I try to run command inside docker container like this:
openssl s_client -connect 127.0.0.1:4443
CONNECTED(00000003)
in the next step I try to detect ip for docker image from /etc/hosts:
172.18.0.2 aaf6fa11bc88
then I try to connect inside containers to this IP and got:
openssl s_client -connect 172.18.0.2:4443
connect: Connection refused
not sure why I could connect to 127.0.0.1 and couldn't connect by IP 172.18.0.2 which has been placed in /etc/hosts file in Docker container?
I have flashed iptables:
iptables -F and iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
There is ifconfig output:
ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:12:00:02
inet addr:172.18.0.2 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9028 errors:0 dropped:0 overruns:0 frame:0
TX packets:5038 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12755512 (12.1 MiB) TX bytes:278694 (272.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:5332 (5.2 KiB) TX bytes:5332 (5.2 KiB)
app is running inside container:
ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:01 python db_adapter.py
284 pts/0 Ss 0:00 /bin/bash
315 pts/0 R+ 0:00 ps ax
I couldnt connect to db_adapter using ip like 172.18.0.2 but could connect to 127.0.0.1 (maybe problem with db_adapter?)
There is output :
docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------
docker_db-adapter_1 python db_adapter.py Up 0.0.0.0:4443->4443/tcp
There is docker-compose file:
version: '2'
services:
fake-s3:
image: fake-s3
db-adapter:
image: db-adapter
ports:
- "4443:4443"
mail:
image: mail
volumes:
depends_on:
- fake-s3
- db-adapter
links:
- db-adapter
volumes:
mailproxy:
Your python application db-adapter binds only to localhost. That's why you can access it only via 127.0.0.1:4443 and only inside a container. You need to find a way to bind it to 0.0.0.0. After that you can access it on 172.18.0.2:4443 inside container and by 127.0.0.1:4443 from host.
Related
I'm new to docker. And currently faced one problem --
I've downloaded a sles11sp4 image from dockerhub -- https://hub.docker.com/r/darksheer/sles11sp4
And when I run it -- docker run -i -t darksheer/sles11sp4 /bin/bash -- I found there's a IP and MAC already set on it --
docker:~ # docker run -i -t darksheer/sles11sp4 /bin/bash
145636fbb570:/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:696 (696.0 b) TX bytes:0 (0.0 b)
Since this IP is not same LAN with the host( 192.168.95.66 ), I want to modify it to another IP( 192.168.95.75) to make this container visible on the network. So I tried to run it with "--ip xxxx" parameters , but failed --
docker:~ # docker run -i -t --ip 192.168.95.67 darksheer/sles11sp4 /bin/bash
29fda722cf70:/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:696 (696.0 b) TX bytes:0 (0.0 b)
Then I found there's no network card script on this image, so I can't modify it inside container --
29fda722cf70:/ # cd /etc/sysconfig/network/
29fda722cf70:/etc/sysconfig/network # ls
if-down.d if-up.d providers scripts
29fda722cf70:/etc/sysconfig/network # cd if-up.d/
29fda722cf70:/etc/sysconfig/network/if-up.d # ls
29fda722cf70:/etc/sysconfig/network/if-up.d # cd ..
29fda722cf70:/etc/sysconfig/network # cd scripts/
29fda722cf70:/etc/sysconfig/network/scripts # ls
29fda722cf70:/etc/sysconfig/network/scripts # cd ..
29fda722cf70:/etc/sysconfig/network # cd providers/
29fda722cf70:/etc/sysconfig/network/providers # ls
29fda722cf70://etc/sysconfig/network/providers # cd ../scripts/
29fda722cf70:/etc/sysconfig/network/scripts # ls
29fda722cf70:/etc/sysconfig/network/scripts #
29fda722cf70:/etc # cd /etc/udev/rules.d/
29fda722cf70:/etc/udev/rules.d # ls
Then I confused -- how to set a new IP to a container like this? Please kind help. Thanks
Regards
Eisen
I found the answer --
docker network create --subnet=192.168.97.0/24 net1
docker run --net net1 --ip 192.168.97.67 -i -t darksheer/sles11sp4 /bin/bash
6ced18aaeeb6:/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:61:43
inet addr:192.168.97.67 Bcast:192.168.97.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Host OS is Ubuntu 19.10. I've been successful in starting the FreeIPA container using docker run, but I'd like to get it working in compose. When I run docker-compose up, freeipa crashes with the following error:
IPv6 stack is enabled in the kernel but there is no interface that has
::1 address assigned. Add ::1 address resolution to 'lo' interface.
You might need to enable IPv6 on the interface 'lo' in sysctl.conf.
