Develop Reference

Concourse : Web Connection Refused

I composed Concourse on EC2 Linux (Ubuntu 22.04) and revised CONCOURSE_EXTERNAL_URL in docker-compose.yml to Elastic IP Address of EC2 Linux.
Even though secrurity group inbound and ACL allow all tcp / http /https, http://{myElasticIP}:8080/ connection refused.
(Instance is running, can ping to {myElasticIP} without fail)
This was my first time to set Concourse, so I guess something is wrong in my procedure.
Any advice would be highly appreciated.
-- command and result
$ docker-compose up -d
Starting ubuntu_concourse-db_1
Recreating ubuntu_concourse_1
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
56f8859a67ba concourse/concourse "dumb-init /usr/loca…" 24 minutes ago Restarting (1) 28 seconds ago ubuntu_concourse-web_1
307a647554eb postgres:9.5 "docker-entrypoint.s…" 24 minutes ago Up 24 minutes 5432/tcp ubuntu_concourse-db_1
Error (Fiddler):
ConnectionRefused (0x274d).
-- kernel
$ uname -r
5.15.0-1015-aws
--docker-compose.yml
version: '3'
services:
concourse-db:
image: postgres:9.5
environment:
POSTGRES_DB: concourse
POSTGRES_USER: "${CONCOURSE_POSTGRES_USER}"
POSTGRES_PASSWORD: "${CONCOURSE_POSTGRES_PASSWORD}"
PGDATA: /database
concourse-web:
image: concourse/concourse
links: [concourse-db]
command: web
depends_on: [concourse-db]
ports: ["8080:8080"]
volumes: ["./keys/web:/concourse-keys"]
restart: unless-stopped # required so that it retries until conocurse-db comes up
environment:
CONCOURSE_BASIC_AUTH_USERNAME: "${CONCOURSE_BASIC_AUTH_USERNAME}"
CONCOURSE_BASIC_AUTH_PASSWORD: "${CONCOURSE_BASIC_AUTH_PASSWORD}"
CONCOURSE_EXTERNAL_URL: "${CONCOURSE_EXTERNAL_URL}"
CONCOURSE_POSTGRES_HOST: concourse-db
CONCOURSE_POSTGRES_USER: "${CONCOURSE_POSTGRES_USER}"
CONCOURSE_POSTGRES_PASSWORD: "${CONCOURSE_POSTGRES_PASSWORD}"
CONCOURSE_POSTGRES_DATABASE: concourse
--.env
CONCOURSE_BASIC_AUTH_USERNAME=concourse
CONCOURSE_BASIC_AUTH_PASSWORD=changeme
CONCOURSE_EXTERNAL_URL=http://{myElasticIP}:8080
CONCOURSE_POSTGRES_USER=concourse
CONCOURSE_POSTGRES_PASSWORD=changeme
-- port check
$ sudo lsof -i -P -n | grep LISTEN
systemd-r 390 systemd-resolve 14u IPv4 16470 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 644 root 3u IPv4 17932 0t0 TCP *:22 (LISTEN)
sshd 644 root 4u IPv6 17943 0t0 TCP *:22 (LISTEN)

Apache Guacamole in Docker containers: Creation of WebSocket tunnel to guacd failed

