My docker container (sctp server) is running on sctp with port number 36412. However, my sctp client on the host machine unable to communicate with the container. How do I expose this port from container to host? Is it not same as TCP/UDP?
When I run docker run -p 36412:36412 myimage, I get below error.
Invalid proto: sctp
From reading source code, the general form of the docker run -p option is
docker run -p ipAddr:hostPort:containerPort/proto
Critically, the "protocol" part of this is allowed to be any of tcp, udp, or sctp; it is lowercased, and defaults to tcp if not specified.
It looks like for your application, you should be able to
docker run -p 36412:36412/sctp ...
Use the -p flag when running to to map an open port on your host machine to the container port. The below example maps port 36412 on the host to 36412 in the container.
docker run -p 36412:36412 mysctpimage
To view the ports running on your container and where they are mapping to:
docker port <containerId>
This will tell you what port and protocol the container is mapping to your host machine. For example running a simple WebApi project may yield:
80/tcp -> 0.0.0.0:32768
Docker Port Documentation
How to publish or expose a port when running a container
Related
I have a running Docker container which shows PORTS 9191/tcp. So on my browser, I tried accessing server using localhost:9191/api/.... However, browser throws an error This site can’t be reached
Here is a log to docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c214aefed15e shah "youtube-dl-server -…" 6 seconds ago Up 5 seconds 9191/tcp boring_swirles
This is what my docker file looks like
FROM mariozig/youtube-dl_server
RUN pip install --pre youtube_dl_server
EXPOSE 9191
ENTRYPOINT ["youtube-dl-server", "--host=0.0.0.0"]
You have not mapped the docker container port to host port.
The docker container runs on a host. And The host doesn't know which requests to be directed to the docker container. For that you have to to map the host port to docker container port using -p flag in docker run command as shown below:
docker run -d -p HOST_PORT:CONTAINER_PORT IMAGE_NAME
-p in this command will specify that you are forwarding your host port to the container port. In your local host in the port HOST_PORT will call the port CONTAINER_PORT of your container.
Now when you will access the HOST_IP:HOST_PORT then the host will redirect the request to corresponding container with which this HOST_PORT has been mapped.
For example I started a tomcat docker container and mapped the tomcat container's 8080 port to host's 9092 port by using the above command. When I do docker ps I can see the mapping under PORTS as 0.0.0.0:9092->8080/tcp
I have a two HTTP servers on my host machine; one listening on 8080, the other listening on 8081. The 8080 is a webapp, and the 8081 is an API.
I also have a Docker container that should connect to the webapp on 8080 using an automated tool, and that webapp should make HTTP requests to the API that's on 8081.
Here is a visual representation of what I want:
Host machine HTTP 8080
⇩ ⇖
⇧ Docker container
Host machine HTTP 8081
The problem I'm having is that the Docker container cannot connect to the website on the host machines 8080. I'm not sure why, because I set the --network=host flag, so shouldn't it be using the host machines network?
This is my Docker image:
## Redacted irrelevant stuff...
EXPOSE 8080 8081
This is how run the container:
docker run -d -p 8080:8080 -p 8081:8081 --network=host --name=app app
Any ideas what's wrong with my setup?
So you have two services running directly on the machine and you want to deploy a Docker container that should connect to one of those services.
In that case, you shouldn't map those port to the container and you shouldn't expose those ports in the Dockerfile as those ports are not for the container.
Remove the Expose ports from the Dockerfile
Start the container using docker run -d --network=host --name=app app. The container should be able to access the services using localhost:8080.
I've installed docker in a VM which is publicy available on internet. I've installed mongodb in a docker container in the VM.Mongodb is listening on 27017 port.
I've installed using the following steps
docker run -p 27017:27017 --name da-mongo -v ~/mongo-data:/data/db -d mongo
The port from container is redirected to the host using the -p flag. But the port 27017 is exposed on the internet. I don't want it to happen.
Is there any way to fix it?
Well, if you want it available for certain hosts then you need a firewall. But, if all you need is it working on localhost (your VM machine), then you don't need to expose/bind the port with the host. I suggest you to run the container without the -p option, then, run the following command:
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' your_container_id_or_name
After that, it will display an IP, it is the IP of the container you've just ran (Yes, docker uses somewhat an internal virtual network connecting your containers and your host machine between them).
After that, you can connect to it using the IP and port combination, something like:
172.17.0.2:27017
When you publish the port, you can select which host interface to publish on:
docker run -p 127.0.0.1:27017:27017 --name da-mongo \
-v ~/mongo-data:/data/db -d mongo
That will publish the container port 27017 to host interface 127.0.0.1 port 27017. You can only add the interface to the host port, the container itself must still bind to 0.0.0.0.
