Develop Reference

Cant connect to docker container port of some images

Trying investigate my issue with docker container. I lost a day when I thought that issue is in nodejs code (it has server and I am trying to connect to this server).
After investigations I found interesting thing for me.
For example - Lets run some test docker image:
docker run -p 888:888 -it ubuntu:16 /bin/bash
After that, prepare and install "simple server to listen our port":
apt-get update
apt-get install -y netcat
nc -l 888
After that I going to try to telnet localhost 888 from my system and got telnet: connect to address 127.0.0.1: Connection refused. The same with nodejs image.
But if you try to use, for example, nginx container -
docker run -p 888:888 -it nginx /bin/bash
I will be successfull:
$telnet 127.0.0.1 888
Trying 127.0.0.1...
Connected to localhost.
How it is possible, what I am missing? Why I can bind and use any port in nginx but not for other images?

When you run nc -l 888, you are creating a port that is listening explicitly for IPv4 connections. If we run ss -tln, we will see:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 1 0.0.0.0:888 0.0.0.0:*
When you run telnet localhost 888 on your host, there's a good chance it's trying to connect to the IPv6 localhost address, ::1. This connection fails if you're trying to connect an IPv4-only socket.
If you explicitly use the IPv4 loopback address by typing telnet 127.0.0.1 888, it should work as expected.
If you enable IPv6 support in nc by adding the -6 parameter:
nc -6 -l 8888
Then you get a socket that listen for both IPv4 and IPv6 connections:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 1 *:888 *:*
And if you attempt to connect to this socket using telnet localhost 888, it will work as expected (as will telnet 127.0.0.1 888).
Most programs (like nginx) open multi-protocol sockets by default, so this isn't normally an issue.

Mosquitto - Unable to connect over network other than on the default port

I am running Mosquitto 1.4.8 on Ubuntu successfully on port 1883 (tested from another machine with mosquitto_sub/mosquitto_pub). However I am encountering issues when attempting to use another port eg.
mosquitto -p 1884 -c moddebug.conf
This works OK if I access it from the same machine e.g.:
mosquitto_pub -h 127.0.0.1 -p 1884
but if I attempt to connect from another machine I get an error:
mosquitto_pub -h IP_ADDRESS -t exmapleTopic -p 1884
Connection timed out
My moddebug.conf file is:
log_type all
log_dest file mosquitto2_log.log
The log does not provide any extra information:
Config loaded from mosdebug.conf.
Opening ipv4 listen socket on port 1884.
Opening ipv6 listen socket on port 1884.
mosquitto version 1.4.8 terminating
I have tried altering the firewall rules (but this did not help):
ufw allow 1884/tcp
Rules updated
Rules updated (v6)

I try strart auditbeat on my local computer through docker. However I get connection refused from elasticsearch

I start auditbeat
docker run --cap-add="AUDIT_CONTROL" --cap-add="AUDIT_READ" docker.elastic.co/beats/auditbeat:7.8.1 setup -E setup.kibana.host=localhost:5601 -E output.elasticsearch.hosts=["127.0.0.1:9300"]
but get error Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://127.0.0.1:9300: Get http://127.0.0.1:9300: dial tcp 127.0.0.1:9300: connect: connection refused] I try user also localhost in output.elasticsearch.hosts. When I sent request by curl http://127.0.0.1:9200 I get successful response from elasticsearch.
Also. Elasticsearch is deployed as docker process.

You need to use the HTTP port 9200 (the same you curl with) not the TCP port 9300
-Eoutput.elasticsearch.hosts=["host.docker.internal:9200"]
^
|
change this

Docker refusing connection on port 443

I'm setting up my AWS EC2 instance. I wanted to let that instance access via https but I get a
This is what I tried
run docker pull abiosoft/caddy
Put Caddyfile in home folder
Run mkdir -p $HOME/caddycerts; chmod ugo+rwx $HOME/caddycerts;
Run docker run -d -e "CADDYPATH=/etc/caddycerts" -v $HOME/Caddyfile:/etc/Caddyfile -v $HOME/caddycerts:/etc/caddycerts -p 443:443 abiosoft/caddy
Run docker restart *dockerName*
My Caddyfile looks like this:
some-domain-name.com {
tls myemail
proxy / 172.17.0.1:9001 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
Error: curl: (7) Failed to connect to some-domain-name.com port 443: Connection refused
EC2 instance's security group has https enabled for port 443

when you use AWS make sure that the port you are using is allowed and you have the right to use it

AWS Security group and ACL doesn't give connection refused, they silently drops the packet. From the message connection refused it seems the service isn't running or server isn't listening on port 443.
Have you tried to telnet it locally ? Does it work ?
telnet localhost 443

Error: curl: (7) Failed to connect to some-domain-name.com port 443: Connection refused
The above error message means that your web server is not running on the specified port of 443. You can simply validate via a telnet (which I see in James's answer above).
From your caddyfile it points to port 9001. The first line of the Caddyfile is always the address of the site to serve.
Without seeing the dockerfile it's hard to pinpoint, but I'd say there's nothing configured to run on 443 in your application

Getting error curl: (56) Recv failure: Connection reset by peer

I know this error has been posted before on StackOverflow and many solutions/answers are available too. But, I've already gone through all those answers and couldn't find any viable solution for me.
I'm running a Hyperledger Fabric network with single peer and orderer. Their Docker containers have exposed the following ports. 7051:7051 & 7053:7053 on peer, 7050:7050 on orderer. I'm trying to configure Prometheus to analyse the metrics by following the official documentation .
As mentioned in the documentation, I'm exposing my local machine's 9443 port to port 9443 of peer docker container by mapping it as 9443:9443 in ports section of docker-compose.yaml. When I run curl 0.0.0.0:9443, I get curl: (56) Recv failure: Connection reset by peer error.
However, when I run the command curl 0.0.0.0:9443/logspec in my peer container I get the desired result which is {"spec":"info"}. The two commands mentioned above are different but I've also tried running the command curl 0.0.0.0:9443/logspec in my local machine to which I got the same error response.
Running the command curl -v 0.0.0.0:9443 results in following response.
* About to connect() to 0.0.0.0 port 9443 (#0)
* Trying 0.0.0.0...
* Connected to 0.0.0.0 (0.0.0.0) port 9443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 0.0.0.0:9443
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
I read in many of the answers that I might be a firewall issue. But even after disabling my firewall using the command systemctl disable firewalld, it's not working.
cat etc/os-release response
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
curl --version response
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.34 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
I request you not to mark this question as duplicate as I've already gone through all the possible scenarios mentioned here.

First of all please check if there is firewall. Disable it.
Then remove the IP address provided in core.yaml file in operations tab. So that line will look like a below:
operations:
# host and port for the operations server
listenAddress: :9443
This change worked for me.