I have been playing with Docker for a while (on OSX via Vagrant) which worked really nice. In order to access my apps running in the docker containers I had to setup Vagrant to use static IPs ("private_network" setup).
While this worked well I think the new approach to use boot2docker is a little lighter and more convenient as I can run docker directly in OSX. However, if I run docker with the usual port forwarding I get this error:
docker run -p :5672 -p :15672 mikaelhg/docker-rabbitmq
2014/02/09 10:12:47 Error: start: Cannot start container fecd0f0225f49a889e63e9b113bff36305e9b9ab146ada6730d6cfffe9a10e0b: Process could not be started
So then if I explicitly map this to a different host port it starts
docker run -p 5000:5672 -p 15000:15672 mikaelhg/docker-rabbitmq
However I am unable to open this in my OSX host. I am aware that this setup is different to Vagrant as it does not use static IPs but rather NAT but somehow I cannot find proper docs on how I can access my apps from the OSX host.
Can anyone point me to the right docs or give me an example what setup I need to use to get boot2docker setup the portforwarding for me?
If you're using VirtualBox, configure port forwarding like:
$ VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port5000,tcp,,5000,,5672"
$ VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port5000,udp,,5000,,5672"
Read more:
http://www.deadcodersociety.org/blog/forwarding-a-range-of-ports-in-virtualbox/
https://github.com/dotcloud/docker/issues/4007#issuecomment-34573044
Related
I know there are similar questions on the SO but many of the suggestions have not worked for me. I'm running Docker Desktop for Mac and I startup a docker container I've built that has ssh configured and running (I use these to connect to AWS, Azure etc). I startup the container with something like (the ubc/jlbase/jlbase image has ssh configure... and the following all works on a linux machine with docker0 network in place)
docker run -P --name test -d ubc/jlbase/jlbase
docker inspect test |grep IP
ping -c *the_ip_from_above*
does not connect. From what I can find, this is a known issue with Docker on Mac... but the help and links I've found don't seem to solve the problem. Can someone tell me what I've missed?
You can say that this is a know feature of Docker on Mac, not an issue. Docker on Mac is running on a virtual machine inside macOS, so the IP address you receive is the IP of the container inside the VM, not on macOS.
To address the two issues from the question:
How to enable ssh
To be able to ssh on your container, you will need to have the sshd running in the container and to publish the port 22. Check here to see how you can try this with a container that is already prepared
How to ping
Since the docker is running inside a VM, to be able to route traffic to the containers, you will need to setup the network layer to route the traffic. One approach is to create a tunnel between the VM and the machine.
This is much more complex setup and will require a help of a CNF (Conteinerized Network Function). One of the simplest CNF that was created just for this problem is soctun which creates a tunnel between the host and the docker network layer.
I'm running docker on top on vagrant and would like to debug application remotely using pycharm running on windows (which runs vagrant). Of course the docker host is then on vagrant - not the same machine pycharm is running on.
I have to specify the certificates folder and docker machine executable as a local files / directories. Does this mean I cannot debug applications using pycharm in this setup?
Of course I could ssh directly into the docker container but then I have no features pycharm gives me.
pycharm cannot remote debug because cannot connect with code in docker in vagrant
you need bridge port from docker with vagrant before this.
you need find vagrant ip and docker ip (by default, vagrant ip: 10.0.2.2, you can see when run vagrant ssh)
second determine port for debug( exam 21000)
use commant code in terminal
vagrant ssh
sudo iptables -t nat -A PREROUTING -p tcp --dport 21000 -j DNAT --to-destination 10.0.2.2:21000
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
set code for python file:
change 172.19.0.1 with your docker ip (in vagrant)
import pydevd
pydevd.settrace('172.19.0.1', port=21000, suspend=False)
set on breakpoint on code and try to debug
It is possible however not recommended, it has the potential to introduce a number of problem spots longer term and brings a increased security risk.
as per the docker documentation ...
If you are okay with the security risk and if docker toolbox using boot2docker is not an option for your situation, then you will need to ensure:
Docker client/server versions are identical
Port forwarding on your local vagrant box is setup
Add the TCP binding for the docker server, either as a replacement to the default unix socket binding and/or in addition.
I am running docker on my windows system using docker toolbox. I ran tomcat container using command docker run -it --rm -p 8888:8080 tomcat:8.0. As per documentation I should be able to access tomcat using http://localhost:8888, but this is not working.
Rather, I can access the tomcat app using docker-machine ip which is http://192.168.99.100:8888.
But this is not what I need. I need to access the tomcat container app from outside my system itself, through the network. So, how do I map tomcat application to my windows host system ?
While googling around, I could see an option of port-forwarding for boot2docker vm. But, again I am not using boot2docker. I am using docker toolbox.
Finally, I was able to find where to add the port-forwarding rule. Open the oracle VirtualBox Manager. Go to Settings-->Network --> Port Forwarding..
Here 1 rule is already available for ssh.
