Develop Reference

In SWARM not able to access service from worker node

I am new to the docker world. During learning I have created the below setup:
1.Virtual machine - Ubuntu 20 running on VMware workstation 15 Player. IP - 192.168.0.106. I am able to access the internet from this VM(say it VM1) and able to ping that system from my physical system OS( Windows 10)
2.Virtual Machine - Ubuntu 20 running on VMware workstation 15 Player. IP - 192.168.0.105. I am able to access the internet from this VM(say it VM2) and able to ping that system from my physical system OS( Windows 10)
Now I have created the swarm as follows from VM1:
sudo docker swarm init --advertise-addr 192.168.0.106:2377 --listen-addr 192.168.0.106:2377
Then I added the VM2 in this swarm as follows:
sudo docker swarm join --token SWMTKN-1-4i56y47l6o4aycrmg7un21oegmfmwnllcsxaf4zxd05ggqg0zh-9qp67bejerq9dhl3f0suaauvl 192.168.0.106:2377 --advertise-addr 192.168.0.105:2377 --listen-addr 192.168.0.105:2377
After that I checked the swarm details:
sudo docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
ogka7rdjohri9elcbjjcpdlbp * ubuntumaster Ready Active Leader 19.03.12
7qu9kiprcz7oowfk2ol31k1mx ubuntuslave Ready Active 19.03.13
Then deployed the nginx service as follows from VM1:
sudo docker service create -d --name myweb1 --mode global -p9090:80 nginx:1.19.3
Service status:
sudo docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
e1o9cbm3e0t myweb1 global 2/2 nginx:1.19.3 *:9090->80/tcp
Service details:
sudo docker service ps zf6kfw7aqhag
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
egd8oliwngf3 myweb1.ogka7rdjohri9elcbjjcpdlbp nginx:1.19.3 ubuntumaster Running Running 14 minutes ago
1o4q8dlt94jj myweb1.7qu9kiprcz7oowfk2ol31k1mx nginx:1.19.3 ubuntuslave Running Running 14 minutes ago
Now I am able to access the nginx from VM1 using URL: 192.168.0.106:9090 and localhost:9090. But I am not able to access nginx from VM2 using URL: 192.168.0.105:9090 and localhost:9090. My understanding that the nginx are running on both the VMs and can be accessible on both.
in both the VM1 I am able to see the nginx container is running.
VM1 :
sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a4e13e49dfd nginx:1.19.3 "/docker-entrypoint.…" 16 minutes ago Up 15 minutes 80/tcp myweb1.ogka7rdjohri9elcbjjcpdlbp.egd8oliwngf35wwpjcieew323
VM2:
sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
999062110f0 nginx:1.19.3 "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 80/tcp myweb1.7qu9kiprcz7oowfk2ol31k1mx.1o4q8dlt94jj4uufysnhsbamd
Please guide me on this if I am doing any mistakes.
TIA,
Deb

Problem solved! it was an issue was the ip clashing. Restarted the whole systems including the VM and router to solve this issue.

How to get complete Port details of running Container

I am learning Docker as a beginner and I am finding one info confusing. Here is step details:
Pulling Image from Docker Hub
Running Image
Now, I am seeing any Half port details in CLI due to which I am not able to ger proper port ID.
But when I am running same Image through KITEMATIC and checking the status of the running container then it is showing me properly.
Please refer Screenshot below for details:
First Line in shared Pic is showing complete details of PORTs( started container in KITEMATIC)
Second-line is not showing complete.
I want to know the reason for this difference and how to resolve it.

In first line of docker ps, you publish the port using below command
docker run -it -p 32773:80 -p 32772:443 static-site
That is why you are seeing HOST_PORT->Container_PORT, to see the same response on another container you need to publish port
docker run -it --rm -p 80:80 -p 443:443 your_image
80:80 mean HostPort:ContainerPort.

Images can expose a port. This is documentation from the image creator to those using the image. It tells you which ports the application inside the container are listening on by default. When you run a container with an exposed port, but you do not publish it on the host, you'll see only the container port listed in the docker container ls. This is again only documentation at this point, no docker networking has been configured to use that container port, so docker is letting you know that inside the container that application is likely listening on that port:
$ docker run -d --name unpublished --rm nginx
63291688813a75a8d9f0d383b4fbef30e93be8e89bd22fc80c2953da65d1d5e9
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63291688813a nginx "nginx -g 'daemon of…" 41 seconds ago Up 39 seconds 80/tcp unpublished
If you publish a container to a specific port, you'll see that listed as desired:
$ docker run -d --name exact -p 8080:80 --rm nginx
10f82a87d8dce2226c030ca5f23e7983b0f60673c0ec614302dc129dad4ba86d
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
10f82a87d8dc nginx "nginx -g 'daemon of…" 14 seconds ago Up 12 seconds 0.0.0.0:8080->80/tcp exact
And it looks like kitematic is publishing all ports with the -P flag (capital) which looks at all exposed ports and maps them to unused high numbered ports:
$ docker run -d --name publish_all -P --rm nginx
982afb237756e543820810cbd6366c8fa8569a386ff581cd7edc63557004e8c4
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
982afb237756 nginx "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 0.0.0.0:32768->80/tcp publish_all
If you want the know what port was published on the host, particularly when you tell docker to use unused high numbered ports, you can query that with the port command, e.g. for the publish_all container above:
$ docker container port publish_all 80
0.0.0.0:32768
You can see the exposed ports with an inspect of the image:
$ docker image inspect nginx --format '{{json .Config.ExposedPorts}}' | jq .
{
"80/tcp": {}
}