From my docker container I want to access the MySQL server running on my host at 127.0.0.1. I want to access the web server running on my container container from the host. I tried this:
docker run -it --expose 8000 --expose 8001 --net='host' -P f29963c3b74f
But none of the ports show up as exposed:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
093695f9bc58 f29963c3b74f "/bin/sh -c '/root/br" 4 minutes ago Up 4 minutes elated_volhard
$
$ docker port 093695f9bc58
If I don't have --net='host', the ports are exposed, and I can access the web server on the container.
How can the host and container mutually access each others ports?
When --expose you define:
The port number inside the container (where the service listens) does
not need to match the port number exposed on the outside of the
container (where clients connect). For example, inside the container
an HTTP service is listening on port 80 (and so the image developer
specifies EXPOSE 80 in the Dockerfile). At runtime, the port might be
bound to 42800 on the host. To find the mapping between the host ports
and the exposed ports, use docker port.
With --net=host
--network="host" gives the container full access to local system services such as D-bus and is therefore considered insecure.
Here you have nothing in "ports" because you have all ports opened for host.
If you dont want to use host network you can access host port from docker container with docker interface
- How to access host port from docker container
- From inside of a Docker container, how do I connect to the localhost of the machine?.
When you want to access container from host you need to publish ports to host interface.
The -P option publishes all the ports to the host interfaces. Docker
binds each exposed port to a random port on the host. The range of
ports are within an ephemeral port range defined by
/proc/sys/net/ipv4/ip_local_port_range. Use the -p flag to explicitly
map a single port or range of ports.
In short, when you define just --expose 8000 the port is not exposed to 8000 but to some random port. When you want to make port 8000 visible to host you need to map published port -p 8000:8000.
Docker's network model is to create a new network namespace for your container. That means that container gets its own 127.0.0.1. If you want a container to reach a mysql service that is only listening on 127.0.0.1 on the host, you won't be able to reach it.
--net=host will put your container into the same network namespace as the host, but this is not advisable since it is effectively turning off all of the other network features that docker has-- you don't get isolation, you don't get port expose/publishing, etc.
The best solution will probably be to make your mysql server listen on an interface that is routable from the docker containers.
If you don't want to make mysql listen to your public interface, you can create a bridge interface, give it a random ip (make sure you don't have any conflicts), connect it to nothing, and configure mysql to listen only on that ip and 127.0.0.1. For example:
sudo brctl addbr myownbridge
sudo ifconfig myownbridge 10.255.255.255
sudo docker run --rm -it alpine ping -c 1 10.255.255.255
That IP address will be routable from both your host and any container running on that host.
Another approach would be to containerize your mysql server. You could put it on the same network as your other containers and get to it that way. You can even publish its port 3306 to the host's 127.0.0.1 interface.
I've started using docker for dev, with the following setup:
Host machine - ubuntu server.
Docker container - webapp w/ tomcat server (using https).
As far as host-container access goes - everything works fine.
However, I can't manage to access the container's webapp from a remote machine (though still within the same network).
When running
docker port <container-id> 443
output is as expected, so docker's port binding seems fine.
172.16.*.*:<random-port>
Any ideas?
Thanks!
I figured out what I missed, so here's a simple flow for accessing docker containers webapps from remote machines:
Step #1 : Bind physical host ports (e.g. 22, 443, 80, ...) to container's virtual ports.
possible syntax:
docker run -p 127.0.0.1:443:3444 -d <docker-image-name>
(see docker docs for port redirection with all options)
Step #2 : Redirect host's physical port to container's allocated virtual port. possible (linux) syntax:
iptables -t nat -A PREROUTING -i <host-interface-device> -p tcp --dport <host-physical-port> -j REDIRECT --to-port <container-virtual-port>
That should cover the basic use case.
Good luck!
Correct me if I'm wrong but as far as I'm aware docker host creates a private network for it's containers which is inaccessible from the outside. That said your best bet would probably be to access the container at {host_IP}:{mapped_port}.
If your container was built with a Dockerfile that has an EXPOSE statement, e.g. EXPOSE 443, then you can start the container with the -P option (as in "publish" or "public"). The port will be made available to connections from remote machines:
$ docker run -d -P mywebservice
If you didn't use a Dockerfile, or if it didn't have an EXPOSE statement (it should!), then you can also do an explicit port mapping:
$ docker run -d -p 80 mywebservice
In both cases, the result will be a publicly-accessible port:
$ docker ps
9bcb… mywebservice:latest … 0.0.0.0:49153->80/tcp …
Last but not least, you can force the port number if you need to:
$ docker run -d -p 8442:80 mywebservice
In that case, connecting to your Docker host IP address on port 8442 will reach the container.
There are some alternatives of how to access docker containers from an external device (in the same network), check out this post for more information http://blog.nunes.io/2015/05/02/how-to-access-docker-containers-from-external-devices.html