I'm trying to explicitly specify an IP address for my docker container in the following way:
sudo docker run -it -p 172.17.0.2:10000:10000 -p 9000:9000 -p 9090:9090 -v /home/eugene/dev/shared:/opt/shared -d eugene/dev_img_1.3
I'm getting the following error:
Error response from daemon: Cannot start container b2242e5da6e1b701ba4880f25fa8d465d5f008787b49898ad9e46eb26e417e48: port has already been allocated
I really do not care about port 10000. My goal is to have a specific container IP of my choosing, as well as to have ports 9000 and 9090 exposed to the host.
I have looked at some other questions, but did not see a clear syntax to do this
The -p argument is used to forward ports from the container to the host, not for assigning IPs.
There is no easy way to assign a fixed IP to a Docker container and I would strongly advise you not to try. Instead re-architect your system so that it isn't dependent on a fixed IP. If this really isn't possible, I think you can choose an IP by using the LXC execution driver and various flags, but I would strongly recommend against this.
You can assign a fixed ip using pipework, but it's not "the docker way". I would agree with Adrian. Re-design away from fixed IP's.
This can be done in different ways.
You can edit your system-wide Docker server settings (by editing DOCKER_OPTS in /etc/default/docker) and add the option --ip=IP_ADDRESS in Ubuntu and then restart your server. If you are using only 1 docker container and want to have dockers IP same as your host, start the docker container using --net=host flag to set the container to have the host machine IP address.
Other way is to have these options configured at server startup(by editing DOCKER_OPTS in /etc/default/docker):
--bip=CIDR — to supply a specific IP address and netmask for the "docker0" bridge, using standard notation like 192.168.1.8/23.
For example with --fixed-cidr=192.168.1.0/25, IPs for your containers will be chosen from the first half of 192.168.1.0/24 subnet. The "docker0" Ethernet bridge settings are used every time you create a new container. You are trying to bind a container's ports to a specific port using the -p flag , which will not help you in assigning a IP address to the container.
Another way to assign a IP address in any particular range(Example: 172.30.1.21/30). Stop the docker using stop docker , then use ip link and ip addr commands to set up the "bridge br0" and start docker using docker -d -b br0
Related
Trying to run a custom application container on a docker swarm node and unable to bind the port to the host IP address. It works fine in the --net=host mode. However I am unable to use host mode due to custom network requirements.
-Running the docker container in custom network mode as follows
docker run -p 14002:14002 -d --name=custom-app --net=59729515-custom-network --env-file config.env -i -t custom-app:2.2.2
-Received following error
listen tcp 172.31.140.26:14002: bind: cannot assign requested address
After reviewing docker swarm documentation and related posts here, I am thinking this IP address is the container IP address and in my scenario I may need to use the host IP address to bind while starting the container.
Any feedback on how to resolve this error would be much appreciated. Thanks!
I am experimenting about Docker-networking, I had set up a scenario as below,
Installed docker in a host-X connected over a network (host-X IP: 60.0.0.28) and run a basic docker container of ubuntu-OS (Docker Container is connected to the default docker bridge network only i.e. 172.17.0.0/16 & 172.17.0.2 is container IP). Now trying to communicate that running container from another host-Y with in the same network (host-Y IP: 60.0.0.40) in which no docker is installed.
I had added basic route in host-Y like, "ip route add 172.17.0.0/16 via 60.0.0.28 dev ens3" .
From the container i am able to ping the Host-Y & in reverse case, i am only able to ping the docker gateway "172.17.0.1" from Host-Y but not able to reach the container.
There are a wide variety of situations where the Docker-internal IP addresses just aren't useful; calling from a different host is one of them. You should totally ignore those as an implementation detail.
If you take Docker out of the picture, and run the process directly on the host, this should be straightforward: from host Y, you can call the process on host X given its DNS name and the port the server is running on.
hostY$ curl http://hostX:12345/
If the process is actually running in a Docker container, you need to make sure you've started the container with a published port. This doesn't necessarily need to match the port the process is listening on.
hostX$ docker run -p 12345:12345 imagename
Once you've done this, the process can be reached via the host's DNS name or IP address, and the published port, the same way as with a non-container server.
In normal circumstances you should not need to think about the Docker-internal IP addresses; you do not need manual ip route-setup commands like you show, and you shouldn't docker inspect or docker run --ip to find or set this detail.
Let’s assume you want to start Dockerized nginx on host X.
You’d run:
docker run --detach -p 8080:80 nginx
Then you could access your nginx instance using http://60.0.0.28:8080.
