker.sock
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [tcp://127.0.0.1:5000 unix:///var/run/docker.sock], from file: tcp://127.0.0.1:5000)
The reason for adding both the user port[ tcp://127.0.0.1:5000] and default docker socket[unix:///var/run/docker.sock] is that the user port enables the access to the docker APIs whereas the default socket enables the CLI. In case the default port[unix:///var/run/docker.sock] is not mentioned in /etc/default/docker file the following error may occur:
# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
This error is not because that the docker is not running, but because of default docker socket is not enabled.
Once the configuration is enabled restart the docker service and verify the docker port is enabled or not:
# netstat -tunlp | grep -i 5000
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 31661/dockerd
Applicable for Docker Version 17.04, may vary with different versions of docker.
Since I also had the same problem of "How to detect a docker daemon port" however I had on OSX and after little digging in I found the answer. I thought to share the answer here for people coming from osx.
If you visit known-issues from docker for mac and github issue, you will find that by default the docker daemon only listens on unix socket /var/run/docker.sock and not on tcp. The default port for docker is 2375 (unencrypted) and 2376(encrypted) communication over tcp(although you can choose any other port).
On OSX its not straight forward to run the daemon on tcp port. To do this one way is to use socat container to redirect the Docker API exposed on the unix domain socket to the host port on OSX.
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:2375:2375 bobrik/socat TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock
and then
export DOCKER_HOST=tcp://localhost:2375
However for local client on mac os you don't need to export DOCKER_HOST variable to test the api.
If you run ps -aux | grep dockerd you should see the endpoints it is running on.
Try add -H tcp://0.0.0.0:2375(at end of Execstart line) instead of -H 0.0.0.0:2375.