Can't expose web server using docker on OSX - macos

I have a docker image that runs a webserver and I would like to access it from my local OSX, but I'm having issues.
I start the container with: docker run -p 8000:8000 <container-name>
and I can see log messages telling me that the local server is listening on localhost:8000
I am able to get a successful response from running:
docker exec <IMAGE-ID> curl "http://localhost:8000/"
Addresses I've tried on my local OSX are:
http://localhost:8000/
http://<DOCKER-IP-172.17.0.2:8000/
Neither of those work. Any suggestions?
Container is built from golang:1.8
Docker Version: Version 17.03.1-ce-mac5 (16048)
MacOS Sierra: 10.12.4
Firewall is turned off for testing purposes
I've tried the same process on Ubuntu 16.04 and no luck their either.

The newer versions of docker use vpnkit on OSX to manage the port forwarding to the containers... you should allow vpnkit through your firewall if you want to expose the container ports.
Also, in your Go code, make sure to bind to 0.0.0.0 rather than 127.0.0.1 for your webserver code.

Related

Docker Desktop on Mac issue with ssh to centos container on localhost

I know there are similar questions on the SO but many of the suggestions have not worked for me. I'm running Docker Desktop for Mac and I startup a docker container I've built that has ssh configured and running (I use these to connect to AWS, Azure etc). I startup the container with something like (the ubc/jlbase/jlbase image has ssh configure... and the following all works on a linux machine with docker0 network in place)
docker run -P --name test -d ubc/jlbase/jlbase
docker inspect test |grep IP
ping -c *the_ip_from_above*
does not connect. From what I can find, this is a known issue with Docker on Mac... but the help and links I've found don't seem to solve the problem. Can someone tell me what I've missed?
You can say that this is a know feature of Docker on Mac, not an issue. Docker on Mac is running on a virtual machine inside macOS, so the IP address you receive is the IP of the container inside the VM, not on macOS.
To address the two issues from the question:
How to enable ssh
To be able to ssh on your container, you will need to have the sshd running in the container and to publish the port 22. Check here to see how you can try this with a container that is already prepared
How to ping
Since the docker is running inside a VM, to be able to route traffic to the containers, you will need to setup the network layer to route the traffic. One approach is to create a tunnel between the VM and the machine.
This is much more complex setup and will require a help of a CNF (Conteinerized Network Function). One of the simplest CNF that was created just for this problem is soctun which creates a tunnel between the host and the docker network layer.

How do I debug a network -- probably Hyperkit caused issue -- of a Docker setup on a Mac?

Problem: Network is not routed to the host machine.
e.g.:
docker run -tip 80:8080 httpd
does NOT result in apache responding on localhost:8080 on the host machine or on docker.local:8080 or anything like that. If I try to connect from inside, the container works fine:
docker run -ti debian
curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
It seems that on the Docker side itself is everything just fine.
On docker ps you get: ... 80/tcp, 0.0.0.0:80->8080/tcp ...
Environment: New, clean OS installation - OSX Sierra 10.12.2, Docker.app Version 1.13.0 stable (plus 1.13.0. beta and 1.12.0 beta tried as well with same results).
Assumption: There is something broken in between Docker and OS. I guess that this 'something' is Hyperkit (which is like a black box for me). There might be some settings broken by build script from here: http://bigchaindb-examples.readthedocs.io/en/latest/install.html#the-docker-way which is docker-machine centric, which fact I've probably underestimated. Funny fact is also that this was a new install: this build script was the first thing I've done on it -- I don't know if the networking actually worked before.
Question: How do I diagnose this stuff. I would like to be able to trace where exactly the traffic gets lost and fix it accordingly.
Your command line has the ports reversed:
docker run -tip 8080:80 httpd
That's the host port first, with an optional interface to bind, followed by the container port. You can also see that in the docker ps output where port 80 on the host is mapped to port 8080 inside the container.
The other problem some have is the service inside the container needs to listen on all container interfaces (0.0.0.0), not the localhost interface of the container, otherwise the proxy can't forward traffic to it. However, the default settings from official images won't have this issue and your curl command shows that doesn't apply to you.

