How can I use the DockerNAT virtual switch for an Hyper-V VM so it can 'talk' to other docker containers and enable internet access as in the MobyLinux VM?
Long story:
I want to install Univention on my Windows Server host via Hyper-V. On my host an nginx docker container is also running as a proxy. If someone calls univention.domain.com it should automatically redirect to my hyper-v Univention VM. This works when I set the network adapter of the Hyper-V machine to the DockerNAT and then give it the IP Address 10.0.75.100 as the Gateway address of the DockerNAT is 10.0.75.1 and the IP Address of the MobyLinux is 10.0.75.2. When I now ping 10.0.75.100 from my nginx container it works.
But as Univention needs an internet connection to install applications I'm not quite satisfied with this configuration as I am not able to connect to the internet when I use the DockerNAT network interface.
Then on the other hand I am able to ping from the nginx container (running as a linux container in the hyper-v VM of MobyLinux) f.e. 8.8.8.8. So the MobyLinux container created by Docker has to have internet access, right? Although it also uses the DockerNAT interface. But its set as an 'internal' virtual switch and the connection of my main NIC isn't marked as 'shared'.
p.s.: I am aware that there is a Univention docker image but Univention started to use docker for it's apps. So I can't run most of their apps in the app store, as docker container in docker container doesn't fit well (Univention can't enable docker due to network problems)
Windows Server 2019 17623
Docker 18.04.0-ce-rc2
Related
I'm using docker desktop for windows and I could ping to a container from the host machine by it's IP on Docker version 1.x.
Now it doesn't work anymore on Docker version 20.x.
I guess somewhat change for network isolation policy but not sure.
Is there any solution to access my containers by it's IP address again?
If I run Docker locally and I bind the containers' ports, I usually connect with them through localhost and not through the dynamically created IP address. I might start a MySQL container, bound with 3306:3306 and can then connect with it to localhost:3306.
If I am using a virtual machine in Windows to run Docker in (e.g. with VirtualBox), the VM has its own interface (e.g. VirtualBox Host-Only Network) which might have an IP address of 192.168.50.1. I can now connect to a MySQL container via 192.168.50.1:3306.
Using a different interface/network for my containers is useful during development because I free up my localhost ports for other things and many browsers treat localhost differently than it does other addresses.
However, Docker Desktop also has advantages over a VM:
Not having to manage the VM
Testcontainers out-of-the-box
Docker Desktop is nice
Should it not be possible to get Docker to bind to ports on a virtual interface instead of localhost, e.g. by creating a Windows virtual switch or even by using the existing VirtualBox network? And is it possible to do this for Docker Desktop (on Windows) for all containers by default?
This answer indicates there's an --ip option available when starting the Docker daemon, but:
Which IP address do I use here? The gateway is the only IP address that I have configured for a virtual switch.
What is the equivalent for Docker Desktop?
I have the following setup:
Windows 10 Host (Hyper-V enabled)
Docker Desktop installed on host
VMWare Workstation Pro (16)
Windows 10 VM - Docker CLI installed on vm
The Windows 10 VM is used as a dev environment, with project-specific stuff on there.
I also use the host as a development machine for other projects - so want to be able to use docker on both.
What I'd like to do is access the docker engine running on the host, from my VM
By access docker, I mean use the docker cli to run containers, build images etc... setting DOCKER_HOST or something like that?
Is this possible? Or any other way?
So far, I've set my VM to use NAT networking and tried:
docker -H tcp://192.168.126.2:2375 images
Which returns
error during connect: Get http://192.168.126.2:2375/v1.40/images/json: dial tcp 192.168.126.2:2375: connectex: No connection could be made because the target machine actively refused it.
192.168.126.2 is the ip of the default gateway, from within the VM (so - my host?)
On the host machine, if I do docker -H tcp://0.0.0.0:2375 images I get the expected result.
On the host machine, I've also set:
"hosts": ["tcp://0.0.0.0:2375"],
within the docker engine config:
so what i would do and usually am doing is in VMware Workstation in Network editor I connect VMs to a bridge and select my main line that provides connectivity whether it is an Ethernet port or Wifi and associate it to lets say VMnet0. Then in VM settings I assign that VM's NIC to VMnet0 and that is how my VM and my host are on same LAN.