I installed Apache Guacamole using Docker on a CentOS 8.1 with Docker 19.03.
I followed the steps described here:
https://guacamole.apache.org/doc/gug/guacamole-docker.html
https://www.linode.com/docs/applications/remote-desktop/remote-desktop-using-apache-guacamole-on-docker/
I started the containers like this:
# mysql container
docker run --name guacamole-mysql -e MYSQL_RANDOM_ROOT_PASSWORD=yes -e MYSQL_ONETIME_PASSWORD=yes -d mysql/mysql-server
# guacd container
docker run --name guacamole-guacd -e GUACD_LOG_LEVEL=debug -d guacamole/guacd
# guacamole container
docker run --name guacamole-guacamole --link guacamole-guacd:guacd --link guacamole-mysql:mysql -e MYSQL_DATABASE=guacamole -e MYSQL_USER=guacamole -e MYSQL_PASSWORD=password -d -p 8080:8080 guacamole/guacamole
All went fine and I was able to access the Guacamole web interface on port 8080. I configured one VNC connection to another machine on port 5900. Unfortunately when I try to use that connection I get the following error in the web interface:
"An internal error has occurred within the Guacamole server, and the connection has been terminated..."
I had a look on the logs too and in the guacamole log I found this:
docker logs --tail all -f guacamole-guacamole
...
15:54:06.262 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: End of stream while waiting for "args".
15:54:06.685 [http-nio-8080-exec-8] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: End of stream while waiting for "args".
I'm sure that the target machine (which is running the VNC server) is fine. I'm able to connect to it from both a VNC client and another older Guacamole which I installed previously (not using Docker).
My containers look ok too:
docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad62aaca5627 guacamole/guacamole "/opt/guacamole/bin/…" About an hour ago Up About an hour 0.0.0.0:8080->8080/tcp guacamole-guacamole
a46bd76234ea guacamole/guacd "/bin/sh -c '/usr/lo…" About an hour ago Up About an hour 4822/tcp guacamole-guacd
ed3a590b19d3 mysql/mysql-server "/entrypoint.sh mysq…" 2 hours ago Up 2 hours (healthy) 3306/tcp, 33060/tcp guacamole-mysql
I connected to the guacamole-guacamole container and pinged the other two containers: guacamole-mysql and guacamole-guacd. Both look fine and reachable.
docker exec -it guacamole-guacamole bash
root#ad62aaca5627:/opt/guacamole# ping guacd
PING guacd (172.17.0.2) 56(84) bytes of data.
64 bytes from guacd (172.17.0.2): icmp_seq=1 ttl=64 time=0.191 ms
64 bytes from guacd (172.17.0.2): icmp_seq=2 ttl=64 time=0.091 ms
root#ad62aaca5627:/opt/guacamole# ping mysql
PING mysql (172.17.0.3) 56(84) bytes of data.
64 bytes from mysql (172.17.0.3): icmp_seq=1 ttl=64 time=0.143 ms
64 bytes from mysql (172.17.0.3): icmp_seq=2 ttl=64 time=0.102 ms
Looks like there is a communication issue between the guacamole itself and guacd. And this is where I'm completely stuck.
EDIT
I tried on CentOS 7 and I got the same issues.
I also tried this solution https://github.com/boschkundendienst/guacamole-docker-compose as suggested by #BatchenRegev but I got the same issue again.

I've been experiencing the same issues under centos.
My only difference is that I'm hosting the database on a separate machine as this is all cloud-hosted and I want to be able to destroy/rebuild the guacamole server at will.
I ended creating a docker-compose.yml file as that seemed to work better.
Other gotcha's I came across:
make sure the guacd_hostname is the actual machine hostname and not 127.0.0.1
setting Selinux to allow httpd.
sudo setsebool -P httpd_can_network_connect
My docker-compose.yml is shown below replace all {variables} with your own and update the file if you are using a sql image as well.
version: "2"
services:
guacd:
image: "guacamole/guacd"
container_name: guacd
hostname: guacd
restart: always
volumes:
- "/data/shared/guacamole/guacd/data:/data"
- "/data/shared/guacamole/guacd/conf:/conf:ro"
expose:
- "4822"
ports:
- "4822:4822"
network_mode: bridge
guacamole:
image: "guacamole/guacamole"
container_name: guacamole
hostname: guacamole
restart: always
volumes:
- "/data/shared/guacamole/guacamole/guac-home:/data"
- "/data/shared/guacamole/guacamole/conf:/conf:ro"
expose:
- "8080"
ports:
- "8088:8080"
network_mode: bridge
environment:
- "GUACD_HOSTNAME={my_server_hostname}"
- "GUACD_PORT=4822"
- "MYSQL_PORT=3306"
- "MYSQL_DATABASE=guacamole"
- "GUACAMOLE_HOME=/data"
- "MYSQL_USER=${my_db_user}"
- "MYSQL_PASSWORD=${my_db_password}"
- "MYSQL_HOSTNAME=${my_db_hostname}"

i have the same problem on FreeBSD 12.2 - SOLUTION
Change "localhost" hostname in
/usr/local/etc/guacamole-client/guacamole.properties
to "example"
guacd-hostname: 192.168.10.10
next: /usr/local/etc/guacamole-server/guacd.conf
[server]
bind_host = 192.168.10.10
Check /etc/guacamole/guacamole.properties i have link:
guacd-hostname: 192.168.10.10
Restart:
/usr/local/etc/rc.d/guacd restart
/usr/local/etc/rc.d/tomcat9 restart
with name "localhost" i have:
11:01:48.010 [http-nio-8085-exec-3] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet - Internal error in HTTP tunnel.
I hope it will be useful to someone else - it works for me`

