Container running but cannot be visited in browser - docker

I followed http://containertutorials.com/docker-compose/flask-compose.html and have a running container.
$ docker-compose up
Starting flaskcomposedockerexample_web_1
Attaching to flaskcomposedockerexample_web_1
web_1 | * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
web_1 | * Restarting with stat
web_1 | * Debugger is active!
$ docker logs d66ca374c99a
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 249-821-232
Going to browser or curl will not connect:
This site can’t be reached
127.0.0.1 refused to connect.
$ curl 127.0.0.1:5000
curl: (7) Failed to connect to 127.0.0.1 port 5000: Connection refused
Why would a container with no errors not be able to be visited?
$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 142.25.150.89.57766 stackoverflow.co.https ESTABLISHED
tcp4 0 0 142.25.150.89.56837 8.36.126.32.http ESTABLISHED
tcp4 0 0 localhost.56800 localhost.56800 ESTABLISHED
tcp4 0 0 localhost.56801 localhost.56801 ESTABLISHED
$ docker inspect d66ca374c99a
[
{
"Id": "d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73",
"Created": "2017-04-18T14:08:54.859932607Z",
"Path": "python",
"Args": [
"app.py"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 14402,
"ExitCode": 0,
"Error": "",
"StartedAt": "2017-04-18T14:09:28.342011012Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:1b3ceada8dd91e8a4403e7ee001b7a4832f72120162f8788651c3301f5ccfa89",
"ResolvConfPath": "/mnt/sda1/var/lib/docker/containers/d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73/resolv.conf",
"HostnamePath": "/mnt/sda1/var/lib/docker/containers/d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73/hostname",
"HostsPath": "/mnt/sda1/var/lib/docker/containers/d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73/hosts",
"LogPath": "/mnt/sda1/var/lib/docker/containers/d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73/d66ca374c99afb13a2bee56fa44fd73f4c39569edcf8c50f175bf5a124a57a73-json.log",
"Name": "/flaskcomposedockerexample_web_1",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/Users/cchilders/flask_compose_docker_example:/code:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"5000/tcp": [
{
"HostIp": "",
"HostPort": "5000"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": null,
"Name": "aufs"
},
"Mounts": [
{
"Type": "bind",
"Source": "/Users/cchilders/flask_compose_docker_example",
"Destination": "/code",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "d66ca374c99a",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"5000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"app.py"
],
"ArgsEscaped": true,
"Image": "flaskcomposedockerexample_web",
"Volumes": {
"/code": {}
},
"WorkingDir": "/app",
"Entrypoint": [
"python"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "3c65c28cc5926f591068f82a4d028ae50573b14ac4059ebe17b196be2185995a",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "flaskcomposedockerexample",
"com.docker.compose.service": "web",
"com.docker.compose.version": "1.11.2"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "6b4cd91f76cb21f70fc7b1b17e403f21ef790cc1e02fee5547740ac5192229fe",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"5000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "5000"
}
]
},
"SandboxKey": "/var/run/docker/netns/6b4cd91f76cb",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "e05d8bf26815734a146d6f4b1fb803b365629dfce732a2b21993970a33e54a80",
"Gateway": "162.16.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "162.16.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:bd:55:00:04",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2fd3c33ec08105cd00de10ab5555554572bac4548866239aa375e8df60ed3aa",
"EndpointID": "e05d8bf26815734a146d6f4b1fb80555559dfce732a2b21993970a33e54a80",
"Gateway": "162.16.0.1",
"IPAddress": "162.16.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:44:00:04"
}
}
}
}
]
$ netstat -tnlp
netstat: option requires an argument -- p
Usage: netstat [-AaLlnW] [-f address_family | -p protocol]
netstat [-gilns] [-f address_family]
netstat -i | -I interface [-w wait] [-abdgRtS]
netstat -s [-s] [-f address_family | -p protocol] [-w wait]
netstat -i | -I interface -s [-f address_family | -p protocol]
netstat -m [-m]
netstat -r [-Aaln] [-f address_family]
netstat -rs [-s]
$ netstat -tnpl
netstat: l: unknown or uninstrumented protocol


There are two problems. First the tutorial you are referring to has syntax error in the first line of app.py, it should be
from flask import Flask
Secondly, Docker works differently in Mac and Windows. Docker doesn't directly map the ports to the local host; instead of that Docker creates a very small Linux virtual machine which is approximately 24 mb in size and then run containers inside that this virtual machine which is also called docker machine. So instead of mapping the ports to localhost, Docker maps it to docker machine so your containers should be accessible to
http://docker_machine_ip:port_no
Instead of
http://localhost:port_no
The default docker machine IP address can be found using:
docker-machine ip dev

