Docker not port forwarding correctly? - docker

I am trying to run a gitlab docker image, and everything is running fine except that when I navigate to the website, Port 80 results in "Connection refused", but port 8080 successfully reaches Gitlab.
However, it shows that it's forwarding from 8080 to 80 on the container:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
14b2ac3c0de6 gitlab/gitlab-ee "/assets/wrapper" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp gitlab
Here's how I'm running the container.
sudo docker run --detach \
--publish 8443:443 --publish 8080:80 --publish 2222:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ee:latest

Use --publish 80:80 if you want to access the service via port 80 on the host. Otherwise there's nothing on the host listening on port 80 and you get connection refused. Same goes for 443.
The format is
--publish <host port>:<container port>

My solution looks like this:
docker network create --subnet=172.18.0.0/16 selnet
docker run --net selnet --ip 172.18.0.2 -p 0.0.0.0:80:8080 --expose=80 hub
I am able to connect to my container with localhost:Port or 172.18.0.2:Port

Related

How to access Gitlab's metrics (Prometheus and Grafana) from Docker installation?

I installed Gitlab using Docker image on a Ubuntu virtual machine running on a MAC M1 as follows (https://hub.docker.com/r/yrzr/gitlab-ce-arm64v8):
docker run \
--detach \
--restart always \
--name gitlab-ce \
--privileged \
--memory 4096M \
--publish 22:22 \
--publish 80:80 \
--publish 443:443 \
--hostname 127.0.0.1 \
--env GITLAB_OMNIBUS_CONFIG=" \
nginx['redirect_http_to_https'] = true; "\
--volume /srv/gitlab-ce/conf:/etc/gitlab:z \
--volume /srv/gitlab-ce/logs:/var/log/gitlab:z \
--volume /srv/gitlab-ce/data:/var/opt/gitlab:z \
yrzr/gitlab-ce-arm64v8:latest
All seems to be working correctly on localhost, except that I can't access the metrics, I got unable to connect error on:
Prometheus: http://localhost:9090
Grafana: http://localhost/-/grafana
I tried enabling metrics as in the documentation, and docker exec -it gitlab-ce gitlab-ctl reconfigure
What I'm missing?
Thanks
When Gitlab uses localhost this will resolve the localhost on the container and not the host (so your Mac).
There are two options to solve this:
Use host.docker.internal instead of localhost (this resolves to the internal IP address used by the host) - see this doc for more info
Configure your container to use the host network by adding this to the docker run command: --network=host which will let your container and host to share the same network stack (however, this is not supported nu Docker Desktop for mac according to this)

Running gitlab and jenkins with https in docker swarm

Context: I want to run gitlab and jenkins in docker swarm with https. I succeeded in making them run on the default port(8080 for jenkins and 80 for gitlab with http).
My problem: is when I try to run for example gitlab on the port 443, I get nothing even though I published my container on that port and modified the external url on the "gitlab.rb" file(I've been following the official doc).
And for Jenkins it's even harder to make it run on https, it's either adding a reverse proxy or SSL certificate.
> sudo docker service create -u 0 --name jenkins_stack \
> --network devops-net --replicas 1 --publish 8443:8443 \
> --publish 50000:50000 --mount src=jenkins-volume,dst=/var/jenkins_home \
> --hostname jenkins jenkins/jenkins
>
>
> sudo docker service create -u 0 --name gitlabstack \
> --network devops-net --replicas 1 --publish 80:80 --publish 443:443 \
> --mount src=gitlab-data,dst=/var/opt/gitlab \
> --mount src=gitlab-logs,dst=/var/log/gitlab \
> --mount src=gitlab-config,dst=/etc/gitlab \
> --hostname gitlab gitlab/gitlab-ce
Above you will find the docker lines to create the services.
I'd really appreciate it, if someone can share any video or tutorial on how to run gitlab/jenkins on docker swarm with https.
I'm sorry if I've been unclear.

How can access to gitlab through docker

I'm trying to run gitlab through docker container on my web server.
I can reach my server with 192.168.80.xxx address.
here is what've done
Get gitlab image from docker
docker pull gitlab/gitlab-ce
Then run
docker run --detach \
--hostname 192.168.80.xxx \
--publish 443:443 --publish 8081:80 --publish 2289:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce
Like port 80(apache) & 22 are already used, I've changed them into 8080 and 2289
Now I go into my browser and check 192.168.80.xxx:8081 but nothing seems to work.
I was wondering "ok and what if i try to reach my container through its IP adress ?"
So I get back its address with the following line :
docker inspect 4170434ef181
And I try it http://192.17.0.2:8081, nothing too...
So guys, how can I use this container? how can I access it?
For informations my Document root path is defined like DocumentRoot "/var/apache/www" in my httpd.conf file
Cheers
--hostname 192.168.80.xxx -> usually, you define a string, not an ip adress. And this hostname is (per default) only valid inside your docker network.
If you are publishing ports 443 and 8080, you should be able to access your server at 192.168.80.xxx:8080 or 192.168.80.xxx:443 - except there are some additional firewalls?!
Is your container running (docker ps)?

Connect Nginx Docker container to 16 workers

I have an Nginx Docker container, and 16 load balanced web servers each exposing a port on the host machine, 8081-8096:
docker run -d \
--restart always \
--name "web.${name}" \
-v /srv/web/web-bundle:/bundle \
-p "${port}":80 \
kadirahq/meteord:base
My Nginx container was previously linking to the only web image, before I tried to scale:
docker run -d \
--name nginx \
--link web.1:web.1 \
-v /srv/nginx:/etc/nginx \
-v /srv/nginx/html:/usr/share/nginx/html \
-p 80:80 \
-p 443:443 \
nginx
Nginx upstream config:
upstream web {
ip_hash;
server 127.0.0.1:8081;
server 127.0.0.1:8082;
server 127.0.0.1:8083;
# ... you get the point
}
I need this Nginx image to be able to hit 127.0.0.1:8081-8096, however it doesn't appear to permit this. I don't want to make 16 --links! That seems off.
What is the proper way to do this?
You have no choice with nginx to spare the requests through a range of ports without specifying each one.
I recommend to try this out: https://github.com/jwilder/nginx-proxy
That is a nginx container that can automatically discover any other containers that need to be proxied. It reads some special env var from other containers in order to know how to proxy them.
Use --network instead of --link. As long as you put all containers in the same network, you don't need to link them. The --link is being deprecated.
docker network create mynet
docker run --network mynet ........

Docker expose port

Could I expose different docker container points to the same HTTP port on the host?
Example
docker container run --publish 80:80 -d -it --name wp wordpress
docker container run --publish 90:80 -d -it --name ci jenkins
docker container run --publish 100:80 -d -it --name gitlab gitlab/gitlab-ce
With that commands you are not using the same port at host. The nomenclature for -pis "hostPort:containerPort" so in that way you are mapping container's port 80 from all of them to your host at ports 80, 90 and 100. So no conflict at all.
Anyway, to answer to your question about possible conflicting. In first instance, your commands should be:
docker container run --publish 80:80 -d -it --name wp wordpress
docker container run --publish 80:80 -d -it --name ci jenkins
docker container run --publish 80:80 -d -it --name gitlab gitlab/gitlab-ce
In this way, you can do that commands but you'll probably get an error saying Bind for 0.0.0.0:80 failed: port is already allocated..
Anyway, in the hypothetical case of docker allowing that without an error...
The first one you map is which is going to work because on "docker run" command there are iptables commands for openning ports from container to host, and iptables rules work in "first matching is which works" style. So you'll have 3 iptables rules in this case but the one is going to work is the first.

Resources