Im trying configure the docker daemon so i can connect to it from inside the docker containers i start..
So i changed /etc/docker/daemon.json to
{
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"]
}
So that i connect to it through the docker bridge.. However when i restart docker i get
netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3728/mysqld
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 24253/redis-server
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3756/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3634/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3756/nginx
tcp6 0 0 :::8010 :::* LISTEN 4230/apache2
tcp6 0 0 :::9200 :::* LISTEN 26824/java
tcp6 0 0 :::9300 :::* LISTEN 26824/java
tcp6 0 0 :::22 :::* LISTEN 3634/sshd
tcp6 0 0 :::2375 :::* LISTEN 1955/dockerd
So first i though the issue was the fact that it was listening on ipv6 not ipv4. and according to
Make docker use IPv4 for port binding
It should all still work but it doesnt.. When i try
telnet 172.17.0.1(docker host) 2375
it fails to connect while
telnet 172.17.0.1(docker host) 80
works. How can i connect to docker running on the host machine? Im running on Ubuntu 14.04.5 docker Version: 17.06.2-ce
You can start your containers mounting the host docker socket into your containers.
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
With this setup, Docker clients inside the containers will be using the Docker daemon from the host. Your containers will be able to build, run, push etc. using daemon running in host. Please note that with these setup everything is happening on the host, so if you start new containers they will be “sibling” containers.
EDIT
If you are using the bridge network, you can connect to any service running on host machine using host IP address.
For example, I have mysqld running on my host with IP 10.0.0.1 and from a container I can do
mysql -u user -p -h 10.0.0.1
The trick is to find out the host IP address from containers.
In Docker for Mac (I am running version 17.07.0) is as simple as connecting to the special host "docker.for.mac.localhost"
Another option is to add an alias IP to your loopback interface
sudo ifconfig lo0 alias 192.168.1.1
And then when running containers add a host for this alias IP
docker run --rm -ti --add-host host-machine:192.168.1.1 mysql:5.7 bash
With this setup, inside container you should be able to do
mysql -u user -p -h host-machine
This answer may be a bit late, but it's better late than never as we never can tell who may be experiencing similar problem. I just fixed it be disabling the unnecessary ufw rule blocking the internal communication.
Example:
sudo ufw allow from <IP address or range> to any port [desired port]
sudo ufw allow from 172.16.0.0/12 to any port 3421.
As for me, I disabled the UFW service totally using the command below.
sudo ufw disable
Related
On Ubuntu 18.04, I'm trying to install Hyperledger Cello, and during the install, I get:
make[2]: Entering directory '/home/julien/cello'
docker-compose -f bootup/docker-compose-files/docker-compose-nfs.yml up -d --no-recreate
WARNING: Found orphan containers (cello-user-dashboard, cello-operator-dashboard, cello-watchdog, cello-keycloak-server, cello-parse-server, cello-dashboard_rabbitmq, cello-mongo, cello-keycloak-mysql, cello-engine) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting cello-nfs ... error
ERROR: for cello-nfs Cannot start service nfs: driver failed programming external connectivity on endpoint cello-nfs (d1be7a4999731983a12df9f1fb6484c7adf669be7edf01c6d962856ed8a6846f): Error starting userland proxy: listen tcp 0.0.0.0:2049: bind: address already in use
ERROR: for nfs Cannot start service nfs: driver failed programming external connectivity on endpoint cello-nfs (d1be7a4999731983a12df9f1fb6484c7adf669be7edf01c6d962856ed8a6846f): Error starting userland proxy: listen tcp 0.0.0.0:2049: bind: address already in use
ERROR: Encountered errors while bringing up the project.
When trying to figure out which application is using 2049 port, I do:
➜ cello git:(master) ✗ sudo netstat -pna | grep 2049
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp6 0 0 :::2049 :::* LISTEN -
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp6 0 0 :::2049 :::* -
unix 3 [ ] STREAM CONNECTED 204951 18122/brave --type=
unix 3 [ ] STREAM CONNECTED 204950 5193/brave
But I get no app name.
I also tried to remove containers with
docker rm -f $(docker ps -aq)
like said in this post, but it didn't work.
How should I do to free this port ?
You can try :
docker stop $(docker ps -a -q)
docker ps # again to make sure containers is off
sudo lsof -i tcp:2049 # now you get and list of process running and using 2049 port find and copy PID
sudo kill -9 yout_PID
Now that the 2049 port is killed, then try start containers again...
