Docker private registry issue - proxy

I run private registry on UBUNTU 14.04:
docker run -d -p 5000:5000 registry
The proces appeard on my docker proces list. I wrote command : curl my-external-ip and I got this:
"\"docker-registry server\""
THE PROBLEM IS that
when I try to push image on localhost it works fine, but after I want to push to external ip (It must be available for for more people) I got this:
The push refers to a repository [MY-EXTERNAL-IP:5000/hello] (len: 1)
unable to ping registry endpoint https://MY-EXTERNAL-IP:5000/v0/
v2 ping attempt failed with error: Get https://MY-EXTERNAL-IP:5000/v2/: EOF
v1 ping attempt failed with error: Get ht*ps://MY-EXTERNAL-IP:5000/v1/_ping: EOF
I am using proxy at my company, but I added export http_proxy, https_proxy, ftp_proxy to my docker file and --insecure-registry.

It looks that your docker daemon can't access docker registry(your-external-ip) through https protocol(usually it uses 443 port).
Maybe you can check it first.
But with insecure mode, the network occured on http protocol. So you can tell you docker daemon to trust insecure-registry.
Try to run docker daemon with --insecure-registry="YOUR_EXTERNAL_IP"

It seems like your Docker daemon still doesn't understand that registry on your $EXTERNAL_IP should be accessed over HTTP rather than HTTPS. You need to be sure that daemon runs with the --insecure-registry $EXTERNAL_IP option:
ps aux | grep docker
If you'll not be able to find it there, you probably made a mistake in your DOCKER_OPTIONS.

Related

How to visit a docker service by ip address

I'm new with docker and I'm probably missing a lot, although i went through the basic documentation and I'm trying to deploy a simple Spring Boot API
I've deployed my API as a docker-spring-boot .jar file , then i installed docker and pushed it with the following commands:
sudo docker login
sudo docker tag docker-spring-boot phillalexakis/myfirstapi:01
sudo docker push phillalexakis/myfirstapi:01
Then i started the API with the docker run command:
sudo docker run -p 7777:8085 phillalexakis/myfirstapi:01
When i visit localhost:7777/hello I'm getting the desired response
This is my Dockerfile
FROM openjdk:8
ADD target/docker-spring-boot.jar docker-spring-boot.jar
EXPOSE 8085
ENTRYPOINT ["java","-jar","docker-spring-boot.jar"]
Based on this answered post this the command to get the ip address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id
So, i run it with container_name_or_id = phillalexakis/myfirstapi:01 and I'm getting this error
Template parsing error: template: :1:24: executing "" at <.NetworkSettings.Networks>: map has no entry for key "NetworkSettings"
If i manage somehow to get the IP will i be able to visit it and get the same response?
This is how i have it in my mind: ip:7777/hello
You have used the image name and not the container name.
Get the container name by executing docker ps.
The container ID is the value in the first column, the container name is the value in the last column. You can use both.
Then, when you have the IP, you will be able to access your API at IP:8085/hello, not IP:7777/hello
The port 7777 is available on the Docker Host and maps to the port 8085 on the container. If you are accessing the container directly - which you do, when you use its IP address - you need to use the port that the container exposes.
There is also another alternative:
You can give the container a name when you start it by specifying the --name parameter:
sudo docker run -p 7777:8085 --name spring_api phillalexakis/myfirstapi:01
Now, from your Docker host, you can access your API by using that name: spring_api:8085/hello
You should never need to look up that IP address, and it often isn't useful.
If you're trying to call the service from outside Docker space, you've done the right thing: use the docker run -p option to publish its port to the host, and use the name of the host to access it. If you're trying to call it from another container, create a network, make sure to run both containers with a --net option pointing at that network, and they can reach other using the other's --name as a hostname, and the container-internal port the other service is listening on (-p options have no effect and aren't required).
The Docker-internal IP address just doesn't work in a variety of common situations. If you're on a different host, it will be unreachable. If your local Docker setup uses a virtual machine (Docker Machine, Docker for Mac, minikube, ...) you can't reach the IP address directly from the host. Even if it does work, when you delete and recreate the container, it's likely to change. Looking it up as you note also requires an additional (privileged) operation, which the docker run -p path avoids.
The invocation you have matches the docker inspect documentation (as #DanielHilgarth notes, make sure to run it on the container and not the image). In the specific situation where it will work (you are on the same native-Linux host as the container) you will need to use the unmapped port, e.g. http://172.17.0.2:8085/hello.