I would not use NAT.
I have win 10 as an operating system, I have installed virtualbox where ubuntu is installed and docker with its containers is installed in ubuntu.
I set the virtualbox network in bridge, and in DHCP I assigned an IP that I can easily reach from the win 10 chrome browser (outside of virtualbox). The problem is that I cannot access the docker container where a webserver runs in loalhost, I can access it without problems inside the virtualbox and externally I can access another webserver in the virtualbox but not the webserver docker! How could I solve it?
thanks for any replies!
It seems that I have solved, I describe here the simple solution that I have adopted.
the VM has an IP assigned in dhcp by the bridge network. (this setting has remained for a second webserver to work) In virtualbox settings I simply enabled a second NAT network from "network-settings" and in "advanced-port forwarding" I only added host port on 80 and guest port on 80, because docker run establishes its ip and its port reachable only on local host (in this case reachable only inside virtualbox).
I'm new to Docker and Containers, and I'm trying to run a simple asp.net web app in a container but running into issues. My OS is Windows 10 Home, so I have to use the Docker Toolbox, which runs on a VM that only includes a basic Linux OS. When I spin up the container, it seems to start fine, but I can't view the app on the localhost.
$ docker run -p 8342:5000 -it jwarren:project
Hosting environment: Production
Content root path: /app
Now listening on: http://*:5000
Application started. Press Ctrl+C to shut down.
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98cc4aed7586 jwarren:project "dotnet run" 8 minutes ago Up 8 minutes 0.0.0.0:8342->5000/tcp naughty_brattain
I've tried several different recommendations that I found on the web, but none have helped so far. However, my knowledge of networking is very limited, so maybe I'm not fully understanding what needs to be done. I've tried accessing it with the default VM machine IP and the container IP. I understand that the port forwarding does not carry over to the container. Any assistance would be great, as this project is due on Tuesday, and this is the last road block before finishing.
I found the following post that was really helpful: How to connect to a docker container from outside the host (same network) [Windows]. Following the steps below worked perfectly:
Open Oracle VM VirtualBox Manager
Select the VM used by Docker
Click Settings -> Network Adapter 1 should (default?) be "Attached
to:NAT"
Click Advanced -> Port Forwarding Add rule: Protocol TCP, Host Port
8080, Guest Port 8080 (leave Host IP and Guest IP empty)
You should now be able to browse to your container via localhost:8080 and your-internal-ip:8080.
Started up the container (Dockerfile EXPOSES 5000):
docker run -p 8080:5000 -it jwarren:project
Was able to connect with http://localhost:8080
There are few things to consider when working with a VM networking.
Virtual Box has 3 types of networking options NAT, Bridged and Host Only.
NAT would allow your VM to access internet through your internet. But won't allow your HOST machine to access the VM
Host Only network will create a network where the VM can reach the host machine and the Host can reach the VM. No internet using this network
Bridged network will allow your VM to assign another IP from your Wifi router or the main network. This IP will allow VM to have net access as well as access to other machines on the network. This will allow even the host machine to reach the IP
Now in most cases when you want to run Docker inside a VM and access that VM using the host machine you want the VM to have both NAT and Host only bridges
Now accessing your app on port 8342 needs few things checked
seliunx, firewalld, ufw are disabled on your VM (or properly configured to allow the port)
Your VM has a host only network or bridged network
iptables -S should not show REJECT rules
Some VMs come pre-configure to only allow port 22 from external network. So you should try access the app on <hostonlyip>:8342 or <bridgedip>:8342.
If you want to test if the app is up or not you can do the following
docker inspect <containerid> | grep IPA
Get the IP from this and run the command
curl http://<containerip>:5000/
This command needs to be execute inside the VM and not on your machine. If this command doesn't work then your container is not listening on 5000. Sometimes app listen to only 127.0.0.1 inside the container. This means they will work only inside the container and not outside. The app inside the container needs to listen to 0.0.0.0
If nothing works you can try an ssh tunnel approach
ssh -L 8342:127.0.0.1:8342 user#<VMIP>
And then you should be able to access the app on localhost:8342