I am trying to create an ssh connection to a docker container I built.
I can successfully access the docker container from my remote machine using:
docker exec -it <container_name> /bin/bash
In the docker container, I modified the file /etc/ssh/sshd_config by changing:
Allowroot: yes
Setting a password in my docker container I can create a ssh connection from my remote server by using:
ssh root#localhost -p 2200
(I mapped 2200:22).
This works.
However from my local machine I am trying to connect to the docker container using:
ssh root#192.168.1.33 -p 2200 and I got permission denied.
where 192.168.1.33 is the ip adress of my remote machine where my docker container is running.
Would you have any clue?
thanks :)
ssh root#192.168.1.33 -p 2200 and I got permission denied.
where 192.168.1.33 is the ip adress of my remote machine where my docker container is running.
Would you have any clue?
thanks :)
I want to create a docker container from one machine (suppose having centos) machine and then access that container from another machine(may be centos or mac). How can we do that? Is it possible with macvlan networking? If yes , what are steps? If not, what is the way?
Depends from what is your final goal. Following are some approaches (depending on what you want to achieve as final goal):
Manage container and execute bash in the container on a remote host:
Easiest way is to use the environment variable DOCKER_HOST
export DOCKER_HOST=ssh://vagrant#192.168.5.178
docker exec -ti centos_remote /bin/bash
You can find more information in this answer https://stackoverflow.com/a/51897942/2816703
Use the container as a form of virtual machine on which user can ssh:
First you will need a container that is running the sshd. You will expose the port 22 on another port on the host network. Finally you will use the ssh with -p to connect that port. Here is a working example:
$ sudo docker run -d -P --name test_sshd rastasheep/ubuntu-sshd:14.04
$ sudo docker port test_sshd 22
0.0.0.0:49154
$ ssh root#localhost -p 49154
# The password is `root`
root#test_sshd $
or if you are on a remote machine, use the host IP address xxx.xxx.xxx.xxx, to connect to the container use:
$ ssh root#xxx.xxx.xxx.xxx -p 49154
# The password is `root`
Also you can pre-select a port (in this case port 22000) and test from the host.
~# docker run -d -p 22000:22 --name test_sshd rastasheep/ubuntu-sshd:14.04
~# ssh root#<ipaddress> -p 22000
Setup a network layer (L2/L3) between the hosts:
Using macvlan is one approach. Another approach is the ipvlan. In both cases, you are converting the host network adapter to a virtual router, after which you need to setup the routes. You can find detailed explanation on this link http://networkstatic.net/configuring-macvlan-ipvlan-linux-networking/
I have a docker daemon started in the host machine listen to some ip address and port, say 10.10.10.10, and port 1234, then I start a container by invoking
sudo docker -H 10.10.10.10:1234 centos /bin/bash
Meanwhile, I have a web service runnig on the host machine, running on the port 8080. Then from inside the container, I cannot connect to this server. I tried
curl http://10.10.10.10:8080
but got an error message:
curl: (7) couldn't connect to host
But I can access the server in other machines, like http://10.10.10.11:8080
It seems that docker container cannot access the service in its own host machine? Is there anyway to fix this? Thanks
That was discussed in issue 1143 and there might be one day a --link-host option.
In the meantime, the blog post "Accessing the Docker Host Server Within a Container" lists a few option:
The Gateway Approach: netstat -nr | grep '^0\.0\.0\.0' | awk '{print $2}'
The IP Approach: boot2docker ip address is 192.168.59.103.
Although there’s no way to introspect the host’s ip address (AFAIK) you can pass this in via an environment variable:
docker#boot2docker:~$ docker run -i -t -e DOCKER_HOST=192.168.59.103 ubuntu /bin/bash
root#07561b0607f4:/# env
HOSTNAME=07561b0607f4
DOCKER_HOST=192.168.59.103
You have other options in "Network Configuration", with the virtual interface named docker0 on the host machine.
I'm running under boot2docker 1.3.1.
I have a Docker container running a web server via uwsgi --http :8080.
If I attach to the container I can browse the web site using lynx http://127.0.0.1:8080 so I know the server is working.
I ran my container with:
$ docker run -itP --expose 8080 uwsgi_app:0.2
It has the following details:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5248ad86596d uwsgi_app:0.2 "bash" 11 minutes ago Up 11 minutes 0.0.0.0:49159->8080/tcp cocky_hypatia
$ docker inspect --format '{{ .NetworkSettings.IPAddress }}' 5248ad86596d
172.17.0.107
I thought I could access that web site from my host by going to http://172.17.0.107:49159.
This does not work. I just see 'connecting...' in Chrome, getting nowhere.