Related

FastAPI server running inside Docker container: Failed to connect to localhost port 8383 after 0 ms: Connection refused

I have a containerized FastAPI server that I'm trying to spin up on an EC2 instance. The container starts up fine and I see the server is running:
INFO: Started server process [7]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:8383 (Press CTRL+C to quit)
I am also able to ssh into the running instance, and can successfully curl the root page (http://localhost:8383). However, curl-ing the same endpoint (http://localhost:8383) from the host results in the Failed to connect to localhost port 8383 after 0 ms: Connection refused error. This would seem to me like the container is not actually exposing the port, but I've docker inspected the container and it lists that the port is exposed:
[
{
"Id": "b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98",
"Created": "2022-12-26T05:52:07.64024483Z",
"Path": "/bin/sh",
"Args": [
"-c",
"uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4269,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-12-26T05:52:08.146104473Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:e566997f3a37510422d9b8d0a1f8ae029908acef739a7698cc9a4f96cbb78e39",
"ResolvConfPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/hostname",
"HostsPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/hosts",
"LogPath": "/var/lib/docker/containers/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98/b33deb28c5fce8ac52bf16aaa0b6037e2ff4124a99a990e1fe3b3d754cef6d98-json.log",
"Name": "/great_wilbur",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": [
{
"Name": "nofile",
"Hard": 65536,
"Soft": 32768
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95-init/diff:/var/lib/docker/overlay2/437dd322c1bf7514439ed292f206668ac2ef9bc32d547a83fea117de1b8891cd/diff:/var/lib/docker/overlay2/33ecdfbef40d3b64accdbb7f1afeb34f388d02ea3112c199e5ccbd5d2c1c0c20/diff:/var/lib/docker/overlay2/fffd586b2f98b234d41316049b0c2aa913c8ecd5a57b7a2211713642e843bdcf/diff:/var/lib/docker/overlay2/4cc3a93536b947370eece5d8ac70e4cbd8acd638afb755affe8f2e01fa54e963/diff:/var/lib/docker/overlay2/fd3d745ac50f60030e2e31b68af2b82c756c827f4b49e2494eedcde0ddd128ab/diff:/var/lib/docker/overlay2/33503f91ec320f8c59608f126ad3a989c42a1381caa70d3064de6dcf12efdfac/diff:/var/lib/docker/overlay2/eb27f4d7a55facde479cdc9af26888718e5bd4a7b1d91fa63a764e1d1e20bb1b/diff:/var/lib/docker/overlay2/381ce07905d9c327bcbfb6f0d88749a0302e345437d2f9bdccae54fb71e7f6a7/diff:/var/lib/docker/overlay2/29f0b55df9fb5b24a59c06607a68a50166365f5642695891000dd97f20516a1d/diff:/var/lib/docker/overlay2/d18099aa9e5adf9bb6df28caa0abe604d44dabe0f31eb2c295c0b2dc0f75fd6e/diff:/var/lib/docker/overlay2/7b38671006ea070a4fcb97484b7c21c20fa39b023086bec65dc268a469f629a7/diff:/var/lib/docker/overlay2/f32dd15abece1ab3fabec84297fea1079f6f91b08362a0d222a61e7c50321615/diff:/var/lib/docker/overlay2/a8f5689625f0d78f13f5c3cd657f7a04a502c3e47f0cff4587e7dcc8668ff747/diff:/var/lib/docker/overlay2/6b4fa824255789e5d44343ea5bcf90862fe39af967d643f9f2168c4f23917210/diff:/var/lib/docker/overlay2/2a3fa1727233ff7745d6e6c8dc7a0ddffa512cb32f96d8d7fa622df6701e7931/diff:/var/lib/docker/overlay2/8fbcc58834bb2f1c5bc1985cf9aabd225207b9033b90c3d703c8c4a87fd5a16e/diff:/var/lib/docker/overlay2/b367ef9dfbe273846d6c8f407c0ccea8cb285d5435dc1fae3f7f85857fa0706c/diff:/var/lib/docker/overlay2/8d3b3ecf1826b2c141b66fb0e32a35ba3270d54dc88df38175dabe63d2830e46/diff:/var/lib/docker/overlay2/548ae9d6f5ebf520b188095efe2cb919f27a0426b32c143e5f586405fb0664b4/diff:/var/lib/docker/overlay2/35075f5f806338f0bc0e7edeaa2685258d5f4b16414842975b020e163f370742/diff:/var/lib/docker/overlay2/371e969fdbc6704d286937e954702bf73b7c915af9976ebdc31e271c2f3d78b6/diff:/var/lib/docker/overlay2/76968331d384e901ee3a3f16cc93a5ce3bd436f7dc03f6fc1e8f29ef495a1d84/diff:/var/lib/docker/overlay2/a9e99d5ffe2d4afeb344cdb14dcf643c854594778350c4cf616673644e3df17b/diff:/var/lib/docker/overlay2/15232d7ec0afec6b908daafa53883948a1724ba0d61b01fc37746487d503bc57/diff:/var/lib/docker/overlay2/514dfee88f42cd6d1d238200b0a320ee3d67ddd7ff3eebda91db2d378f06f8b4/diff",
"MergedDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/merged",
"UpperDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/diff",
"WorkDir": "/var/lib/docker/overlay2/684aa2a9d91eb41d5ccf26ef5515a989a1909d50bbba355b7dca3bc802d49d95/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "b33deb28c5fc",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"8383/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PORT=8383",
"API_KEY=113631f4-d72a-4290-ba9e-f62a566fa689",
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568",
"PYTHON_VERSION=3.9.16",
"PYTHON_PIP_VERSION=22.0.4",
"PYTHON_SETUPTOOLS_VERSION=58.1.0",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66030fa03382b4914d4c4d0896961a0bdeeeb274/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=1e501cf004eac1b7eb1f97266d28f995ae835d30250bec7f8850562703067dc6"
],
"Cmd": [
"/bin/sh",
"-c",
"uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app"
],
"Image": "<my-image>:<version>",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "ae7182ddcb5da4667f5964337e7d8c8b63b9eb90d3852c17bcba50f22aa79b8e",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8383/tcp": null
},
"SandboxKey": "/var/run/docker/netns/ae7182ddcb5d",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "6bbf108cedee5f05ae30b9f3bf98b49a30252c1829b118024993f99242c0d64b",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ec570411e1b31a214509d625551344fe7534e1c3eddd6cb349ff75249bbd1822",
"EndpointID": "6bbf108cedee5f05ae30b9f3bf98b49a30252c1829b118024993f99242c0d64b",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
Components:
Docker container for server application (FastAPI)
Nginx reverse proxy
letsencrypt for https
instance created via: docker run --rm --expose 8383 <my-image>
Dockerfile
FROM python:3.9
WORKDIR /app
# RUN commands installing dependencies
COPY . .
ARG PORT=8383
ENV PORT ${PORT}
EXPOSE ${PORT}
CMD uvicorn --proxy-headers --port ${PORT} --host 0.0.0.0 app.main:app
nginx conf
server {
server_name mydomain.com;
location / {
proxy_pass http://localhost:8383;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.com;
return 404; # managed by Certbot
}

