Internet access from inside docker over Oracle VM and cntlm proxy - docker

How can I make internet http calls from inside docker on Ubuntu 16.04 over Oracle VM (5.2.4) and cntlm proxy on Windows 7?
The Proxy is configured (IP 192.168.56.1, the VMs host). Internet access is successful within Ubuntus Firefox or with wget from commandline.
Docker CE (17.12.0-ce) is configured to use also the proxy ip:
/etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.56.1:3128/"
Environment="HTTPS_PROXY=http://192.168.56.1:3128/"
All docker images I could pull successful.
Only the wget or any install calls inside a docker container fails.
Many help pages later, I haven't no idea more.
My tries:
docker run --name test --network host -e "https_proxy=https://192.168.56.101:3128" -it alpine:latest wget https://www.web.de
wget: bad address 'www.web.de'
docker run --name test --dns 8.8.8.8 -e "https_proxy=https://192.168.56.101:3128" -it alpine:latest wget https://www.web.de
wget: bad address 'www.web.de'
docker run --name test -e "https_proxy=https://192.168.56.101:3128" -it alpine:latest wget https://www.web.de
wget: bad address 'www.web.de'
docker run --name test --network host --dns 8.8.8.8 -e "https_proxy=https://192.168.56.101:3128" -it alpine:latest wget https://www.web.de
wget: bad address 'www.web.de'
All the printed calls also with "http" and without the proxy Environment.
Another ideas for me?

For docker to work with CNTLM it is important to set
Gateway yes
in the CNTLM-Config.
I run CNTLM directly on the VM and set all proxys within the container to http://172.17.0.1:3128.
For the sake of completeness, please set all Proxy-Env in docker run:
PROXY_DOCKER="http://172.17.0.1:3128/"
docker run -e HTTP_PROXY=${PROXY_DOCKER} -e http_proxy=${PROXY_DOCKER} -e HTTPS_PROXY=${PROXY_DOCKER} -e https_proxy=${PROXY_DOCKER} ...

Related

Access host iptables and ufw from privileged Docker container

I would like to access iptables, ufw and reboot running on host OS (Snappy Ubuntu Core 18.04) from Docker container (running on the same host).
What volumes or Docker container parameters are required to make this possible? Container can be run with root user and privileged access.
I´m totally aware of the security implications here, but security is not a concern in this context.
Using SSH
You can run the container with --net=host option, then it's possible to connect to the host from the container using ssh.
in the host mode, connecting to the port 22 on the host from the container is possible.
Without SSH
if you don't want to use ssh, one way is explained in this post. You need to run the container with --privileged and --pid=host and then use nsenter command. Using this command you get an interactive shell form the host. You can also only run desired command.
$ sudo docker run --privileged --pid=host -it alpine:3.8 \
nsenter -t 1 -m -u -n -i sh
$ sudo docker run --privileged --pid=host -it alpine:3.8 \
nsenter -t 1 -m -u -n | sudo iptables -S
note that if you are using MacOS or Windows, the docker is running in a hypervisor, so using this, you would be in the shell of the hypervisor.

Unable to run nginx inside docker

I am trying to run an nginx image inside a Docker container. I have tried these steps
ssh inside ubuntu docker image docker run -v /var/run/docker.sock:/var/run/docker.sock -it ubuntu:latest bash
Installed Docker
Run Nginx image docker run -d -p 80:80 nginx
curl localhost:80 gives Connection refused
Mapping docker.sock to containers means you will be using the docker daemon of the host machine, not the container's.
So when you run docker run -d -p 80:80 nginx command, the nginx container is created and run in host machine (sibling of the ubuntu container). Hence, 80:80 maps in the host machine.
Validate this by running docker ps in ubuntu container and in the host machine. The result should match. And I guess, you can do curl localhost in the host machine and hit the nginx server as well.

