Problem: Network is not routed to the host machine.
e.g.:
docker run -tip 80:8080 httpd
does NOT result in apache responding on localhost:8080 on the host machine or on docker.local:8080 or anything like that. If I try to connect from inside, the container works fine:
docker run -ti debian
curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
It seems that on the Docker side itself is everything just fine.
On docker ps you get: ... 80/tcp, 0.0.0.0:80->8080/tcp ...
Environment: New, clean OS installation - OSX Sierra 10.12.2, Docker.app Version 1.13.0 stable (plus 1.13.0. beta and 1.12.0 beta tried as well with same results).
Assumption: There is something broken in between Docker and OS. I guess that this 'something' is Hyperkit (which is like a black box for me). There might be some settings broken by build script from here: http://bigchaindb-examples.readthedocs.io/en/latest/install.html#the-docker-way which is docker-machine centric, which fact I've probably underestimated. Funny fact is also that this was a new install: this build script was the first thing I've done on it -- I don't know if the networking actually worked before.
Question: How do I diagnose this stuff. I would like to be able to trace where exactly the traffic gets lost and fix it accordingly.
Your command line has the ports reversed:
docker run -tip 8080:80 httpd
That's the host port first, with an optional interface to bind, followed by the container port. You can also see that in the docker ps output where port 80 on the host is mapped to port 8080 inside the container.
The other problem some have is the service inside the container needs to listen on all container interfaces (0.0.0.0), not the localhost interface of the container, otherwise the proxy can't forward traffic to it. However, the default settings from official images won't have this issue and your curl command shows that doesn't apply to you.
Related
I know there are similar questions on the SO but many of the suggestions have not worked for me. I'm running Docker Desktop for Mac and I startup a docker container I've built that has ssh configured and running (I use these to connect to AWS, Azure etc). I startup the container with something like (the ubc/jlbase/jlbase image has ssh configure... and the following all works on a linux machine with docker0 network in place)
docker run -P --name test -d ubc/jlbase/jlbase
docker inspect test |grep IP
ping -c *the_ip_from_above*
does not connect. From what I can find, this is a known issue with Docker on Mac... but the help and links I've found don't seem to solve the problem. Can someone tell me what I've missed?
You can say that this is a know feature of Docker on Mac, not an issue. Docker on Mac is running on a virtual machine inside macOS, so the IP address you receive is the IP of the container inside the VM, not on macOS.
To address the two issues from the question:
How to enable ssh
To be able to ssh on your container, you will need to have the sshd running in the container and to publish the port 22. Check here to see how you can try this with a container that is already prepared
How to ping
Since the docker is running inside a VM, to be able to route traffic to the containers, you will need to setup the network layer to route the traffic. One approach is to create a tunnel between the VM and the machine.
This is much more complex setup and will require a help of a CNF (Conteinerized Network Function). One of the simplest CNF that was created just for this problem is soctun which creates a tunnel between the host and the docker network layer.
I have a docker image that runs a webserver and I would like to access it from my local OSX, but I'm having issues.
I start the container with: docker run -p 8000:8000 <container-name>
and I can see log messages telling me that the local server is listening on localhost:8000
I am able to get a successful response from running:
docker exec <IMAGE-ID> curl "http://localhost:8000/"
Addresses I've tried on my local OSX are:
http://localhost:8000/
http://<DOCKER-IP-172.17.0.2:8000/
Neither of those work. Any suggestions?
Container is built from golang:1.8
Docker Version: Version 17.03.1-ce-mac5 (16048)
MacOS Sierra: 10.12.4
Firewall is turned off for testing purposes
I've tried the same process on Ubuntu 16.04 and no luck their either.
The newer versions of docker use vpnkit on OSX to manage the port forwarding to the containers... you should allow vpnkit through your firewall if you want to expose the container ports.
Also, in your Go code, make sure to bind to 0.0.0.0 rather than 127.0.0.1 for your webserver code.
I am using Docker Quickstart Terminal to run a docker container. The container should work on port 8088 of localhost:
docker run -it --name myContainer -p 8088:8088
However, when I go to localhost:8088 or 127.0.0.1:8088 I can't find any process running.
This works on OSX.
Why is this not working on Windows?
I'm assuming you're using VirtualBox, since that's what is integrated with the Quickstart terminal.
The reason it doesn't work is that Windows isn't running your (Linux) containers natively, it's running them in a separate Linux-based VM. This VM is available under a different ip address than your "physical" machine, usually printed when you start the quickstart terminal:
This is the ip address you need to use in order to connect to published container ports.
One possibility is the kind of VM you are using : HyperV (Docker For Windows) or VirtualBox (Docker Toolbox).
If it is the later (which seems probable since you are using the Docker Quickstart Terminal), you need to port forward 8088 in order for your PC (localhost) to see it.
See "How do I configure docker compose to expose ports correctly?" as an example when using VirtualBox.
If localhost does not work, a docker-machine ip will show you the ip of the VM being executed.
In my job I working with docker and the option --net=host working like a charm forwarding the docker container ports to the machine. This allows me to adding grunt tasks that use certain ports by example:
A taks for serving my coverage report in a port 9001
A local deployed version of my app served in the port 9000
A watch live reload the port 35729
For Unit testing runner use the 9876 port
When I begin to use Docker in Mac, the first problem that i had was: The option --net=host don't work anymore.