Docker localhost process not working on Windows

I am using Docker Quickstart Terminal to run a docker container. The container should work on port 8088 of localhost:
docker run -it --name myContainer -p 8088:8088
However, when I go to localhost:8088 or 127.0.0.1:8088 I can't find any process running.
This works on OSX.
Why is this not working on Windows?
I'm assuming you're using VirtualBox, since that's what is integrated with the Quickstart terminal.
The reason it doesn't work is that Windows isn't running your (Linux) containers natively, it's running them in a separate Linux-based VM. This VM is available under a different ip address than your "physical" machine, usually printed when you start the quickstart terminal:
This is the ip address you need to use in order to connect to published container ports.
One possibility is the kind of VM you are using : HyperV (Docker For Windows) or VirtualBox (Docker Toolbox).
If it is the later (which seems probable since you are using the Docker Quickstart Terminal), you need to port forward 8088 in order for your PC (localhost) to see it.
See "How do I configure docker compose to expose ports correctly?" as an example when using VirtualBox.
If localhost does not work, a docker-machine ip will show you the ip of the VM being executed.

Access Docker daemon Remote api on Docker for Mac

I'm runner Docker for OSX, and having trouble getting the Docker remote API to work.
My situation is this:
Docker daemon running natively on OSX (https://www.docker.com/products/docker#/mac, so not the boot2docker variant)
Jenkins running as docker image
No I want to use the Jenkins docker-build-step plugin to build a docker image, but I want it to use the docker daemon on the host machine, so in Jenkins settings, DOCKER_URL should be something like :2375. (Reason for this is I don't want to install docker on the jenkins container if I already have it on my host machine).
Is there a way to to this or is de Docker for Mac currently not supporting this? I tried fiddling with export DOCKER_OPTS or DOCKER_HOST options but still get a Connection refused on calling http://localhost:2375/images/json for example.
Basicly the question is more about enabling the Docker for OSX remote api, with use case calling it from a Jenkins docker container.
You could consider using socat. It solved my problem, which seem to be similar.
socat TCP-LISTEN:2375,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock &
This allows you to access your macOS host Docker API from a Docker container using: tcp://[host IP address]:2375
On macOS socat can be installed like this:
brew install socat
See here for a long discussion on this topic: Plugin: Docker fails to connect via unix:// on Mac OS X
If you already added an SSH public key to your remote server, then you can use this ssh credentials for your docker connection, too. You don't need to configure the remote api on the server for this approach.
When connecting to macOS Docker Desktop, you could use ssh (after you have enabled it on Mac)
docker -H ssh:user#192.168.64.1 images
or
export DOCKER_HOST=ssh:user#192.168.64.1
docker images
I had the same issue but with mysql. I needed to expose the port of my docker hosts on port 43306 to docker image mysql running on port 3306.
Solution:
Create your docker image with -p parameter.
Example:
#> docker run -p 0.0.0.0:43306:3306 --name mysql-5.7.23xx -e MYSQL_ROOT_PASSWORD=myrootdba -d mysql/mysql-server:5.7.23 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
Now I can connect from my host docker server on port 43306 to mysql docker image.

docker toolbox, can connect to containers launched with kitematic but not with the cli?

I have docker toolbox 1.8.2c installed on my Mac running yosemite. If I launch hello-world-nginx from the docker hub in Kitematic, I can connect to its TCP port without an issue.
When trying to do the same thing from the CLI, I can't connect. Why?
Here is what I am running on the docker CLI, which looks to me to be pretty standard:
docker run -d -i -t -P kitematic/hello-world-nginx /bin/sh
In the case above, docker ps shows that port 80 is mapped to 0.0.0.0:32769. So I try and connect on 192.168.99.100:32769 (that's my docker machine IP) and I can't connect.
I want to use the CLI so I can set the hostname/fqdn on the container, which it doesn't look like Kitematic supports. Here is another thing I tried, with the IP address of my docker machine in the args:
docker run -d -i -t -p 192.168.99.100:32769:80 -h nginx.example.com kitematic/hello-world-nginx /bin/sh
This doesn't work either.
In each case, the container starts successfully and I can attach to it with out an issue.
What am I doing wrong?
I had the same problem, but in windows 10 pro witn the same image kitematic/hello-world-nginx. Kitematic was open a wep page by default with Internet Explorer and the message was inmediatetly can't connect, later I tried with another web browers, chrome, and it worked. maybe if you try with another web browser, this problem can be solved.

Resources