On a docker container setup (3 containers) using user-defined bridge network.
I am able to reach a container from another container (using both IP and container name).
But I am not able to ping the process (running in container) from my host machine. Can any one help me in this? is it possible?
See my docker compose file
Set up is on windows 8
Of the 4 containers mentioned in the compose file - none is accessible from host machine. (neither using container names nor IP ). Although I can access one container from another one using both IP and container name.
I assume you are trying to access your container from its service name declared in the compose file, but you cannot do that outside the bridge network declared in the compose file.
From your host, you need to use the container ip address and you can get it with the following command:
docker inspect <container> -f '{{.NetworkSettings.Networks.<network>.IPAddress}}'
Obviously you need to replace the <container> placeholder by your container name and the <network> by you network name.
For example, based on you servers.yml file, you can get the zookeeper ip address with docker inspect zookeeper -f '{{.NetworkSettings.Networks.bridge.IPAddress}}'
See the docker documentation for more details on the inspect command and
I don't have much more idea about Docker setup on windows but I guess your service is listening on localhost(inside the container) that's why it is not accessible from outside
To access any of the service running on the container from outside you need to bind the service port with 0.0.0.0 IP address
Example:
If Nginx is running on port 80 inside the container but the bind address is 127.0.0.1 or localhost(It will be accessible only from inside the container not outside or from host machine), If you want to access your nginx from outside you need to change its bind address localhost to 0.0.0.0
Hope it will help.
Related
Right now, when I bind a docker container port to a port on my computer, it can be accessed through every IP address belonging to my computer.
I know this since I tried connecting to the port through another computer using my Docker host's static LAN ip address.
I want to restrict that specific container to be accessible exclusively by my docker host (127.0.0.1 or localhost). When I change my web server's IP to localhost, it becomes inaccessible from my docker host (probably because that makes it local to the container, not the host).
How can I make a docker container local to the host?
If you run the container like this it will be accesable only from 127.0.0.1
docker run --rm -it -p 127.0.0.1:3333:80 httpd
--rm: I use it for testing it removing the container after exit.
-it: interactive tty.
-p: port mapping, map 3333 on the host to 80 in the container and restrict access only from localhost.
The docker-compose equivalent would be:
services:
db:
ports:
- "127.0.0.1:80:80"
I've read this post and I've tried adding ports: "7080:7080" in docker-compose.yml but still can't connect to the container using 172.18.0.2:7080 (btw I'm a docker newbie)
The container is one of several in a DockStation project on Windows 10. The image I'm using is for OpenLiteSpeed with WordPress.
The docker-compose.yml file contents is below:
version: '2'
services:
gnome-3-28-1804:
image: ubuntudesktop/gnome-3-28-1804
firefox:
image: jlesage/firefox
browser-box:
image: jim3ma/browser-box
openlitespeed:
image: litespeedtech/openlitespeed
ports:
- "7080:7080"
Any ideas please?
UPDATE: IP 172.17.0.1 appears to be the default bridge gateway IP so I assume 172.18.0.2 for this container is in some way related to that; Docker and DockStation are both running locally on host 10.0.0.10 Not sure if the setup should even be using a bridge. http://localhost:7080/ says ERR_CONNECTION_REFUSED
UPDATE 2: I'm using Docker for Windows (Docker Desktop). Tried turning off the Windows firewall but makes no difference. Still getting ERR_CONNECTION_REFUSED for http://localhost:7080/ and http://10.0.0.10:7080/. There are 3 other containers in the project but not running, only the LiteSpeed one is running.
UPDATE 3: I created a new project and installed tutum/hello-world/ then ran the new container. The hello-world container is running and I've not found any error in the logs, but neither localhost nor 10.0.0.10 will connect, the error in Chrome is ERR_CONNECTION_REFUSED. Same if I run docker run -d -p 80 tutum/hello-world in Windows command prompt.
What is this IP (172.18.0.2) representing? Is it a remote machine where DockStation is running?
If this is a case, check if this port is publicly available on that machine. You did add ports section to the Dockerfile which will map container's port to machine's port - but it is a matter whether e.g. firewall blocks outside access to that port.