My current config:
freeipa:
image: freeipa/freeipa-server
command:
[
"--realm=${ROOT_DOMAIN}",
"--ds-password=${LDAP_USER_PASSWORD}",
"--admin-password=${LDAP_ADMIN_PASSWORD}",
"-U",
]
hostname: ${FREEIPA_DOMAIN}
container_name: freeipa
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.freeipa.rule=Host(`${FREEIPA_DOMAIN:?Domain for Freeipa must be set!}`)"
- "traefik.http.routers.freeipa.entrypoints=secure"
- "traefik.http.routers.freeipa.tls.certresolver=le"
networks:
- proxy
volumes:
- ${SERVICES_ROOT}/${FREEIPA_ROOT:-freeipa}/db:/data
- ${SERVICES_ROOT}/${FREEIPA_ROOT:-freeipa}/logs:/var/logs
- /sys/fs/cgroup:/sys/fs/cgroup:ro
tmpfs:
- /run
- /var/cache
- /tmp
Link to the full (very large) compose file here
I've enabled ipv6 in Docker and reloaded the daemon:
cat /etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
Following this blog post, I checked the interface configuration within a container:
$: docker run -itd ajeetraina/ubuntu-iproute bash
f549ae3efe887fe45a1594c87516b948cebbbb6916a6550d738e3271200bd9b7
$: docker exec -it f549 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
inet6 addr: 2001:db8:1::242:ac11:2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3722 (3.7 KB) TX bytes:726 (726.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
It seems like there shouldn't be an issue with the loopback device from what I'm seeing here.
I have found the answer in an unrelated Github issue. Adding
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
to the service definition fixes the problem. I hope this helps someone!
I'm unable to connect to my dockerized webpack-dev-server from my host computer. Here's what I have so far.
1) Dockerfile documents exposed 8080 port and finishes with running the webpack-dev-server
Dockerfile:
EXPOSE 8080
CMD npm run start-dev
2) Dockerfile is built into image named 'uxframe'
Command Line:
docker build -t uxframe .
3) 'peteypablo' container is started using uxframe container. 'peteypablo' is listening to all internal IPs and publishes anything on internal port 8080 to port 8080
Command Line:
docker run --name peteypablo --rm -it -p 0.0.0.0:8080:8080 uxframe
4) Webpack Dev Server runs on port 8080 inside a docker container
package.json
"start-dev" : "webpack-dev-server --config ./config/webpack.config.dev.js --public --host 0.0.0.0 --port 8080"
5) Check to ensure 'peteypablo' container is running and port is open.
Command Line:
docker ps
Result:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
387751c35091 uxframe "/bin/sh -c 'npm run…" 2 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp peteypablo
6) Get IP Address of 'peteypablo' container
Command Line:
docker inspect peteypablo | grep IPAddress
Result:
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
7) Try to connect to 172.17.0.2:8080 in browser.
Result:
8) ** Connect to 'peteypablo' and run ifconfig to verify IP addresses. (For those following along, ifconfig requires you to install net-tools in your container. In my Dockerfile it was RUN apt-get install -qy net-tools )
Command Line:
docker exec -it peteypablo ifconfig
Result:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:792 errors:0 dropped:0 overruns:0 frame:0
TX packets:773 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157963 (154.2 KiB) TX bytes:10865419 (10.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Still unable to connect to the webpack-dev-server.
After all of this setup, I discovered I was able to connect to the webpack-dev-server using http://localhost:8080 instead of my container's IP address of http://172.17.0.2:8080.
I'm still not sure why the ip address of the docker container itself doesn't work. From what I've gathered, it seems to have to do with the virtualization needed as part of Docker for Mac.
My ISP has given me a 10 IP addresses. x.x.x.91-95 and x.x.x.161-165
I want to use 9 of them for my containers.
I have the host eth0 on x.x.x.91
So I did:
docker network create --subnet x.x.x.0/24 --gateway x.x.x.254 mynet
and then
docker run -it --net mynet --ip x.x.x.165 ubuntu /bin/bash
But I can't connect out
PING 8.8.8.8 (8.8.8.8): 56 data bytes
3 packets transmitted, 0 packets received, 100% packet loss
# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:5b:cc:d2:a5
inet addr:x.x.x.165 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1296 (1.2 KB) TX bytes:504 (504.0 B)
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 x.x.x.254 0.0.0.0 UG 0 0 0 eth0
x.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Any ideas?
Docker version 17.09.0-ce, build afdb6d4
I switched to the Macvlan driver (as suggested by Matt)
https://docs.docker.com/engine/userguide/networking/get-started-macvlan/
Here is how I run my docker container -
docker run --name docker-test-server -p 5000:5000 -p 4444:4444
Container OS - Ubuntu 14.04 LTS
Now since I have mapped 4444 of container to that of machine, I try to connect -
root#localhost:/var/repo# nc -vz 127.0.0.1 4444
Connection to 127.0.0.1 4444 port [tcp/*] succeeded!
Now I enter the shell -
docker exec -it docker-test-server /bin/bash
Successfully entering, I try to get the IP address of the machine.
root#ec919687cda8:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09
inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2227 errors:0 dropped:0 overruns:0 frame:0
TX packets:2199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:166686 (166.6 KB) TX bytes:121473 (121.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Now I come out of the container, and try to connect to the container from the machine where the container is running by providing the IP address of container found in ifconfig -
nc -vz 172.17.0.9 4444
nc: connect to 172.17.0.9 port 4444 (tcp) failed: Connection refused
Could someone, please explain me
why am I unable to connect to the machine?
What can I do to connect to the machine?
I am running a bare container that just installs ubuntu 14.04 and exposes 2 ports. Nothing fancy.
Thanks.
You need to either disable the firewall or add port to your ubuntu firewall by using sudo ufw disable or sudo ufw
I was also facing the same issue but instead of connection refused, I got timeout.