I have docker installed on Windows Server and need to access something running on the host machine. The containers are Windows containers.
All other answers I can find which state host.docker.internal, docker.for.win.localhost or docker.for.win.host.internal do not work as you cannot have 'Docker Desktop' installed on a Windows Server machine (these names do not resolve).
This is confirmed by the official Docker docs:
The host has a changing IP address (or none if you have no network
access). We recommend that you connect to the special DNS name
host.docker.internal which resolves to the internal IP address used by
the host. This is for development purpose and will not work in a
production environment outside of Docker Desktop for Windows.
So what's the alternative?
Related
I am running a docker container of python server in my computer (MacOS Catalina, the container can connect MySQL and Redis from host computer, the server is running normally, but I can't visit server on host computer), in Linux environment, we need to disable the selinux, firewall and iptables, for example, edit /etc/selinux/config
and type as below
SELINUX=disabled
SELINUXTYPE=targeted
How to disable selinux/iptables in MacOS or how to visit docker server from the Host computer, I already tried to use host.docker.internal instead of 127.0.0.1, but it doesn't work, if I use host.docker.internal in MySQL or Redis config, also failed, I only can use the really IP such as 192.168.1.45 instead of host.docker.internal or 127.0.0.1
I know there are similar questions on the SO but many of the suggestions have not worked for me. I'm running Docker Desktop for Mac and I startup a docker container I've built that has ssh configured and running (I use these to connect to AWS, Azure etc). I startup the container with something like (the ubc/jlbase/jlbase image has ssh configure... and the following all works on a linux machine with docker0 network in place)
docker run -P --name test -d ubc/jlbase/jlbase
docker inspect test |grep IP
ping -c *the_ip_from_above*
does not connect. From what I can find, this is a known issue with Docker on Mac... but the help and links I've found don't seem to solve the problem. Can someone tell me what I've missed?
You can say that this is a know feature of Docker on Mac, not an issue. Docker on Mac is running on a virtual machine inside macOS, so the IP address you receive is the IP of the container inside the VM, not on macOS.
To address the two issues from the question:
How to enable ssh
To be able to ssh on your container, you will need to have the sshd running in the container and to publish the port 22. Check here to see how you can try this with a container that is already prepared
How to ping
Since the docker is running inside a VM, to be able to route traffic to the containers, you will need to setup the network layer to route the traffic. One approach is to create a tunnel between the VM and the machine.
This is much more complex setup and will require a help of a CNF (Conteinerized Network Function). One of the simplest CNF that was created just for this problem is soctun which creates a tunnel between the host and the docker network layer.
I have set up a couple of containers that interact with each other. The main application container runs on --network = host because it queries several mySQL containers running on different ports exposed on the host network.
I am trying to hit the application on the host but get an error:
curl: (7) Failed to connect to 0.0.0.0 port 36081: Connection refused
I am working on Docker installed on MacOS.
I have read several questions that indicate that docker on MacOS runs on a VM. But what is the workaround to access the application from the host? Any way to get the IP of the said VM?
You cannot use --network=host on Mac to connect via host ports but binding to host port using -p options works.
https://docs.docker.com/docker-for-mac/networking/#/there-is-no-docker0-bridge-on-osx
I WANT TO CONNECT TO A CONTAINER FROM THE MAC
Port forwarding works
for localhost; --publish, -p, or -P all work. Ports exposed from Linux
are forwarded to the host.
Our current recommendation is to publish a port, or to connect from
another container. This is what you need to do even on Linux if the
container is on an overlay network, not a bridge network, as these are
not routed.
For your use case,
You need to create a docker network and attach both the DB and application containers to this network. Then the containers will be able to talk to each other by their name. You can also publish the application container port so that you can access it from your host.
https://docs.docker.com/network/bridge/
Instead of creating the network, attaching the containers to the network etc manually, you can use docker-compose.
https://docs.docker.com/compose/
Yesterday I installed the docker-beata (https://beta.docker.com/) for osx. So far it seems great but the links defined between containers still do not to work out of the box, e.g their respective DNS name does not seem to be resolved.