I'm tiring to create new docker container like this:
docker run -d -p5050:443 --name=free-proxy -v proxy-config:/data -e telegrammessenger/proxy:latest
this command successfully created a new container. now i want to restrict this container, to only work with host name not IP address.
i try this command:
docker run -d -ptest.com:5050:443 --name=fourth-proxy -v proxy-config:/data -e telegrammessenger/proxy:latest
but i get this error:
docker: Invalid ip address: test.com.
i just want my container only work with host name (not IP address.)
NOTE:
i want to access to my container from outside with just host name.
if the clients use IP address they cant use the proxy:
tg://proxy?server=4.2.2.4&port=5050 (not acceptable)
tg://proxy?server=test.com&port=5050 (acceptable)
Docker publishes ports at the L4 layer, it is not looking at the L7 data that could contain the hostname. The only thing you have when listening on tcp/ip ports is the port number and the network interface (represented by the ip address).
To filter by hostname, you'll need to either place this logic in your application, or setup a proxy in front of your application to do the filtering. There are several reverse proxies that could do this, including traefik, nginx, and haproxy.
This may seem trivial, but after some trial error I come to the SO community for a little help!
I create a network, call it docker-net.
I have a linux container, let's all it LC1, that has a published port of 6789 (so when created it had the parameter -p 6789:6789) and I make it join docker-net network (--network docker-net)
This works fine, through my host, I can communicate with it no problem.
I switch to the windows containers and check that LC1 is still running. It does! Amazing.
I create a container, let's call it WC1. It also publishes a port of 9000 that maps internally to 80 (-p 9000:80)
The application inside WC1 tries to connect to LC1 using the IP assigned from the network (docker inspect LC1) and I can't communicate.
There's probably a concept that I can't get my head around to.
I understand that the WC1 and LC1 have different gateways and subnets. Could that be the culprit?
Any help to get me to make that work is appreciated !
EDIT:
Here are the commands I ran for the scenario above:
docker network create docker-net
docker run -d -p 6789:6789 --name LC1 --network docker-net LC1
docker inspect LC1
The IP is 172.18.0.2
switch to the windows container
docker run -d -p 9000:80 --name WC1 WC1
In the docker network connect documentation it states that you can assign an IP to a container the same should work with docker run --network name --ip. Then use that IP to access the container.
Specify the IP address a container will use on a given network
You can specify the IP address you want to be assigned to the
container’s interface.
$ docker network connect --ip 10.10.36.122 multi-host-network
container2
I have found these:
a deleted question on serverfault about the same issue. See the cached-by-google version: Connect Windows container to Linux container running on same Docker host [closed]
an article: Run Linux and Windows Containers on Windows 10
and I think that the only way to make the 2 containers communicate is through the host and by exposing ports. For exampple LC1 will use -p [your app port]:8080 and WC1 -p [your app port]:9090.
By saying [your app port] I mean that it is up to you to decide what to use (a tcp/udp listening socket, a REST api...)
As docker evolves maybe there will be a better solution in the near future.
I wish to make two of my containers available outside of the VM host on their separate, specific IP addresses (192.168.0.222, 192.168.0.227), without port mapping. That means I wish to access any port directly on the containers by using its IP. I already have machines running in the network outside of the VM host in the range 192.168.0.1–192.168.0.221.
Is this now possible with Docker 1.10.0, and if so, how?
I'm on OS X 10.11 with docker version 1.10.0, build 590d5108 and docker-machine version 0.6.0, build e27fb87, using boot2docker/VirtualBox driver.
I have been trying to figure this out for some while, without luck, and I've read the following questions and answers:
How to assign static public IP to docker container
How to expose docker container's ip and port to outside docker host without port mapping?
How can I make other machines on my network access my Docker containers (using port mapping)?
According to Jessie Frazelle, this should now be possible.
See "IPs for all the Things"
This is so cool I can hardly stand it.
In Docker 1.10, the awesome libnetwork team added the ability to specifiy a specific IP for a container. If you want to see the pull request it’s here: docker/docker#19001.
# create a new bridge network with your subnet and gateway for your ip block
$ docker network create --subnet 203.0.113.0/24 --gateway 203.0.113.254 iptastic
# run a nginx container with a specific ip in that block
$ docker run --rm -it --net iptastic --ip 203.0.113.2 nginx
# curl the ip from any other place (assuming this is a public ip block duh)
$ curl 203.0.113.2
# BOOM golden
That does illustrate the new docker run --ip option that you now see in docker network connect.
If specified, the container's IP address(es) is reapplied when a stopped container is restarted. If the IP address is no longer available, the container fails to start.
One way to guarantee that the IP address is available is to specify an --ip-range when creating the network, and choose the static IP address(es) from outside that range. This ensures that the IP address is not given to another container while this container is not on the network.
$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
$ docker network connect --ip 172.20.128.2 multi-host-network container2
The "making accessible" part would involve, as usual, port forwarding.