I installed the docker-beata (https://beta.docker.com/) for osx.
Next, I created a folder with this file docker-compose.yml :
web:
image: nginx:latest
ports:
- "8080:80"
After, I used this command : docker-compose up.
Container start with success.
But the problem is to access in my container. I don't know what ip use.
I try to find ip with docker ps and docker inspect ...:
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "6342cefc977f260f0ac65cab01c223985c6a3e5d68184e98f0c2ba546cc602f9",
"EndpointID": "8bc7334eff91d159f595b7a7966a2b0659b0fe512c36ee9271b9d5a1ad39c251",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
So I try to use http://172.17.0.2:8080/ to access, but I have a ERR_CONNECTION_TIMED_OUT error.
But, if I usehttp://localhost:8080/, I can access to my container !
(But my localhost is already use by my native config on my mac, so if I want use localhost I must stop my native apache).
Why it's doesn't work with the ip ?
As #Javier-Segura mentioned, on with native Docker on Linux you should be able to hit the container via it's IP and port, so in your case http://172.17.0.2:80 - the 8080 port would be on the host IP.
With Docker for Mac Beta it does not appear to work the same way for the container. It changes a bit with every release but right now it appears you can not reach a container by ip via conventional means.
Unfortunately, due to limtations in OSX, we’re unable to route traffic
to containers, and from containers back to the host.
Your best bet is to use a different non-conflicting port as mentioned. You can use different Compose config files for different environments, so as in the example above, use 8081 for development and 8080 for production, if that is the desire. You would start Compose in production via something like docker-compose -f docker-compose.yml -f production.yml up -d where production.yml has the overrides for that environment.
When you map a port (like done with "8080:80") you are basically saying that "Forward the port 8080 on my localhost to the 80 port on the container".
Then you can access your nginx via:
http://localhost:8080
http://172.17.0.2:80/ (depending on the network configuration)
If the port 8080 is already used by apache on your mac, you can change your configuration to "8081:80" and nginx will be available on 8081
Here is one more tip to add to the good ones already provided. You can use the -p option to include IP mapping in addition to your port mapping. If you include no IP (something like -p 8080:80), then your telling docker to route traffic entering all interfaces on port 8080 to your docker internal network (172.17.0.2 in your case). This includes, but is not limited to, localhost. If you'd like this mapping to apply to only a certain IP, for example an IP dynamically assigned to your workstation through DHCP, you can specify the IP in the option as -p 10.11.12.13:8080:80 (where 10.11.12.13 is a fictional IP). Then localhost or any other interface would not be routed.
Likewise, you could use the option to restrict to localhost with -p 127.0.0.1:8080:80 so that other interface traffic is not routed to your docker container's 172.17.0.2 interface.
#pglezen is right. Providing full IP within compose file is solving the issue.
Image IP addresses that were generated by docker-compose dose not work (now) on MAC OSX.
Providing specific ip within compose file allowed to access container image:
nginx:
image: nginx:latest
ports:
- "127.0.0.1:80:80"
links:
- php-fpm
docker-compose still assigned generic 172.* IP address to image that was not accessable. But real hardcoded 127.0.0.1 was working and returns correct container response.
Related
I have installed docker desktop on my macOS, now it's running in port 8000, how can I change to another port? because I want to use the 8000 port in another application. thanks
Docker Desktop for MAC itself does not run on a port.
It's a container running on a port.
The container has an internal port (within the container) and you can map that to a port on the host.
Mapping is done with "ports" on docker-compose.
For example, the file below has port 3011 internally on the Container, and this is mapped to 80 on the host
version: "3.9"
services:
web:
build: .
container_name: "Web"
env_file:
- env.settings
ports:
- "8080:3011"
(This script is missing a Dockerfile obviously. Let me know if you want a full working example)
Suppose this is running a simple NodeJS/Express Webserver.
If you are in the container, then access that Webserver on port 3011.
But on your host the Webserver is accessed on port 8080.
I tried to run this hello world app on an AWS EC2 instance with docker-compose up --build . It works as expected and is accessible remotely from the EC2 public IP when I use port 80 i.e., "80:80" as shown in the docker-compose file.
However, if I change to another port such as "5106:80", it is not accessible from a remote host using <public IPv4 address>:5106 even though it's available locally if I ssh unto the EC2 instance and try localhost:5106. Please note:
I've ensured the EC2 is in a public subnet and I have configured the security group to make the port (in this case, 5106) accept inbound traffic from my laptop.
I know it's not a problem with the hello-world app because I experience exactly the same problem with another app i.e., only port 80 works with docker-compose port mapping on EC2.