The problem was using expose instead of publish:
docker run --rm -p 8383:8383 <image-name>

docker network use host mode not working(no port expose)

This is my information:
➜ ~ docker -v
Docker version 19.03.5, build 633a0ea
➜ ~ uname -ar
Darwin Felixs-iMac.local 19.2.0 Darwin Kernel Version 19.2.0: Sat Nov 9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64 x86_64
when I create a docker with host network mode like this (which is copied from https://docs.docker.com/network/network-tutorial-host/)
docker run --rm -d --network host --name my_nginx nginx
It worked well and I can see the docker is running.
BUT THE PROBLEM IS the port isn't exposed.
when i check with lsof -i:80, there's nothing.
➜ ~ docker run --rm -d --network host --name my_nginx nginx
282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d
➜ ~ lsof -i:80
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
282fe15a16b7 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute
And i inspected the container, everything seems good:
➜ ~ docker inspect my_nginx
[
{
"Id": "282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d",
"Created": "2020-02-26T15:35:58.243963941Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2238,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-02-26T15:35:58.39452216Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:2073e0bcb60ee98548d313ead5eacbfe16d9054f8800a32bedd859922a99a6e1",
"ResolvConfPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hostname",
"HostsPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hosts",
"LogPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d-json.log",
"Name": "/my_nginx",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f-init/diff:/var/lib/docker/overlay2/587f9f458f8f0de65434971354636364ff685701fa1f8ba0ba7da4459e22540c/diff:/var/lib/docker/overlay2/1a94586d0949b8305ac14f0934a46149b31db3eb6e7125d7b2965deef318695d/diff:/var/lib/docker/overlay2/ac900d4637ed15f3337e999928ec2a9de2ef4a998f4ce53700a1dffc955d5f0e/diff",
"MergedDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/merged",
"UpperDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/diff",
"WorkDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "docker-desktop",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.17.8",
"NJS_VERSION=0.3.8",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint#nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "be4dc476e331bb8ac857ec069d0aa8383d7700ba5b917c0fed44c59d0b042c99",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "56456bd40ca98647fed01509408599accfadc7cb0f0077ea884b18fc009801b5",
"EndpointID": "e3e870245e2995fbfbae8706fa2daa19f3bf3d59d11d2f8ce2300f2b84b211e0",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
Anybody can help me ?