So I added another rule for this with below configurations:
HostIP:HostPort=> 127.0.0.1:9999
GuestIP:GuestPort=> :8888
So now if I invoke http://localhost:9999 , it is forwarded to => docker-machine:8888 and from there it is forwarded to => tomcatVM:8080.
I could see an option of port-forwarding for boot2docker vm. But, again I am not using boot2docker. I am using docker toolbox.
Yes, you are using boot2docker.
Toolbox is just a bundle of boot2docker + docker-machine + kitematic.
Open your VirtualBox, and you will see a VM which, in the storage settings, is based on boot2docker.iso.
See do port-forward 8888 to your host: see "Connect to a Service running inside a docker container from outside"
VBoxManage controlvm "default" natpf1 "tcp-port8888,tcp,,8888,,8888"
VBoxManage controlvm "default" natpf1 "udp-port8888,udp,,8888,,8888"
(Replace default with the name of your docker-machine: see docker-machine ls)
Here is what I have tried:
My goal: running the prosody XMPP server inside a container, accessed by my (as-yet uncontainerized) local development environment.
I installed the prosody XMPP server - this is what I am trying to use as a container for local development.
It comes dockerized here:
https://github.com/lloydwatkin/prosody-docker
I ran, as per documentation:
docker run -d prosody/prosody --name prosody -p 5222:5222
I checked prosody was running with docker exec -t -i /bin/bash
docker ps shows that the container is running, forward to 5222.
But, on my Mac local shell, telnetting to my boot2docker ip on port 5222 cannot connect.
I have tried this https://github.com/boot2docker/boot2docker/blob/master/doc/WORKAROUNDS.md
but I cannot get that to work.
To add to my confusion, the latest docker.com documentation states port forwarding should work, under Container Port Redirection:
https://docs.docker.com/installation/mac/
There was an error in the docker container documentation for prosody. The correct order of params are:
docker run -d --name prosody -p 5222:5222 prosody/prosody
There's no error handling so it was really difficult to identity.
Try running this command in Terminal to forward communication from your local machine's ports 5200 through 5299 to the VirtualBox's ports:
for i in {5200..5299}; do VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i”; VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i";done
Docker (www.docker.io) looks terrific. However, after installing VirtualBox, Vagrant
... and finally Docker on a Mac, I'm finding it's not possible to access the service running in the Docker container from another computer (or from a terminal session on the Mac). The service I'm trying to access is Redis.
The problem appears to be that there's no route to the IP address assigned to the Docker container. In this case the container's IP is 172.16.42.2 while the Mac's IP is 196.168.0.3.
A couple notes:
It IS possible to access it - but only from within the VirtualBox session. This can be done using redis-cli -h 172.16.42.2 -p 6379.
I have added "config.vm.network :bridged" to the VagrantFile in an attempt to get the, but that didn't solve the problem.
The VM generated by vagrant is indeed isolated, in order to access it from your host, you can allocate a private network to it.
Instead of doing config.vm.network :bridged, try config.vm.network :private_network, ip: "192.168.50.4", It should do the trick
However, this will only allow you to access the VM itself, not the containers.
In order to do so, when running the container, you can add the -p option
ex: docker run -d -p 8989 base nc -lkp 8989
This will run a netcat listening on 8989 within a container and expose the port publicly. As it is also run with -d, the container will be in detached mode and the only output will be the container's ID
In order to expose the port, Docker do a simple NAT. In order to know the real port, you can
do docker port <ID of the container> 8989
Netcat will be available from the mac at 192.168.50.4:<result>
I just wrote a tutorial of how to use a host-only network and TCP routing to make this pretty easy. This way you don't have to map every specific port.
http://ispyker.blogspot.com/2014/04/accessing-docker-container-private.html
Important points ...
1) Add host-only network to Virtual Box
2) Tell the boot2docker VM to have an adapter on the host-only network
3) Add an IP for the new boot2docker VM host-only networking adapter
4) Route all Mac OS X traffic for the docker container subnet to that boot2docker VM host-only networking IP
Actual steps are on the blog with output so you can compare to what you see as you follow them.
I have installed tomcat from my Dockerfile and forwarded that to 6060 using vagrant`s port forwarding. These are the steps worked for me:
vagrant provision
vagrant up
vagrant ssh
box_name$ docker run -i -t -p 8080:8080 bsb_tomcat6 /bin/bash
Able to see tomcat up & running on localhost:6060, as I have done port forwarding to 6060 in my Vagrantfile
you also can define PRIVATE_NETWORK and FORWARD_DOCKER_PORTS environment variables to access your services that are running in docker containers:
$ vagrant halt
$ export PRIVATE_NETWORK=192.168.50.4
$ export FORWARD_DOCKER_PORTS=1
$ vagrant up
In my case i can access postgres from Mac using
$ telnet 192.168.50.4 49154
to find out actual application port you can use
$ sudo docker port 1854499c6547 5432
0.0.0.0:49154