As it works with port 80 and doesn't work with port 5106 it could mean one of two possibilities:
There is an issue with your security groups. You should check you have added port 5106 in your inbound rules of your security group.
There is an issue with a firewall or antivirus that doesn't allow you to connect to web pages in different ports rather than 80 or 443. You may try if this happens with another device or on another network.
In this case, it seemed to be the latter.
Possible that the docker network needs to be deleted?
docker network rm $(docker network ls -q)
Then run docker-compose up again.
I'm new to Docker and have access an API that runs on a container.
I'm running a container via:
cp -r ./lib app/
docker-compose up -d --build app
rm -fr app/lib/*
In my docker-compose.yml I do have the ports set to:
app:
build: ./app
container_name: my-app
ports:
- "9080:8080"
- "9990:9990"
- "6000:6000"
- "9877:9877"
- "1551:1551"
And a default ip for docker-machine: 192.168.99.100
I should be able to send requests to an api via https://192.168.99.100:8080/restapicall
What am I missing? Is there any way to expose ports to localost in shell script?
Few observations.
You are using wrong port number (8080) to access restapicall, In your docker-compose file, you are exposing port 8080 to 9080 (- "9080:8080").
Why are you using https? have you got SSL certificate set-up? if not try with http.
192.168.99.100 is this docker internal IP address? if yes then use your machine IP address or localhost?
Now try with below URL.
Use localhost if you are running docker on the same machine.
http://localhost:9080/restapicall
Use machine ip address if Docker is running on different machine.
http://machine-ip-address:9080/restapicall
If this doesn't work then please share your Docker file and docker-compose file.
I want to start an Elasticsearch container in Docker. By default I see nearly everywhere something like:
docker run -d -p 9200:9200 docker.elastic.co/elasticsearch/elasticsearch:5.5.1
Now is my question: Why are we mapping the port on our host network? I understand port mapping but I don't see the big advantage of it.
In my opinion I would always do something like this:
$ docker network create logging
20aa4c7bf2d8289d8cbd485c3e384f9371eed87204625998687c61e4bad27f14
$ docker run -d --name es --net logging docker.elastic.co/elasticsearch/elasticsearch:5.5.1
And connect to the ES by using it's name (es in this case) and deploying containers in the same network. I would think my ES is more secure in its private docker network.
I see there is an advantage for port mapping when your containers which need to connect to elasticsearch aren't in the same network. But are there other advantages or why is this always shown with port mapping?
So host access is more about accessibility. If you are running docker on local machine and you want to access the app only on that machine, then host mapping is not need.
Now if you need to access this app on a external computer other than your docker host then you need to do that port mapping.
docker run -d -p 9200:9200 docker.elastic.co/elasticsearch/elasticsearch:5.5.1
This maps the host port 9200 (left side) to 9200 inside the docker (right side). The listening interface is 0.0.0.0 which means all interfaces. And hence it is accessible to to anyone how has access to this machine.
If you want to make it more secure then you do it like below
docker run -d -p 127.0.0.1:9200:9200 docker.elastic.co/elasticsearch/elasticsearch:5.5.1
This would listen on local host only. So only you can access it on the machine. But if you need to access it from some place else then you would use a SSH tunnel
ssh -L 9200:127.0.0.1:9200 <user>#<HOSTIP>
And on that machine you can access it on 127.0.0.1:9200
Next level of security is added when you use a firewall like ufw, firewalld etc.
What you did with network command
docker network create logging
Basically creates new network and isolates other docker containers from accessing it on the host. But as long as external accessibility is concerned, you still need to map it to the host port
Hope this answers your question
I'm running a CentOS-based container on Docker for Windows and trying to connect to an http service running on port 8545 of my host environment.
I've tried this, attempting a variety of suspected host names and IP addresses:
curl http://localhost:8545
But the error message I get is "curl: (7) Failed connect to localhost:8545; Connection refused"
How should I figure out what IP Address to use? Is there anything I need to configure as far as allowing the port number to be accessed from inside the container?
Localhost is not working yet I think with Docker for Windows.
There is few things you can try. First you can add EXPOSE 'portnumber' in the dockerfile so the container will listen on this port. You can also use docker run with -p 8545:8545, it will map the port of the container and the host.
To get the Ip address of the container you can use:
docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" containername
You can access the host using its ip but localhost/127.0.0.1 won't work (they will resolve to the Linux VM that is part of docker for windows). If you use the default network settings, your host should be reachable on 10.0.75.1 from your container