If you're using MacOS, then host network mode will not work on it, the reason for that is that docker-desktop uses an underlying Linux Virtual Machine to run the docker containers, so this host mode is only valid for that VM's network and not for the host(MacOS machine).
Still if you want to access a service running on your host machine(MacOS), from your docker container then you need to use the following hostname in order to connect to that service:
host.docker.internal
You'll be using the above hostname in place of localhost or 127.0.0.1.
For further discussion regarding this you check this github issue

Getting the name of the container from within the container

I would like to get the docker container name from within a container. I need this information because I am running a script from the Dockerfile as an ENTRYPOINT that needs to know the node number. I am using the --scale with docker-compose to create a cluster of my image.
I am able to get the hostname of the container which is the container ID. But is there a way to get the container name from inside the container?

Docker remote apis should work for you.
Depending on the version of your docker used appropriate version of remote api. Check this for more info.
I made use of container-inspect api to retrieve the container name.
Follow these steps:
Figure out on which port docker daemon is listening. In my case it was 2375 which is the default port.
$ netstat -anp | grep dockerd
tcp 0 0 :::2375 :::* LISTEN 7/dockerd
tcp 0 0 ::ffff:172.18.0.110:2375 ::ffff:172.18.0.1:29445 ESTABLISHED 7/dockerd
unix 2 [ ACC ] STREAM LISTENING 1242188041 7/dockerd /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 1242187193 7/dockerd /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 1242186375 7/dockerd /var/run/docker/libnetwork/79ba9bb412445c757dd4cc2fc30c1cbc7efde8482bdc4c1cf15c4ce0e4190752.sock
unix 3 [ ] STREAM CONNECTED 1242187211 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242183625 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242184185 7/dockerd
Run a container and retrieve the container name.
$ docker run -it alpine sh
/ # apk update
/ # apk add curl
/ # apk add jq
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json | jq -r ".Name"
/zen_wescoff
NOTE: Here 192.168.0.37 is the ip of my machine. Also apart from container name you can retrieve lot of information using these docker remote apis.
Sample full output of container-inspect api
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json?pretty=true
{
"Id": "3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9",
"Created": "2019-06-20T09:09:51.258807808Z",
"Path": "sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3824,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-06-20T09:09:53.341188978Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:4d90542f0623c71f1f9c11be3da23167174ac9d93731cf91912922e916bab02c",
"ResolvConfPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hostname",
"HostsPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hosts",
"LogPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9-json.log",
"Name": "/jovial_moser",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [0, 0],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"DiskQuota": 0,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": ["/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware"],
"ReadonlyPaths": ["/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger"]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39-init/diff:/var/lib/docker/overlay2/edb63c15d70f0a29c60f3725ed952dd76439bef4da8915e66ffe6ed1ecf02107/diff",
"MergedDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/merged",
"UpperDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/diff",
"WorkDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "3409974f45be",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],
"Cmd": ["sh"],
"Image": "alpine",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7f41a5043e99bb110e215ac8e13a8a2c37838b25c6a9fa985584ff458c1e52cc",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/7f41a5043e99",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "55987078c24843c830172de5c352b00c96cb3f177a349437dd7bee9bd1814e86",
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
So in-short you need to know ip for your machine and the port on which docker daemon is listening to retrieve any sort of information from within the container.
Hope this helps, let me know.

