Access Docker from external machine in network - macos

Is it possible to access an docker service from an external device?
I built the service via fig and exposed the port 3000. I use fig with docker-osx, so docker is running inside a virtualbox.
Now I need to access the service provided from an external device (i.e. a mobile phone or tablet).
At the moment I could only access the service with localdocker:3000 from the machine hosting the VirtualBox-Environment.

For those using OSX (and Windows) for testing, Docker creates a virtual machine; this works a little differently than running on a Linux-based system.
Try the following:
docker-machine ip
This will return the virtual machine's IP. In my example, it's
192.168.99.100
Running docker ps will show you the port mappings (cleaned up the table below a bit)
$ docker ps
CONTAINER ID IMAGE STATUS PORTS NAMES
42f88ac00e6f nginx-local Up 30 seconds 0.0.0.0:32778->80/tcp
0.0.0.0:32778->80/tcp means docker is mapping 32778 (a randomly assigned port) on my machine (in this case the virtual machine) to my container's port 80.
You can also get this information from docker port 42f88ac00e6f 80 (42f88ac00e6f being the container ID or name)
In order to access nginx on the container, I can now use the virtual machine's ip:32778
http://192.168.99.100:32778/ will forward to my docker container's 80 port (I use this to test locally)
Obviously, the port above will not be accessible from the network but you can configure your firewall to forward to it =)

I suggest adding a port forwarding rule to the VirtualBox VM settings.
Open the VM settings => Network tab => Adapter 1. By default it is attached to NAT.
Press Port forwarding button, then add a new rule.
The Host IP should be your computer IP address. Could be also 127.0.0.1, but then it will be seen only on your computer.
For the Host Port value you will need to experiment a bit - needs to be both unused and allowed by the computer firewall.
Leave the Guest IP empty.
The Guest Port should be 3000, as in your question.
After that, it should be accessible from the local network, address http://HOST_IP:HOST_PORT

You'll have to tell your local machine to listen for incoming connections on that port and then forward those requests on to your docker container.
Nginx is pretty good at this, and a simple config like this:
/etc/nginx/sites-enabled/your-file.conf
server {
listen 3000;
server_name YOUR_IP_ADDRESS;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
Would work fine if your phone / tablet hits http://YOUR_IP_ADDRESS:3000/

For MacOs users.
it seems like sudo ifconfig lo0 alias 10.254.254.254 will do the magic.
you can access external IP host (10.254.254.254) from container

You should be able to access the boot2docker vm by using the IP address reported by book2docker ip.

Related

nginx-proxy-manager on docker 503 error on ipv6

I have docker and docker-compose installed on a VM with ubuntu22.04 where I run a container for nginx-proxy-manager with ipv6 working. I can add Proxy Host with an ipv4 and works fine, but if I add a proxy host with an ipv6. it doesn't work and only gives me 500 Internal Server Error. I can open the IPV6 to my browser and will see the content of the host, as well as pointing a domain to that ipv6 directly in cloudflare without any problem. does nginx-proxy-manager support ipv6 or is there a config that I needed to add. Also I can ping from my docker host to the ipv6 IP of webserver that I want to load

Hostname to docker containers mapping?

When the Apache is installed directly on the host, I add an internal hostname in "C:\Windows\System32\drivers\etc\hosts" and using virtual host to easily access different projects locally say: http://foo.test and http://bar.test.
Using the docker container for each project I can access the project by assigning a host port in the docker-compose file.
I hope that docker may have some internal tools to achieve access via hostname to containers.
Using a reverse proxy can be a solution as described in these relatively old but brilliant articles.
https://www.alexecollins.com/developing-with-docker-proxy-container/
http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/
But because I believe this is a very common development requirement, I hope Docker has something builtin to address it.
My approach to this problem is the following. Consider I have container A and B both running a webserver. I simply add a reverse proxy on my local machine which looks at the hostname and then proxies to the respective containers.
But instead of proxying through the hard-coded ip addresses, I proxy through the local ports. So instead of binding both your containers to port 80, bind them to a random local port (e.g., 4041) and proxy over that. That way you decouple the container IP from your host.
My nginx file looks like this then:
server {
server_name example.com # Add <host lan ip> example.com to your /etc/hosts file
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # These two lines ensure that the
proxy_set_header Connection "Upgrade"; # a WebSocket is used
proxy_pass http://localhost:4041/;
}
<snip>
Adding multiple containers then just means you have to edit 1 nginx proxy file, and bind a port to your local machine. No coupling between Docker ip's and your local hosts file.