Access a host from within a Docker container on Windows

I use Docker CE for Windows on latest Windows 10 and have built an image with a
script that runs a test against a web server.
(A litmus test suite for a WebDAV server to be exact, but I think the problem
is general.)
I run the web server on a Powershell console:
> wsgidav -p 8080 -H localhost
21:04:19.107 - <13348)> wsgidav INFO : Running WsgiDAV/3.0.0a3 Cheroot/6.4.0 Python/3.6.5
21:04:19.107 - <13348)> wsgidav INFO : Serving on http://localhost:8080 ...
From another Powershell console, I run my script in a Docker container (using FROM alpine).
The script starts and tries to access the endpoint, but does not succeed:
> docker pull mar10/litmus
> docker run --rm -p 8080:8080 mar10/litmus http://gateway.docker.internal:8080
-> running `basic':
0. init.................. FAIL (connection refused by `gateway.docker.internal' port 8080: Operation timed out)
I tried so far
Using the gateway.docker.internal hostname
using -p PORT:PORT
using --net=host
restarting the docker daemon (which interestingly sometimes also was neccessary to
fix timeouts in docker pull)
different IP addresses for the web server (127.0.0.1, localhost, 0.0.0.0, local IP)
Nothing worked so far (although the failure message may be different).
Maybe I just missed a working combination of the above, or any other trick?
FWIW, I was able to solve it by building the container with the --network host option and use a real IP of the client (instead of localhost or 0.0.0.0).
Details here: https://hub.docker.com/r/mar10/docker-litmus/

Access Docker daemon Remote api on Docker for Mac

I'm runner Docker for OSX, and having trouble getting the Docker remote API to work.
My situation is this:
Docker daemon running natively on OSX (https://www.docker.com/products/docker#/mac, so not the boot2docker variant)
Jenkins running as docker image
No I want to use the Jenkins docker-build-step plugin to build a docker image, but I want it to use the docker daemon on the host machine, so in Jenkins settings, DOCKER_URL should be something like :2375. (Reason for this is I don't want to install docker on the jenkins container if I already have it on my host machine).
Is there a way to to this or is de Docker for Mac currently not supporting this? I tried fiddling with export DOCKER_OPTS or DOCKER_HOST options but still get a Connection refused on calling http://localhost:2375/images/json for example.
Basicly the question is more about enabling the Docker for OSX remote api, with use case calling it from a Jenkins docker container.
You could consider using socat. It solved my problem, which seem to be similar.
socat TCP-LISTEN:2375,reuseaddr,fork UNIX-CONNECT:/var/run/docker.sock &
This allows you to access your macOS host Docker API from a Docker container using: tcp://[host IP address]:2375
On macOS socat can be installed like this:
brew install socat
See here for a long discussion on this topic: Plugin: Docker fails to connect via unix:// on Mac OS X
If you already added an SSH public key to your remote server, then you can use this ssh credentials for your docker connection, too. You don't need to configure the remote api on the server for this approach.
When connecting to macOS Docker Desktop, you could use ssh (after you have enabled it on Mac)
docker -H ssh:user#192.168.64.1 images
or
export DOCKER_HOST=ssh:user#192.168.64.1
docker images
I had the same issue but with mysql. I needed to expose the port of my docker hosts on port 43306 to docker image mysql running on port 3306.
Solution:
Create your docker image with -p parameter.
Example:
#> docker run -p 0.0.0.0:43306:3306 --name mysql-5.7.23xx -e MYSQL_ROOT_PASSWORD=myrootdba -d mysql/mysql-server:5.7.23 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
Now I can connect from my host docker server on port 43306 to mysql docker image.