Why docker command connects to daemon via tcp by default

Docker is configured by default to listen on socket (Ubuntu 18.04).
$ ps aux | grep docker
root 1966 0.2 0.4 1451444 69700 ?
Ssl 09:57 0:01 /usr/bin/dockerd -H fd://
--containerd=/run/containerd/containerd.sock
But when I run docker ps it raises:
$ docker ps
Cannot connect to the Docker daemon at
tcp://127.0.0.1:2375. Is the docker daemon running?
I need to specify:
$ docker -H unix:///var/run/docker.sock ps
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES 7ffd2dc852f2 jwilder/nginx-proxy
"/app/docker-entrypo…" 5 minutes ago Up 5 minutes
0.0.0.0:80->80/tcp nginx-proxy
Then works fine, but why cli wants to connect daemon by default via tcp? How to avoid that?

docker client uses DOCKER_HOST environment value if set otherwise default to unix:///var/run/docker.sock. Check if you have DOCKER_HOST environment variable set?

Container is not available on localhost in Windows Docker Toolbox

I try to connect to my container on localhost/127.0.0.1/0.0.0.0 but site can’t be reached.
Details:
$ docker run -d -p 80:80 nginx:alpine
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
d5b465ed1b18 nginx:alpine "nginx -g 'daemon of" 6 minutes ago Up 6 minutes 0.0.0.
0:80->80/tcp quizzical_swirles
798b40ceec77 10.36.7.241:5000/facileexplorer:0.3.8 "/usr/bin/supervisor" 9 minutes ago Up 9 minutes 4444/t
cp, 0.0.0.0:3838->3838/tcp, 0.0.0.0:8787->8787/tcp, 5900/tcp vigilant_banach
I followed this tutotial: https://blog.sixeyed.com/published-ports-on-windows-containers-dont-do-loopback/:
$ docker inspect --format '{{ .NetworkSettings.Networks.nat.IPAddress }}' d5b465ed1b18
<no value>
but it doesn't return port.
And I also helped myself with this guide: https://www.iancollington.com/docker-and-cisco-anyconnect-vpn/ because some of my docker images are on private registry, so I did following steps:
PATH=$PATH:"C:\Program Files\Oracle\VirtualBox"; export PATH
export DOCKER_HOST="tcp://127.0.0.1:2376"
docker-machine stop default
VBoxManage modifyvm "default" --natpf1 "docker,tcp,,2376,,2376"
docker-machine start default
alias docker='docker --tlsverify=false'
Could you help?

When you are using Docker Toolbox, running docker run -p 80:80 can be misleading. It means it will forward the port 80 of your container to the port 80 of your Docker machine, not the Windows host!
If you want to access the container through your Windows host, you also need to forward port 80 of your Docker machine to that host.
I see you are using VirtualBox, which allows you to do that by adding an entry in Settings > Network > Advanced > Port Forwarding.
Example tutorial with images: https://www.howtogeek.com/122641/how-to-forward-ports-to-a-virtual-machine-and-use-it-as-a-server/

How to access container's web application from host

I am running a site inside Docker container which exports following
https://172.17.0.2:8443/admin/ &
http://172.17.0.2:8463/users/
$ docker run -it -d --expose=8000-9900 ubuntu-java8-webapp
bf193d011fd8....
Docker PS cmd
$ docker ps -a
CONTAINER ID IMAGE COMMAND PORTS NAMES
bf193d011fd8 ubuntu-.... "/bin/bash" 8000-9900/tcp desperate_mclean
Docker ls cmd
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.100:2376 v1.10.3
Docker machine ip cmd
$ docker-machine ip default
192.168.99.100
How do I access the site? Just in case it matters, I am running docker on Mac here.

You can try and access it through the docker machine IP:
https://192.168.99.100:8443/admin
http://192.168.99.100:8463/users
But ideally, you would:
map those port to the host:
docker run -p 8443:8443 -p 8463:8463 ...
port-forward those port to your actual host through VirtualBox VM Network setting, and access the site with:
https://localhost:8443/admin
http://localhost:8463/users