Vagrant Refused via browser

I am very new to using Vagrant in my development workflow, however when setting up the box using vagrant up and then accessing it via my host i get a connection refused with my browser.
Is all that needs to be done to work is:
vagrant init scotch/box
vagrant up
?
Make sure to forward the 80 port from the guest so you can access the vm from your browser. Edit your Vagrantfile and make sure to have a line like (by default when doing vagrant init I believe this is commented)
config.vm.network "forwarded_port", guest: 80, host: 8080
You can then access your web server (if running on the VM) from http://127.0.0.1:8080 or http://localhost:8080
If you prefer to use a fixed private IP, you will need to add
config.vm.network :private_network, ip: "192.168.33.10"
you will then access the vm server using http://192.168.33.10
note:
if you have nothing running on the port 80 nothing will be displayed (obviously). you can run sudo netstat -ant and check you have a process running on port 80
Adjust the port number from the example with the service you're running if it runs on another port.
By default, you get a NAT interface that you cannot connect into. You should define a private network in vagrant to make incoming connections available. Then, also check your VM's firewall settings.
I had a similar problem and just wanted to share my solution, maybe it helps someone else. I couldnt reach the localhost:8080 via browser. The connection got interrupted everytime.
After a long wasted time and search, I found my problem, it was due to the nginx.conf file.
#nginx config file
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen localhost;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location \ {
try_files $uri $uri/ = 404;
}
}
i forgot the backslash after location....
after adding it, i could restart my nginx via vagrant ssh and now it's working again
best
totem
There are some provider-related issues when it comes to networking, especially with Hyper-V, that the get-started docs don't mention. See https://developer.hashicorp.com/vagrant/docs/providers/hyperv/limitations

Access web server over https in a Docker container

I'm using Boot2Docker to manage Docker containers in Windows and I have a container running an IBM Liberty server (I guess is the same for any other server), I can access the server home screen in the host machine using only the ip (which I get using the command boot2docker ip), but if I try to access the server using the https port, like this xx.xx.xx.xx:9443 the connection fails.
I tried forwarding the port in VirtualBox like this:
And then access the server using the ports 1000 or 1001, but it fails too.
Am I missing something?
BTW, I'm using default NAT connection.
https uses port 443 (not 9443) by default.
Make both "Host Port" and "Guest Port" 443 and try again.

Boot2Docker: Connect to container over LAN

I'm using Boot2Docker 1.3.0 on my Mac and I'm pretty happy so far using it. But now I'd like to connect to a http container (exposes port 8080) not from my local machine but from another machine in my local network? If I'm doing it locally I just use http://192.168.59.103:8080 so I'm using the ip address of the docker host. This can't work for other machines in my local network but using the ip address of my mac does not work either. I'm pretty sure there are some solutions for this problem but I can't find any. It can't be that hard right? What I want is to make a request to http://[IP-Address-of-mac]:8080 from another host in my local network. I think I have to set up some routing rules on my local machine right? May anybody tell me what to do? Thanks in advance.
Best regards
Sascha
You need to port forward from the OSX box to the virtual machine
VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port8080,tcp,,8080,,8080";
should do the trick
or, you could use ssh based port forwarding:
boot2docker ssh -L 8000:localhost:8000
see https://github.com/boot2docker/boot2docker/blob/master/doc/WORKAROUNDS.md
On your Mac, determine the IP address that it uses on your local LAN:
$ ifconfig | grep 192
inet 192.168.1.21 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.59.3 netmask 0xffffff00 broadcast 192.168.59.255
Then port forward:
$ boot2docker ssh -vnNTL 192.168.1.21:8080:localhost:8080
Now, requests that come into your Mac on port 8080 will get forwarded to the boot2docker Linux VM on port 8080. The docker server will then forward from the exposed port (VM port 8080) to the port your container is using for httpd (probably 80).
Note that "localhost" above is from the point of view of the Linux VM, not the Mac, because that is the host you are ssh'ing into.

Resources