It looks as if you have an NFS server running on your host. When you run netstat -p ... as root and you don't see a PID for a port, like this...
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp6 0 0 :::2049 :::* LISTEN -
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp6 0 0 :::2049 :::* -
...it generally means there is a kernel service bound to that port. Disabling the kernel NFS server (assuming that you're not using it) should allow you to run your container.
I have a MariaDB docker container running on Synology DS918+ and redirects traffic from container port 3306 to external port 3333
When I see how it binds to the port, it seems different than a working example I have for another service that doesn't run on docker
Working :
ash-4.3# netstat -nao | grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp6 0 0 :::5000 :::* LISTEN
Not working:
ash-4.3# netstat -nao | grep 3333
tcp6 0 0 :::3333 :::* LISTEN off (0.00/0/0)
When I try to access port 3333 from my laptop to the remote machine running docker I'm able to do so, the issue is when trying to access the machine's private IP from within the machine itself, this one fails
Any help is appreciated here
To clarify, although your docker is only binding to the ipv6 interface(“:::”) not the ipv4(“0.0.0.0”), Docker forbids a loopback connection to its docker-proxy from the host. I believe this also fails in all networking modes.
If you’re connecting from container to another container, use the container name via the docker-dns and private LAN. For example, if your MariaDB container is named “maria”, I believe docker’s DNS on 127.0.0.11 offers a lookup for the name “maria” to a 172...* ipv4 to which other containers may connect if in the same 172.{subnet}../16 as your MariaDB host. Connect to “maria” in another container and the tcp magically gets to the right place.
If you’re trying to connect from the docker host to a container, this is a problem that I have resigned to proxying off my router in a hairpin NAT to the same upnp ports that I’ve exported via External Access on Synology, which feels like a poor solution but works today.
I start a container on machine whose IP address is 47.foo.bar.bazz:
docker run -it -p 8888:8888 continuumio/miniconda3
And inside the container ,8888port is opened by a flask application:
python manage.py runserver -h 0.0.0.0 -p 8888
I can send http request to this port successfully by
curl "http://127.0.0.1:8888/api/v1/vocabulary?callback=zoo
But when I use it's IP it doesn't work, and I can't access it from remote machine either
curl "http://47.foo.bar.bazz:8888/api/v1/vocabulary?callback=zoo
Here is some information:
netstat -aptn
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::80 :::* LISTEN 9211/docker-proxy
tcp6 0 0 :::8888 :::* LISTEN 28811/docker-proxy
tcp6 0 0 :::443 :::* LISTEN 9194/docker-proxy
Btw,I can curl the 80 port successfully using the IP address.
Could anyone please point out what's wrong?How can I access it successfully from remote machine?
I figured out here. Maybe the port is blocked. On the other hand,I used nginx to forward my request form 80 to 8888.
I created a debian vm to have my docker host running on.
netstat
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
After that I setup port forwarding for port 2375 as described in many online tutorials.
Next I curl in the cmd of my windows 10 host os.
C:\Users\me>curl localhost:2375
curl: (56) Recv failure: Connection was reset
Notice that connecting to the VMs SSH port is working.
C:\Users\me>curl localhost:666
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
Protocol mismatch.
Can anybody tell me what am I missing? Do I have to kinda allow port 2375 to be called from outside where the SSH port is allowed by default?
The issue is with your docker listening IP.
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
127.0.0.1 means it is only listening for connections generated from inside the VM.
You should change your docker daemon to use 0.0.0.0:2375. Then your port forwarding would work
I have started a docker container using the command
sudo docker run -it -P -d plcdimage
The image is built using a Dockerfile which has instruction EXPOSE 8080. Container runs a jboss server with an application deployed on it. Port mappings are :
Command: sudo docker port be1837e849dc
Output: 8080/tcp -> 0.0.0.0:32771
When I try to access the web application running on jboss in the container from the mapped host port using url:
http://IPAddressOfHost:32771/
I get connection refused error. Following is the result of command "netstat -tulpn"
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::9999 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::32771 :::* LISTEN -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
I tried doing telnet hostip 32771 and it also results in connection refused.
Docker version 1.12.1
build 23cf638
What could be the possible reason for this?
Thanks in advance
I found that jboss server running inside the container was not listening on 0.0.0.0. One option to do this is, while starting the standalone server use -b 0.0.0.0.
/bin/standalone.sh -b 0.0.0.0