I researched and I understand why this is not possible (Docker in Mac runs in a own virtual machine) and my momentary solution it's use the -p option for expose the ports, but this limit to me to add more and more task that use ports because i need run the explicit -p command for each port that i need expose.
Anyone with this same problem? How to dealing with this ?
Your issue is most probably that you are using dockertoolbox or dhingy/dlite or anything else providing a full-fledged linux VM, which then hosts docker to run your container inside this VM. This VM has, of course, its own network stack and own IP on the host, and thats were your tools will have issues with. The exposed ports of the container are not exposed to OSX host localhost, but rather OSX Docker-VM-ip.
To solve those issues elegantly
Expose ports to OSX localhost from the container
First, use/install docker-for-mac https://docs.docker.com/engine/installation/mac/ instead of dockertoolbox or others. Its based on a special xhyve stack which reuses your hosts network stack
when you now do docker run -p 3306:3306 percona it will bind 3306 on the osx-host-localhost, thus every other osx-tool trying to attach to localhost:3306 will work ( very useful ) just as you have been used to it when you installed mysql using brew install mysql or likewise
If you experience performance issues with code shares on OSX with docker containers, check http://docker-sync.io - it is compatible with docker-for-mac ( hint: i am biased on this one )
Export ports from the OSX-host to a containter
You do not really export anything in particular, you rather make them accessable as a whole from all containers ( all ports of the OSX-host-localhost)
If you want to attach to a port you offered on the OSX host, from within a container, e.g. during a xdebug session were your IDE listens on port 9000 on the OSX-host-localhost and the container running FPM/PHP should attach to this osx-localhost:9000 on the mac, you need to do this: https://gist.github.com/EugenMayer/3019516e5a3b3a01b6eac88190327e7c
So you create a dummy loopback ip, so you can access your OSX-host ports from without containers using 10.254.254.254:9000 - this is portable and basically gives you all you need to develop like you have used to
So one gives you the connectivity to container-exposed ports to apps running on the mac and trying to connect to localhost:port
And the second the inverse, if something in the container wants to attach to a port on the host.
One workaround, mentioned in "Bind container ports to the host" would be to use -P:
(or --publish-all=true|false) to docker run which is a blanket operation that identifies every port with an EXPOSE line in the image’s Dockerfile or --expose <port> commandline flag and maps it to a host port somewhere within an ephemeral port range.
The docker port command then needs to be used to inspect created mapping.
So if your app can use docker port <CONTAINER> to retrieve the mapped port, you can add as many containers as you want and get the mapped ports that way (without needed an "explicit -p command for each port").
Not sure if docker for mac can support bi-directional connection later https://forums.docker.com/t/will-docker-for-mac-support-bi-directional-connection-between-host-and-container-in-the-future/19871
I have two solution:
you can write a simple wrapper script and pass the port you want to expose to the script
use vagrant to start a virtual machine with network under control.
I'm new to Docker, and I can't seem to connect to any containers.
I installed Docker Toolbox. Now I'm trying to get Shipyard to work. I followed the steps inside of a Docker Quickstart Terminal. The instructions say:
Once deployed, the script will output the URL to connect along with credential information.
The Shipyard installer ended with:
Shipyard available at http://10.0.2.15:8080
Username: [elided] Password: [elided]
However, I went to http://10.0.2.15:8080 on my browser and it didn't connect.
In another Docker Quickstart Terminal, I did a docker ps to see what the container was and to get its IP Address and I got:
$ docker inspect a4755 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.8",
"IPAddress": "172.17.0.8",
I'm not sure why the IP was different, but I tried to connect to http://172.17.0.8:8080 and this didn't work either. http://localhost:8080 also failed.
This also happened when I tried to run docker-gunicorn-nginx - everything started, but I couldn't connect to the machine.
What gives?
If you read through Docker's Installation on Mac OS X you'll see that on OSX, Docker containers don't run on the host machine itself:
In a Docker installation on Linux, your physical machine is both the localhost and the Docker host. In networking, localhost means your computer. The Docker host is the computer on which the containers run.
On a typical Linux installation, the Docker client, the Docker daemon, and any containers run directly on your localhost. This means you can address ports on a Docker container using standard localhost addressing such as localhost:8000 or 0.0.0.0:8376.
[...]
In an OS X installation, the docker daemon is running inside a Linux VM called default. The default is a lightweight Linux VM made specifically to run the Docker daemon on Mac OS X. The VM runs completely from RAM, is a small ~24MB download, and boots in approximately 5s.
In OS X, the Docker host address is the address of the Linux VM. When you start the VM with docker-machine it is assigned an IP address. When you start a container, the ports on a container map to ports on the VM. To see this in practice, work through the exercises on this page.
Indeed, opening a new Docker Quickstart Terminal, I see:
docker is configured to use the default machine with IP 192.168.99.100
And, opening http://192.168.99.100:8080 takes me to Shipyard. Success!
You can try and execute this command:
docker-machine ip default
it will return some thing like:
192.168.99.100
To get port number:
docker ps
Example output (scroll right to see port mapping):
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
113346425f20 springio/spring1 "sh -c 'java $JAVA_OP" 34 minutes ago Up 34 minutes 0.0.0.0:8080->8080/tcp pensive_kirch
To verify if it is working do:
curl 192.168.99.100:8080