How can I change this to make the dns-name of the linked container available on the (osx/ windows)host using docker-beta?
links:
- someName
A pinata list returns the following, and a ping to docker.local fails with unknown host
🐳 hostname = docker
Hostname of the virtual machine endpoint, where container ports will be
exposed if using nat networking. Access it via 'docker.local'.
🐳 hypervisor = native (memory=8, ncpu=4)
The Docker.app includes embedded hypervisors that run the virtual machines
that power the containers. This setting allows you to control which the
default one used for Linux is.
▸ native: a version of the xhyve hypervisor that uses the MacOSX
Hypervisor.framework to run container VMs. Parameters:
memory (VM memory in gigabytes), ncpu (vCPUs)
🐳 network = hostnet (docker-ipv4=192.168.65.2, host-ipv4=192.168.65.1)
Controls how local containers can access the external network via the
MacOS X host. This includes outbound traffic as well as publishing ports
for external access to the local containers.
▸ hostnet: a mode that helps if you are using a VPN that restricts
connectivity. Activating this mode will proxy container network
packets via the Docker.app process as host socket traffic.
Parameters: docker-ipv4 (docker node), host-ipv4 (host node)
▸ nat: a mode that uses the MacOS X vmnet.framework to route container
traffic to the host network via a NAT.
🐳 filesystem = osxfs
Controls the mode by which files from the MacOS X host and the container
filesystem are shared with each other.
▸ osxfs: a FUSE-based filesystem that bidirectionally forwards OSX
filesystem events into the container.
🐳 native/port-forwarding = true
Expose container ports on the Mac, rather than the VM
▸ true: Container ports will be exposed on the Mac
▸ false: Container ports will be exposed on the VM
🐳 daemon = run 'pinata get daemon' or 'pinata set daemon [#file|-]>
JSON configuration of the local Docker daemon. Configure any custom
options you need as documented in:
https://docs.docker.com/engine/reference/commandline/daemon/. Set it
directly, or a #file or - for stdin.
Described here with the old docker https://github.com/databricks/spark-integration-tests
With boot2docker, the Docker containers will be run inside of a
VirtualBox VM, which creates some difficulties for communication
between the Mac host and the containers. Follow these instructions to
work around those issues:
Network access: Our tests currently run the SparkContext from outside
of the containers, so we need both host <-> container and container
<-> container networking to work properly. This is complicated by the
fact that boot2docker runs the containers behind a NAT in VirtualBox.
One workaround is to add a routing table entry that routes traffic to
containers to the VirtualBox VM's IP address:
sudo route -n add 172.17.0.0/16 boot2docker ip You'll have to
re-run this command if you restart your computer or assign a new IP to
the VirtualBox VM.
but this no longer works, as the docker-beata runs already in hostnet
I had this problem too, it seems to be fixed after disabling OS X firewall
I could swear I saw some documentation of an executable to whitelist instead of disabling the firewall, but I can't find it...
I have Windows 7 operating system and have set up Docker. Docker starts on the virtual machine. I create some containers on Docker and test them on the command line, for example:
curl localhost:9200
Now I want to test this container from a Windows browser
http://localhost:9200
How do I call the container, which is running on a virtual machine, from a Windows browser?
Assuming you have 'published' the service to port 9200, just use the IP address of the VM instead of localhost. To get that address, you can inspect your VM setup, or use the boot2docker command:
boot2docker ip
Then, insert that address where I have the 'x's here in your browser:
http://x.x.x.x:9200
Or map published IP address from docker container running inside boot2docker like this:
boot2docker ssh -L 0.0.0.0:9200:localhost:9200
That way, you (and others that can access your computer) can acccess it on both of the following links:
http://localhost:9200
http://<host_machine_ip>:9200