Mount the docker socket to your container:
myservice:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
Then use a lib or directly query the docker api:
curl --unix-socket /var/run/docker.sock http://localhost/containers/json
This will return an array of all the running containers which includes the field:
{ Names: ['/proj_myservice_1', '/proj_myservice_2'] }
If you've scaled your containers up and are looking to communicate with the sibling containers inside a container, docker automatically detects this if you make requests to: http://myservice{:port} from inside your container. Docker will auto-discover the container and route you to a random container.

Port published via Docker -- can't connect

I'm trying to run jupyter/jupyter-notebook in a Docker container.
#!/bin/bash
docker run --detach --name jupyter \
--publish 4000:8888 \
--volume /root/docker/jupyter:/home/jovyan \
jupyter/tensorflow-notebook start-notebook.sh --NotebookApp.password='sha1:XXXXXXX...'
However, something seems to go wrong.
root#vmd16038:~/docker# wget 0.0.0.0:4000
--2016-12-30 11:55:32-- http://0.0.0.0:4000/
Connecting to 0.0.0.0:4000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
It works when I do it from inside the container though.
root#vmd16038:~/docker# docker exec -it jupyter wget localhost:8888
--2016-12-30 10:58:54-- http://localhost:8888/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8888... connected.
HTTP request sent, awaiting response... 302 Found
Location: /tree [following]
--2016-12-30 10:58:54-- http://localhost:8888/tree
Reusing existing connection to [localhost]:8888.
HTTP request sent, awaiting response... 302 Found
Location: /login?next=%2Ftree [following]
--2016-12-30 10:58:54-- http://localhost:8888/login?next=%2Ftree
Reusing existing connection to [localhost]:8888.
HTTP request sent, awaiting response... 200 OK
Length: 5176 (5.1K) [text/html]
Saving to: ‘index.html’
index.html 100%[==========================================================>] 5.05K --.-KB/s in 0s
2016-12-30 10:58:54 (562 MB/s) - ‘index.html’ saved [5176/5176]
Output of docker ps
65edf25e4de4 jupyter/tensorflow-notebook "tini -- start-notebo" 6 minutes ago Up 6 minutes 0.0.0.0:4000->8888/tcp
What could be going wrong here? I'm quite new to Docker and I don't know how to debug this problem.
Update: As requested by #cen, docker inspect jupyter
[
{
"Id": "af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36",
"Created": "2016-12-30T11:02:33.95435373Z",
"Path": "tini",
"Args": [
"--",
"start-notebook.sh",
"--NotebookApp.password=sha1:XXXXXXXXX..."
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 21923,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-12-30T11:02:34.250859339Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:6f160f85eb62403786a30639eedd63412e8381a10d492a378c07f220e9332336",
"ResolvConfPath": "/var/lib/docker/containers/af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36/hostname",
"HostsPath": "/var/lib/docker/containers/af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36/hosts",
"LogPath": "/var/lib/docker/containers/af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36/af3f5185f0a84f151fa3889eb0f6133403b9c85838d4027a256f07b904ea9f36-json.log",
"Name": "/jupyter",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/root/docker/jupyter:/home/jovyan"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"8888/tcp": [
{
"HostIp": "127.0.0.1",
"HostPort": "4000"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "aufs",
"Data": null
},
"Mounts": [
{
"Source": "/root/docker/jupyter",
"Destination": "/home/jovyan",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "af3f5185f0a8",
"Domainname": "",
"User": "jovyan",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"8888/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"DEBIAN_FRONTEND=noninteractive",
"CONDA_DIR=/opt/conda",
"SHELL=/bin/bash",
"NB_USER=jovyan",
"NB_UID=1000",
"HOME=/home/jovyan",
"LC_ALL=en_US.UTF-8",
"LANG=en_US.UTF-8",
"LANGUAGE=en_US.UTF-8",
"XDG_CACHE_HOME=/home/jovyan/.cache/"
],
"Cmd": [
"start-notebook.sh",
"--NotebookApp.password=sha1:XXXXXXXXX..."
],
"Image": "jupyter/tensorflow-notebook",
"Volumes": null,
"WorkingDir": "/home/jovyan/work",
"Entrypoint": [
"tini",
"--"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "1101443ef853ceecafa98b81ddf5598a35af6c68dbb76ec54dcbe3d11453c467",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8888/tcp": [
{
"HostIp": "127.0.0.1",
"HostPort": "4000"
}
]
},
"SandboxKey": "/var/run/docker/netns/1101443ef853",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "331bbeaa9e0d5b447e76d87224f2685b4fdcf33ef96f3d1918093f8c3760a8e1",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:05",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "a762e41b430703ebc04210030c60988c92fcd64aa0ab224e779f2523e51de1a3",
"EndpointID": "331bbeaa9e0d5b447e76d87224f2685b4fdcf33ef96f3d1918093f8c3760a8e1",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:05"
}
}
}
}
]
And netstat -nat | grep 4000
tcp 0 0 127.0.0.1:4000 0.0.0.0:* LISTEN