Docker - swarm with docker toolbox doesn't run

i applied docker tutorial to set up a swarm.
I used docker toolbox, because i'm on windows 10 Family.
i step all statements, but at the end, the statement "curl ip_adress" doesn't run. error also with access on url.
$ docker --version
Docker version 18.03.0-ce, build 0520e24302
docker-compose.yml, located in /home/docker of virtual machine called "myvm1" :
version: "3"
services:
web:
# replace username/repo:tag with your name and image details
image: 12081981/friendlyhello:part1
deploy:
replicas: 5
resources:
limits:
cpus: "0.1"
memory: 50M
restart_policy:
condition: on-failure
ports:
- "80:80"
networks:
- webnet
networks:
webnet:
swarm :
$ docker-machine ssh myvm1 "docker stack ps getstartedlab"
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
blmx8mldam52 getstartedlab_web.1 12081981/friendlyhello:part1 myvm1 Running Running 9 seconds ago
04ctl86chp6o getstartedlab_web.2 12081981/friendlyhello:part1 myvm3 Running Running 6 seconds ago
r3qyznllno9j getstartedlab_web.3 12081981/friendlyhello:part1 myvm3 Running Running 6 seconds ago
2twwicjssie9 getstartedlab_web.4 12081981/friendlyhello:part1 myvm1 Running Running 9 seconds ago
o4rk4x7bb3vm getstartedlab_web.5 12081981/friendlyhello:part1 myvm3 Running Running 6 seconds ago
result of "docker-machine ls" :
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Running tcp://192.168.99.100:2376 v18.09.0
myvm1 * virtualbox Running tcp://192.168.99.102:2376 v18.09.0
myvm3 - virtualbox Running tcp://192.168.99.103:2376 v18.09.0
test with curl
$ curl 192.168.99.102
curl: (7) Failed to connect to 192.168.99.102 port 80: Connection refused
How do i do to debug ?
I can give more information, if you want.
Thanks in advance.

Use of the routing mesh in Windows appears to be an EE only feature right now. You can monitor this docker for windows issue for more details. The current workaround is to use DNSRR internally and publish ports to the host directly instead of with the routing mesh. If you want your application to be reachable from any node in the cluster, this means you'd need to have a service on ever host in the cluster, scheduled globally, listening on the requested port. E.g.
version: "3.2"
services:
web:
# replace username/repo:tag with your name and image details
image: 12081981/friendlyhello:part1
deploy:
# global runs 1 on every node, instead of the replicated variant
mode: global
# DNSRR skips the VIP normally assigned to services
endpoint_mode: dnsrr
resources:
limits:
cpus: "0.1"
memory: 50M
restart_policy:
condition: on-failure
ports:
- target: 80
published: 80
protocol: tcp
# host publishes the port directly from the container without the routing mesh
mode: host
networks:
- webnet
networks:
webnet:

Cannot start and register the chaincode

I'm following the hyperleger fabric chaincode setup instructions: http://hyperledger-fabric.readthedocs.io/en/latest/Setup/Chaincode-setup
I'm using docker toolbox and a peer is running in one terminal (docker-compose up).
In another docker terminal I try to start and register the chaincode:
CORE_CHAINCODE_ID_NAME=mycc CORE_PEER_ADDRESS=0.0.0.0:7051 ./chaincode_example02
I get this error:
Thanks in advance!
Update: I'm using the docker-compose.yml from the docs:
membersrvc:
image: hyperledger/fabric-membersrvc
command: membersrvc
vp0:
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_VM_ENDPOINT=http://172.17.0.1:2375
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=vp0
- CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
- CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
- CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
- CORE_SECURITY_ENABLED=true
- CORE_SECURITY_ENROLLID=test_vp0
- CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT
links:
- membersrvc
command: sh -c "sleep 5; peer node start --peer-chaincodedev"
docker ps gives:
$ docker ps
CONTAINER ID IMAGE COMMAND CRE
ATED STATUS PORTS NAMES
35050760e1df hyperledger/fabric-peer "sh -c 'sleep 5; peer" 21
minutes ago Up 2 minutes option3_vp0_1
209132c7f059 hyperledger/fabric-membersrvc "membersrvc" 21
minutes ago Up 2 minutes option3_membersrvc_1
and docker-machine ls gives:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DO
CKER ERRORS
default * virtualbox Running tcp://192.168.99.109:2376 v1
.12.3
So I tried also to start and register the chaincode with:
CORE_CHAINCODE_ID_NAME=mycc CORE_PEER_ADDRESS=192.168.99.109:7051 ./chaincode_example02