How do I SSH to a Docker in Mac container [duplicate]

This question already has answers here:
docker: SSH access directly into container
(4 answers)
Closed 6 years ago.
I am running Docker for Mac (Version 1.12.0-rc2-beta16 (Build: 9493)).
I have pulled an image from my local repository, and used 'docker run -d' to create a container. Using 'docker ps' I obtained the 'CONTAINER ID', and then used 'docker inspect <CONTAINER_ID>| grep IPA' to obtain the IP address for the running container.
I now want to connect to the container using SSH with 'ssh root#<IP address>' but the command gives the following error: 'Operation timed out'.
Further investigation shows that I can not ping the <IP address> -> 'Request timeout for icmp_seq 0'
How can I connect to the container using SSH? What is the correct command?
UPDATE: This IS NOT a duplicate (as stated above). The entry that begins "The scenario you described" is the correct solution.
The scenario you have described is the approach that would be used on 'normal' Docker.
As Docker on Mac has been created from scratch specifically for the Mac, it has been tweaked to make it easier to use. Therefore, the IP address of the container cannot be used in this way on the Mac.
The documentation Getting Started with Docker for Mac states that:
Previous beta releases used docker as the hostname to build the URL.
From this release forward, ports are exposed on the private IP
addresses of the VM and forwarded to localhost with no other host name
set. See also, Release Notes for Beta 9.
Therefore, the correct way to SSH into a container is to spin it up on Docker for Mac using a port mapping to the SSH port (22). e.g.
docker run -d -p 2022:22 <Image Name>
And the SSH connection is instigated using this command (N.B. it uses 'localhost' on the port specified instead of having to determine and use the container's IP Address):
ssh -p 2022 root#localhost
N.B. It is NOT possible to simply map port 22 to itself i.e. '-p 22:22' as this caused the following error (at least is did for me!):
docker: Error response from daemon: driver failed programming external
connectivity on endpoint pensive_wilson
(2e832b82fc67d3e48864975c6eb02f6c099e34eee64b29634cfde286c41e00a7):
Error starting userland proxy: Failed to bind: EADDRINUSE.
To use bash prompt you could use docker exec -ti %container-name-or-id% /bin/bash. If you want to use ssh and ensure that an ssh daemon is up and running you should expose corresponding ports from the container with -p parameter like this: docker run -d -p 22:22 my_image.

How to access web page served by nginx web server running in docker container

We are trying to use docker to run nginx but for some reason I'm unable to access the nginx web server running inside the docker container.
We have booted a Docker Container using the following Dockerfile: https://github.com/dwyl/learn-docker/blob/53cca71042482ca70e03033c66d969b475c61ac2/Dockerfile
(Its a basic hello world using nginx running on port 8888)
To run the container we used:
docker run -it ubuntu bash
we determined the Container's IP address using the docker inspect command:
docker inspect --format '{{ .NetworkSettings.IPAddress }}' a9404c168b21
which is: 172.17.0.11
when I try to visit the container's IP address and the nginx port in a browser http://172.17.0.11:8888/ we get ERR_CONNECTION_TIMED_OUT
or using curl:
curl 172.17.0.11:8888
curl: (7) Failed to connect to 172.17.0.11 port 8888: Connection refused
To attempt to solve this we googled extensively but suspect we might be asking the "wrong" questions...
You shouldn't be trying to hit the IP address of the container, you should be using the IP address of the host machine.
What you are missing is the mapping of the port of the host machine to the port of the container running the nginx server.
Assuming that you want to use port 8888 on the host machine, you need a parameter such as this to map the ports:
docker run ... -p 8888:8888 ...
Then you should be able to access you server at http://<HOST_MACHINE_IP>:8888
EDIT: There is another gotcha if you are running on a Mac. To use Docker on a Mac it's common to use boot2docker but boot2docker adds in another layer. You need determine the IP address of the boot2docker container and use that instead of localhost to access nginx.
$ boot2docker ip
The VM's Host only interface IP address is: <X.X.X.X>
$ wget http://<X.X.X.X>:8888
...
Connecting to <X.X.X.X>:8888... connected.
HTTP request sent, awaiting response... 200 OK
Reference: https://viget.com/extend/how-to-use-docker-on-os-x-the-missing-guide
EDIT: ... or with docker-machine the equivalent command would be docker-machine ip <machine-name> where <machine-name> is likely to be "default".
You may need to check if your container is running:
docker ps ( you should have an active container)
If no container is active:
docker run -p 80:80 -it /bin/bash
you will then be on your image terminal
start nginx - sudo service nginx start
ctrl p + ctrl q to quit docker without exiting the container
if you are on mac and using boot2docker you cannot use localhost to check your running nginx
so use boot2docker ip
browse using the boot2docker ip

Resources