What am I doing wrong?
Extending Anentropic's answer: boot2docker is the old app for Mac and Windows, docker-machine is the new one.
Firstly, list your machines:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
default * virtualbox Running tcp://192.168.99.100:2376
Then select one of the machines (the default one is called default) and:
$ docker-machine ip default
192.168.99.100
Ok, stupid me, I found the answer in the docs for boot2docker
https://docs.docker.com/installation/mac/#container-port-redirection
I needed to use the ip address of the boot2docker vm, rather than the ip of the container, i.e.
$ boot2docker ip
192.168.59.103
and I am able to browse my site from the host at http://192.168.59.103:49159/
I did not need to add any route on the host
To find the IP address of your container, you should need NO additional installs:
docker inspect <container>
This provides a wealth of info. grep it for the IPAddress.
You could use boot2docker port mapping option -L, as described here.
So, in your case it would be
boot2docker ssh -L 0.0.0.0:8080:localhost:8080
and then
docker run -it -p 8080:8080 uwsgi_app:0.2
That way, you do not have to use boot2docker's IP address: you can use localhost or your own IP address (and your docker container can be accessed from outside).
Boot2docker is outdated, but you may still have this problem on Docker for Windows or Mac, even though the same container works on Linux. One symptom is that trying to access a page on the server inside the container gives the error "didn't send any data" as opposed to "could not connect."
If so, it may be because on Win/Mac the container host has its own IP, it's not localhost as it is on linux. Try running Django on IP 0.0.0.0, meaning accept connections from all IPs, like this:
python manage.py runserver 0.0.0.0:8000
Alternatively, if you need to make sure the server only responds to local requests (such as from your local proxy like nginx, apache, or gunicorn) you can use the host IP returned by hostname -i.
And make sure you are using the -p port forwarding option correctly in the docker run command.
Assuming all is well, you should be able to access your server at http://localhost in a browser running on the host machine.
docker build -t {imagename} .
docker build -t api-rest-test .
docker run -dp {localport}:{exposeport} image:name
docker run -dp 8080:8080 api-rest-test:latest
make sure you are using the same port for yourlocalport and exposeport
then you can access your rest service in your local machine http://localhost:8080
[EDIT: original version was ignoring the -P in question]
If you want to get to the containers without having to 'publish' the port (which changes its number)
there is a good run-through here.
The key is this line:
sudo route -n add 172.17.0.0/16 172.16.0.11
which tells the Mac how to route to the private network inside the VirtualBox VM that the Docker containers are on.
Had the same issue and in my case i was using AWS EC2 instance. I was trying with the container IP which did not work. Then I used the actual public IP of the AWS host as the IP, which worked.
How to troubleshoot the issue on hosting application on local host browser
For this launch the container with below command, in my case it was:
[root#centoslab3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b81d8a0e3e1 centos:baseweb "/bin/bash" 8 minutes ago Exited (0) 24 seconds ago webtest
[root#centoslab3 ~]# docker run --name=atul -v /root/dockertest:/var/www/html -i -t -p 5000:8000 centos:baseweb /bin/bash
In the httpd configuration:
[root#adb28b08c9ed /]# cd /etc/httpd/conf
[root#adb28b08c9ed conf]# ll
total 52
-rw-r--r--. 1 root root 34419 Sep 19 15:16 httpd.conf
edit the file with the port 8000 in listner and update the container ip and port under Servername.
Restart the httpd service and you are done.
Hope this helps
I just installed Docker on mu Ubuntu 14.10 64 bit OS and I followed the steps to create the necessary certificates and keys so that I can secure my docker http remote connections. When I tried to issue the following command,
sudo docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=x.x.x.x:2376 version
I get to see the following error message:
Cannot connect to the Docker daemon. Is 'docker -d' running on this host
The -H=x.x.x.x is the host as I see when I did a ifconfig and found the host from the docker0 entry that was listed.
Please help me identify why I'm not able to do anything with my daemon.
Did you change the options on the daemon itself? Paraphrasing the docs:
You can listen on port 2376 on all network interfaces with -H tcp://0.0.0.0:2376, or on a particular network interface using its IP address: -H tcp://192.168.59.103:2376.
To do this you could edit /etc/init/docker.conf and update the DOCKER_OPTS variable
Sometime ago i had this issue :
"Cannot connect to the Docker daemon at tcp://127.0.0.1:2376. Is the docker daemon running?"
Looking an your question, you did not specify if you are working on Ubuntu WSL (Bash).
Regardless of your env configuration.
Looking for the file ".bashrc" in your
add the following to it
export DOCKER_HOST=tcp://192.168.59.103:2376
Happy Devops!