It seems like your peer is not reachable at 0.0.0.0.7051 . To check if you have a peer listening on 7051 , use the command:
netstat -lnptu| grep 7051
Try setting CORE_PEER_ADDRESS to either the public or the private IP of the host instead of 0.0.0.0
Also verify that you have forwarded the port 7051 from the docker container to the host.

Docker + webdevops: "This site can’t be reached"

On a current project I use Docker. I must clarify that I am pretty inexperienced at it.
My project is a PHP/Symfony project. Until then, I used nginx:alpine and phpdocker/php-fpm to have my project running on my dev environment. However, I found these unfit to my case as my production actually uses Apache.
I found another project I'm on uses the webdevops Docker images without trouble. I want to replace the two containers listed above with a single one, the webdevops/php-apache-dev:alpine docker image.
Although the configuration between the two projects seems almost identical, my dev environment does not seem to work properly: I end up with this:
This site can’t be reached - 172.18.0.7 refused to connect.
(I also use Traefik, but the routed URI does not work any better. The error message is slightly different though: Bad Gateway).
I find myself unable to debug this. I don't even know where to look.
Below is the docker-compose.yml configuration I want to use:
version: '3.2'
services:
app:
image: webdevops/php-apache-dev:alpine
container_name: my-app
working_dir: /app
env_file: .env
environment:
WEB_DOCUMENT_ROOT: /public
WEB_DOCUMENT_INDEX: index.php
LOG_STDOUT: ./var/log/app.stdout.log
LOG_STDERR: ./var/log/app.stderr.log
# #todo list of unwanted PHP modules, cf. https://dockerfile.readthedocs.io/en/latest/content/DockerImages/dockerfiles/php-apache-dev.html#php-modules
# PHP_DISMOD:
php.error_reporting: E_ALL
PHP_DISPLAY_ERRORS: 1
PHP_POST_MAX_SIZE: 80M
PHP_UPLOAD_MAX_FILESIZE: 200M
PHP_MEMORY_LIMIT: 521M
PHP_MAX_EXECUTION_TIME: 300
PHP_DATE_TIMEZONE: Europe/Paris
volumes:
- .:/app
# - ./docker/apache2/conf.d:/opt/docker/etc/httpd/conf.d
- ~/.ssh:/home/application/.ssh:ro
- ~/.composer:/home/application/.composer
depends_on:
- elasticsearch
- database
The other containers work just as well as they did before. This one is the only one that fails.
When calling docker-compose up no error is thrown. All the logs I could find within the container remain silent. As far I as can tell, Traefik does not seem to be the problem. Here is the result of docker ps:
[/var/www/html/citizen-game]$ docker ps *[master]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e9639e7a84d webdevops/php-apache-dev:alpine "/entrypoint supervi…" 4 hours ago Up 4 hours 80/tcp, 443/tcp, 9000/tcp my-app-app
be1b90fdf768 docker.elastic.co/elasticsearch/elasticsearch:6.2.4 "/usr/local/bin/dock…" 4 hours ago Up 4 hours (healthy) 9200/tcp, 9300/tcp my-app-elasticsearch
76fb8743a12f phpmyadmin/phpmyadmin "/run.sh supervisord…" 4 hours ago Up 4 hours 80/tcp, 9000/tcp my-app-phpmyadmin
dd41b4afe267 mysql:5.7 "docker-entrypoint.s…" 4 hours ago Up 4 hours (healthy) 3306/tcp, 33060/tcp my-app-database
91893783bcb1 rabbitmq:3.7-management "docker-entrypoint.s…" 4 hours ago Up 4 hours 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp my-app-rabbitmq
63f551884bbf traefik:maroilles "/traefik --web --do…" 4 hours ago Up 4 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp
My question is, I guess: how can I debug this? Am I missing something trivial?
Edit
Here is (part of) the content of the docker-compose.override.yml file:
version: '3.2'
services:
app:
volumes:
- ~/.ssh:/home/application/.ssh
- ~/.composer:/home/application/.composer
labels:
- "traefik.backend=my-app"
- "traefik.frontend.rule=Host:my-app.docker"
