I try to connect to my container on localhost/127.0.0.1/0.0.0.0 but site can’t be reached.
Details:
$ docker run -d -p 80:80 nginx:alpine
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
d5b465ed1b18 nginx:alpine "nginx -g 'daemon of" 6 minutes ago Up 6 minutes 0.0.0.
0:80->80/tcp quizzical_swirles
798b40ceec77 10.36.7.241:5000/facileexplorer:0.3.8 "/usr/bin/supervisor" 9 minutes ago Up 9 minutes 4444/t
cp, 0.0.0.0:3838->3838/tcp, 0.0.0.0:8787->8787/tcp, 5900/tcp vigilant_banach
I followed this tutotial: https://blog.sixeyed.com/published-ports-on-windows-containers-dont-do-loopback/:
$ docker inspect --format '{{ .NetworkSettings.Networks.nat.IPAddress }}' d5b465ed1b18
<no value>
but it doesn't return port.
And I also helped myself with this guide: https://www.iancollington.com/docker-and-cisco-anyconnect-vpn/ because some of my docker images are on private registry, so I did following steps:
PATH=$PATH:"C:\Program Files\Oracle\VirtualBox"; export PATH
export DOCKER_HOST="tcp://127.0.0.1:2376"
docker-machine stop default
VBoxManage modifyvm "default" --natpf1 "docker,tcp,,2376,,2376"
docker-machine start default
alias docker='docker --tlsverify=false'
Could you help?
When you are using Docker Toolbox, running docker run -p 80:80 can be misleading. It means it will forward the port 80 of your container to the port 80 of your Docker machine, not the Windows host!
If you want to access the container through your Windows host, you also need to forward port 80 of your Docker machine to that host.
I see you are using VirtualBox, which allows you to do that by adding an entry in Settings > Network > Advanced > Port Forwarding.
Example tutorial with images: https://www.howtogeek.com/122641/how-to-forward-ports-to-a-virtual-machine-and-use-it-as-a-server/
Related
I am trying out some things with docker and docker swarm and currently I am running into a problem.
If I create a container with:
docker run -d --name my_nginx -p 8080:80 nginx
everythings went fine, I am able to access this port.
If I try to create a service with docker swarm (container was removed before) I am not able to open that port:
docker service create -d --name my_service_nginx --replicas=1 -p 8080:80 nginx
It seems that the service does not create a portmapping.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3417b80036c nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp my_service.1.1l3fwcct1m9hoallkn0g9qwpd
Do you have any idea what I am doing wrong?
Best regards
Jan
Launching a Docker swarm on the LXC is not possible:
Docker swarm get access from outside network
I am learning Docker as a beginner and I am finding one info confusing. Here is step details:
Pulling Image from Docker Hub
Running Image
Now, I am seeing any Half port details in CLI due to which I am not able to ger proper port ID.
But when I am running same Image through KITEMATIC and checking the status of the running container then it is showing me properly.
Please refer Screenshot below for details:
First Line in shared Pic is showing complete details of PORTs( started container in KITEMATIC)
Second-line is not showing complete.
I want to know the reason for this difference and how to resolve it.
In first line of docker ps, you publish the port using below command
docker run -it -p 32773:80 -p 32772:443 static-site
That is why you are seeing HOST_PORT->Container_PORT, to see the same response on another container you need to publish port
docker run -it --rm -p 80:80 -p 443:443 your_image
80:80 mean HostPort:ContainerPort.
Images can expose a port. This is documentation from the image creator to those using the image. It tells you which ports the application inside the container are listening on by default. When you run a container with an exposed port, but you do not publish it on the host, you'll see only the container port listed in the docker container ls. This is again only documentation at this point, no docker networking has been configured to use that container port, so docker is letting you know that inside the container that application is likely listening on that port:
$ docker run -d --name unpublished --rm nginx
63291688813a75a8d9f0d383b4fbef30e93be8e89bd22fc80c2953da65d1d5e9
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63291688813a nginx "nginx -g 'daemon of…" 41 seconds ago Up 39 seconds 80/tcp unpublished
If you publish a container to a specific port, you'll see that listed as desired:
$ docker run -d --name exact -p 8080:80 --rm nginx
10f82a87d8dce2226c030ca5f23e7983b0f60673c0ec614302dc129dad4ba86d
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
10f82a87d8dc nginx "nginx -g 'daemon of…" 14 seconds ago Up 12 seconds 0.0.0.0:8080->80/tcp exact
And it looks like kitematic is publishing all ports with the -P flag (capital) which looks at all exposed ports and maps them to unused high numbered ports:
$ docker run -d --name publish_all -P --rm nginx
982afb237756e543820810cbd6366c8fa8569a386ff581cd7edc63557004e8c4
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
982afb237756 nginx "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 0.0.0.0:32768->80/tcp publish_all
If you want the know what port was published on the host, particularly when you tell docker to use unused high numbered ports, you can query that with the port command, e.g. for the publish_all container above:
$ docker container port publish_all 80
0.0.0.0:32768
You can see the exposed ports with an inspect of the image:
$ docker image inspect nginx --format '{{json .Config.ExposedPorts}}' | jq .