0.0.0.0 means that it is listening on all IP addresses, it is not valid as a destination for sending HTTP requests. Please try the following on the Docker host machine.
$ wget localhost:4000

you are using wrong IP address wget 0.0.0.0:4000 instead of it use
localhost:4000 or eth0(IP):4000

Why is a shell within a docker container showing dmesg content from the host?

I have a docker container running Debian jessie on Ubuntu yakkety.
When within the docker (connected via ssh for instance) I am isolated from the host (which is expected). I however realized that dmesg shows me the messages for the host and not for the container. How can it have access to information of its host?
The configuration of the docker container is not special (except that it uses a specific bridge, different from docker0), in particular it does not run in any privileged mode ("Privileged": false below):
root#srv ~# docker inspect minecraft-1-8
[
{
"Id": "748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e",
"Created": "2016-12-01T15:35:05.287672787Z",
"Path": "/usr/bin/supervisord",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 28650,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-12-15T18:37:08.409564695Z",
"FinishedAt": "2016-12-15T18:37:07.457274028Z"
},
"Image": "sha256:78a2f88d47e29523503c2196ed2faaa3d1039d948d73987edc03b2abd338595d",
"ResolvConfPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hostname",
"HostsPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hosts",
"LogPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e-json.log",
"Name": "/minecraft-1-8",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "docker",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/var/lib/docker/overlay/e78ce9dbcedd6974429a4aada8f38913b7d35da41f586f203dd99a568f38b6c3/root",
"MergedDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/merged",
"UpperDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/upper",
"WorkDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/work"
}
},
"Mounts": [],
"Config": {
"Hostname": "minecraft-1-8",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/usr/bin/supervisord"
],
"Image": "minecraft",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "cf411634babad31138ab4572b9cd7306f74a54dd1baf4cd8d7706d7e7020c594",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/cf411634baba",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"docker": {
"IPAMConfig": {
"IPv4Address": "10.200.0.100"
},
"Links": null,
"Aliases": [
"748cfdfbf3fb"
],
"NetworkID": "7b20560b36032d36ffe6c0ebece6b4408355d207f4e203a2957b0434ee0afdc1",
"EndpointID": "9fa4fc914dfe76022ce0db02e48a7e7c85c57bc2a15b0b3e5d81b1f24d95f376",
"Gateway": "10.200.0.1",
"IPAddress": "10.200.0.100",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:c8:00:64"
}
}
}
}
]

In most distro's dmesg is not a privileged command. Any user can use the klogctl interface to read the kernel ring buffer.
$ id
uid=1001(matt) gid=1001(matt) groups=1001(matt)
$ dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
But can't do anything beyond read
$ dmesg -C
dmesg: klogctl failed: Operation not permitted
Which extends to Docker
$ sudo docker run debian dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
$ sudo docker run debian dmesg -C
dmesg: klogctl failed: Operation not permitted
Restricting access
You can restrict read access down to root users and those with the CAP_SYSLOG or CAP_SYS_ADMIN capabilities via /proc/sys/kernel/dmesg_restrict.
$ echo 1 > /proc/sys/kernel/dmesg_restrict
Then you should be getting a permission denied message:
$ docker run ubuntu:yakkety dmesg
dmesg: read kernel buffer failed: Operation not permitted
Running a container in privileged mode will then regain access to the hosts kernel ring buffer
$ docker run --privileged ubuntu:yakkety dmesg
[146902.131915] br-fa26f1dc96a1: port 3(veth80d3d5d) entered disabled state
...
Use sysctl to configure kernel.dmesg_restrict=1 if you need it permanently.
Namespacing
As to why the kernel log doesn't have name spacing like other kernel areas, I think the answer is "it's difficult". There's more detail than you'd care to know in this 2012 Stepping closer to practical containers: "syslog" namespaces LWN post. I can't see any reference's to it getting any further than proposed patches: https://lwn.net/Articles/562389/ https://lwn.net/Articles/561271/. As you can see in this recent netfilter patch, they have a work around to allow rules in a container name space to use the global log.

Resources