- "traefik.docker.network=proxy"
networks:
- internal
- proxy
environment:
PHP_DEBUGGER: xdebug
#XDEBUG_REMOTE_HOST: <your host IP address>
XDEBUG_REMOTE_PORT: 9000
XDEBUG_REMOTE_AUTOSTART: 1
XDEBUG_REMOTE_CONNECT_BACK: 1
XDEBUG_PROFILER_ENABLE: 1
XDEBUG_PROFILER_ENABLE_TRIGGER: 1000
traefik:
image: traefik
container_name: citizen-game-traefik
command: --web --docker --docker.domain=docker --logLevel=DEBUG
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
networks:
- internal
- proxy
rabbitmq:
networks:
- internal
- proxy
networks:
proxy:
external:
name: traefik
internal:
EDIT 2:
#Mostafa
I ran the following:
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-app-app
Result is:
172.18.0.7172.19.0.5
Trying these directly from the browser fails "This site can't be reached". I suppose it was to be expected.
I ran the following from inside the container:
bash-4.4# supervisorctl status apache:apached
apache:apached RUNNING pid 13575, uptime 0:00:00
As suggested, I used ss -plant | grep 80. This does not work from within the container. Here is the result when called outside of it:
[/var/www/html/my-app]$ ss -plant | grep 80
LISTEN 0 80 127.0.0.1:3306 0.0.0.0:*
ESTAB 0 0 192.168.1.88:39360 198.252.206.25:443 users:(("chromium-browse",pid=4203,fd=80))
SYN-SENT 0 1 192.168.1.88:50680 192.241.181.178:443 users:(("chromium-browse",pid=4203,fd=41))
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:8080 *:*
I'm not sure it tells much though. I tried to install ss from inside the container with apk but:
bash-4.4# apk add ss
ERROR: unsatisfiable constraints:
ss (missing):
required by: world[ss]
EDIT 3:
Here is the result of calling netstat:
bash-4.4# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 229/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.11:32843 0.0.0.0:* LISTEN -
tcp 0 0 :::22 :::* LISTEN 229/sshd
tcp 0 0 :::9000 :::* LISTEN 225/php-fpm.conf)
bash-4.4# netstat -plant | grep httpd
(nothing)
I'm not sure how much this helps though, since my other project, that works, yields the same result n bash-4.4# netstat -plant | grep httpd. Without the grep, it includes much more lines, though.

As the output that you have posted described the exposed ports 80,443,9000 for the container from this image webdevops/php-apache-dev:alpine
Then you can access the container using its IP directly from the browser. So first you need to ensure from the following:
Check if 172.18.0.7 is the actual IP of my-app-app container, use the following command to check the IP of your running container
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-app-app
Or just docker inspect my-app-app to get all info about the container
Check the logs for my-app-app and you may need to enter the container itself and check if apache is actually running by executing the following supervisorctl command which will tell you about the status of apache service
$ supervisorctl status apache:apached
apache:apached RUNNING pid 72, uptime 0:07:43
If apache is running correctly then you should be able to browse the content using the container IP, in my case it gives me something like this as I don't have an actual application
Regarding your issue with traefik which is Bad Gateway that's because traefik itself cannot reach your backend service which is the my-app-app container in our case. you need to ensure that both traefik and my-app-app are within the same network or at least they can ping each other's IPs
Update:
Instead of ss it turns out the image contains netstat command, in order to check what port is used by apache you can do the following from inside the container:
# netstat -plant | grep httpd
tcp 0 0 :::80 :::* LISTEN 98/httpd
tcp 0 0 :::443 :::* LISTEN 98/httpd