Confluent Schema Registry Docker image not exposing port 8081 outside the container

I'm running the following container using the docker image for the Confluent Schema Registry. Everything runs fine inside the container meaning I can run a shell command inside the container against localhost:8081/subjects and get an empty list back as expected.
However, I'm trying to spin up the Schema Registry in a container just so I could build an application locally that points to this schema registry instance. So I tried exposing port 8081 to my local machine. But localhost:8081 is not accessible from my machine. Is there no way to do what I'm trying to do here? I tried running the schema registry without docker on my windows machine but I didn't see a windows specific schema-registry-start file.
docker run -d \
--net=host \
--add-host=linuxkit-00155da9f301:127.0.0.1 \
-p 8081:8081 \
--name=schema-registry \
-e SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=iptozookeepernode1:2181,iptozookeepernode2:2181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://localhost:8081 \
-e SCHEMA_REGISTRY_DEBUG=true \
confluentinc/cp-schema-registry:latest
For me, the issue was related to port 8081 on localhost (used by McAfee), changed port mapping to 8017:8081 and it's working fine.

Connection refused when trying to run Kong API Gateway using a docker container

I am trying to run Kong API Gateway using a docker container. I followed the instructions on hub.docker.com/_/kong/, started Cassandra database and Kong.
I have Cassandra running using the below command:
docker run -d --name kong-database \
-p 9042:9042 \
cassandra:3
and Kong running using the below command:
docker run -d --name kong \
--link kong-database:kong-database \
-e "KONG_DATABASE=cassandra" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 7946:7946 \
-p 7946:7946/udp \
kong:latest
Both containers are running. (I don't have enough reputations to embed pictures here right now so please see a screenshot here:
my container list)
However when I do:
$ curl http://127.0.0.1:8001
I got this:
curl: (7) Failed to connect to 127.0.0.1 port 8001: Connection refused
Can anyone let me know what is the possible reason?
Ok, check the logs of the kong container to find any errors if there are any(docker logs kong).
If there aren't any errors, please check whether there is any active process running on the port or not(sudo netstat -anp | grep 8001). That will help us know whether the docker-container port 8001 was properly binded to server port 8001 and also the ip on which the port is running.
If there is process running on that port, then it might be an issue of running docker on bridge network which is not able to bind the port with localhost. try re-running the container with network host(--net host). Then it should work fine.

Cannot access tomcat8 server running in docker container from host machine

I am trying to connect to a web app running on tomcat8 in a docker container.
I am able to access it from within the container doing lynx http://localhost:8080/myapp, but when I try to access it from the host I only get HTTP request sent; waiting for response.
I am exposing port 8080 in the Dockerfile, I am using sudo docker inspect mycontainer | grep IPAddress to get the ip address of the container.
The command I am using to run the docker container is this:
sudo docker run -ti --name myapp --link mysql1:mysql1 --link rabbitmq1:rabbitmq1 -e "MYSQL_HOST=mysql1" -e "MYSQL_USER=myuser" -e "MYSQL_PASSWORD=mysqlpassword" -e "MYSQL_USERNAME=mysqlusername" -e "MYSQL_ROOT_PASSWORD=rootpassword" -e "RABBITMQ_SERVER_ADDRESS=rabbitmq1" -e "MY_WEB_ENVIRONMENT_ID=qa" -e "MY_WEB_TENANT_ID=tenant1" -p "8080:8080" -d localhost:5000/myapp:latest
My Dockerfile:
FROM localhost:5000/web_base:latest
MAINTAINER "Me" <me#my_company.com>
#Install mysql client
RUN yum -y install mysql
#Add Run shell script
ADD run.sh /home/ec2-user/run.sh
RUN chmod +x /home/ec2-user/run.sh
EXPOSE 8080
ENTRYPOINT ["/bin/bash"]
CMD ["/home/ec2-user/run.sh"]
My run.sh:
sudo tomcat8 start && sudo tail -f /var/log/tomcat8/catalina.out
Any ideas why I can access it from within the container but not from the host?
Thanks
What does your docker run command look like? You still need to do -p 8080:8080. Expose in the dockerfile only exposes it for linked containers not to the host vm.
I am able to access the tomcat8 server from the host now. The problem was here:
sudo tomcat8 start && sudo tail -f /var/log/tomcat8/catalina.out
Tomcat8 must be started as a service instead:
sudo service tomcat8 start && sudo tail -f /var/log/tomcat8/catalina.out
Hit given command to find IP address of docker-machine
$ docker-machine ls
The output will be like :
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.100:2376 v1.10.3
Now run your application from host machine as : http://192.168.99.100:8080/myapp

Resources