I would first troubleshoot it by trying to access localhost:7080 from 172.18.0.2 machine - if it works, your Docker configuration is good and you need to look for the problem in that machine's configuration (e.g. firewall).
I tried your Compose file on my system and it works as expected - I can access port 7080 both using my host's system IP and hostname and the container's IP and ports 80 and 443 using only the container's IP (since they're not mapped to any of the host's ports).
You did not specify whether you're using Docker for Windows or Docker Toolbox - DockStation works with both, but if you're using Docker Toolbox, then you'll have to use the virtual machine's IP or hostname to access port 7080, instead of localhost. If you're using Docker for Windows, then I do not understand what is going on - are you sure the containers are running?
As for where those IP's you mentioned come from - 172.17.0.1 is most likely your hosts IP on Docker's default bridged network. Docker-compose, by default, creates its own bridged networks for every project. In your case, in your project's network, your host's IP would be 172.18.0.1. You can view Docker's networks with command docker network ls and their details with docker network inspect <network-name>.
You should not use any of those IP's for any reason, since there's no guarantee they'll remain the same. If you need to connect from outside, map internal container ports to your Docker's host's ports, like you did with port 7080 and if you need containers to connect to each other - with docker-compose you can use service names as hostnames, without it you have to connect them to the same, non-default, bridged Docker network and use their container names as hostnames.
This solution worked for me.
docker run -d -p 127.0.0.1:80:80 tutum/hello-world
Apparently you have to specify you want the port exposed under localhost. Then localhost entered in the browser address bar loaded the Hello World page - hurrah!
Once I changed the ports in docker-compose.yml to '127.0.0.1:80:80' then it also worked when run from DockStation.
In case of I have a machine that running docker (docker host) and spin up some containers inside this docker host,
I need containers' services be able to talk to each other - container expose ports and they also need to resolve by hostname (e.g: example.com)
container A needs to talk to container B with URL: example.com:3000
I've read this article but not quite sure about "inherit" from docker host, does docker host's /etc/hosts will be appended to container's /etc/hosts that running inside docker host?
https://docs.docker.com/engine/reference/run/#managing-etchosts
How to achieve?
Does this "inherit" has any connect to type of docker container networking https://docs.docker.com/v17.09/engine/userguide/networking/ ?
It does not inherit the host's /etc/hosts file. The file inside your container is updated by docker when using the --add-host parameter or extra_hosts in docker-compose. You can add individual records by using extra_hosts in docker-compose (https://docs.docker.com/compose/compose-file/#extra_hosts).
Although if you're just trying to get 2 containers talking to each other you can alternatively connect them to the same network. In docker-compose you can create what's called an external network and have all your docker-compose files reference it. you will then be able to connect by using the full docker container name (eg. http://project_app_1:3000).
See https://docs.docker.com/compose/compose-file/#external
I have a situation where I need to let several jobs inside a single docker container orchestrated by docker-compose 1.16.1 communicate with a legacy system.
The legacy system runs in a vagrant box on the same host and binds to three ports (7880, 58608, and 58709). I understand that the default configuration of docker allows accessing the host as 172.17.0.1, but for obscure technical reasons due to network differences I need the host port available on "localhost".
So, how do I make "localhost port 7880" as seen from inside the docker container port forward to the host port 7880?
I have full control of the docker instance and invocation.
Just add network_mode: host section to your docker-compose file and share localhost with containers and host.
I have the following situation. I have a service that listens to 127.0.0.1 on port 1234 (This cannot be changed for security reasons). On the same machine run a docker container. I need to somehow connect to the service on the host from within the container. Because the service only accepts requests from 127.0.0.1, i need somehow to link the port from the container to the host port but in reverse so when i connect from within the container to 127.0.0.1:1234 the service on the host will receive the data. Is this possible?
Thanks.
With the default bridged network, you won't be able to connect from the container to a service on the host listening on 127.0.0.1. But you can use --net=host when running a container to use the host network stack directly in the container. It removes some of the isolation, but then allows you to talk directly to 127.0.0.1 as the container and talk to services running on the host.
Question
How to bind Dockerized service on localhost:port ?
Answer
Use the -p as this: docker run -p 127.0.0.1:1234:1234 <other options> <image> <command>.