{
"80/tcp": {}
}
I'd like to be able to run a container with the -P parameter while having it bind to the internal 10.10.0.0/22 subnet.
By default once do something like this:
docker run -d -P --name=nginx nginx
It will look something like this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dbb556c99c81 nginx "/usr/sbin/nginx" 2 minutes ago Up 2 minutes 0.0.0.0:32773->80/tcp nginx
Exposing it on 0.0.0.0/0 Is there a way to make this my internal IP?
You can manually bind to a specific interface when selecting individual ports with -p, e.g.:
$ docker run -d -p 127.0.0.1:8080:80/tcp --name test-nginx nginx
2e07ebc61bcdc82a187a27eabca10211a4c9ac09d66e516e5c176d7282cffe2b
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2e07ebc61bcd nginx "nginx -g 'daemon off" 5 seconds ago Up 2 seconds 443/tcp, 127.0.0.1:8080->80/tcp test-nginx
With -P, it uses the interface configured on the daemon (dockerd or docker daemon). By default that is 0.0.0.0, but you can change it to any other IP:
$ dockerd --help
# ...
--ip=0.0.0.0 Default IP when binding container ports
Note that 0.0.0.0 is listening on all interfaces, so the only reason to specify a specific IP is to lock down the container further, not to open it up for your environment.
I am running a site inside Docker container which exports following
https://172.17.0.2:8443/admin/ &
http://172.17.0.2:8463/users/
$ docker run -it -d --expose=8000-9900 ubuntu-java8-webapp
bf193d011fd8....
Docker PS cmd
$ docker ps -a
CONTAINER ID IMAGE COMMAND PORTS NAMES
bf193d011fd8 ubuntu-.... "/bin/bash" 8000-9900/tcp desperate_mclean
Docker ls cmd
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.100:2376 v1.10.3
Docker machine ip cmd
$ docker-machine ip default
192.168.99.100
How do I access the site? Just in case it matters, I am running docker on Mac here.
You can try and access it through the docker machine IP:
https://192.168.99.100:8443/admin
http://192.168.99.100:8463/users
But ideally, you would:
map those port to the host:
docker run -p 8443:8443 -p 8463:8463 ...
port-forward those port to your actual host through VirtualBox VM Network setting, and access the site with:
https://localhost:8443/admin
http://localhost:8463/users
I am facing issues when I try to push to registry that I created earlier. Here are the steps that I followed.
docker run -d -p 5001:5002 --restart=always --name new_registry registry:2
docker build -t test-app .
docker run -p 50100:8080 -d --name app test-app
docker tag test-app localhost:5001/test:latest
docker push localhost:5001/test:latest
=================================================
✘ ~/G/S/d/a/App master docker push localhost:5001/test:latest
The push refers to a repository [localhost:5001/test] (len: 1)
Sending image list
Put http://localhost:5001/v1/repositories/test/: net/http: transport closed before response was received
Below is output of docker images command:
~/G/S/d/a/App master docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
test-app latest 78f9362f7cd5 51 minutes ago 547.8 MB
localhost:5001/test latest 78f9362f7cd5 51 minutes ago 547.8 MB
registry 2 5d165b8e4b20 3 weeks ago 220.1 MB
More Details Below:
~/G/S/d/a/patterns_and_tools docker-machine env default
set -x DOCKER_TLS_VERIFY "1";
set -x DOCKER_HOST "tcp://192.168.yyy.xxx:2376";
set -x DOCKER_CERT_PATH "/Users/zack/.docker/machine/machines/default";
set -x DOCKER_MACHINE_NAME "default";
# Run this command to configure your shell:
# eval (docker-machine env default)
~/G/S/d/a/patterns_and_tools
I checked the network settings in the VM . They are as below:
Name : dockersetting
protocol : TCP
HOST IP:
HOST PORT : 50100
GuestIP :
Guest Port : 50100
A tag boot2docker (even though it has been obsoleted by docker machine) means you are not on Linux directly, but on Windows or Mac, using a Linux VM.
You have a similar error message reported in issue 523 of docker/distribution (the new registry server)
When you bind to localhost inside the container, the service won't be available outside the container, even though you are specifying the port mapping.
When the docker daemon goes to connect, it cannot connect to the port since the service is not bound to the "external" interface of the container.
That means you need to setup port forwarding, or to use the docker-machine ip new_registry ip address.
docker push $(docker-machine ip new_registry):5001/test:latest
5000:5000 works but 5001:5002 does not work when creating registry.
It is possible that the VM was already set to port forward port 5000, but not 5001 (similar to this picture).
It means the registry image exposes port 5000: you can map that on host port 5000 or 5001 or any port you want: but it has to be port 5000 that you map:
docker run -d -p 5001:5000 --restart=always --name new_registry registry:2
^^^^