Develop Reference

Unable to remotely connect to docker container

I am new to docker, this is my first attempt at using it.
I have setup a docker container on a AWS DEBIAN 9 host and started it:
#docker-compose up -d
This is the section related to the web app:
waweb:
image: docker.whatsapp.biz/web:v${WA_API_VERSION:?Run docker-compose with env var WA_API_VERSION (ex. WA_API_VERSION=2.29.2 docker-compose <command> <options>)}
command: ["/opt/whatsapp/bin/wait_on_mysql.sh", "/opt/whatsapp/bin/launch_within_docker.sh"]
ports:
- "9090:443"
volumes:
- whatsappMedia:/usr/local/wamedia
env_file:
- db.env
environment:
WACORE_HOSTNAME: wacore
# This is the version of the docker templates being used to run WhatsApp Business API
WA_RUNNING_ENV_VERSION: v2.2.3
ORCHESTRATION: DOCKER-COMPOSE
depends_on:
- "db"
- "wacore"
links:
- db
- wacore
network_mode: bridge
When I test this it shows that all appears to be correct and it is listening on 9090:
# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------
wabiz_db_1 docker-entrypoint.sh mysqld Up 0.0.0.0:33060->3306/tcp, 33060/tcp
wabiz_wacore_1 /opt/whatsapp/bin/wait_on_ ... Up 6250/tcp, 6251/tcp, 6252/tcp, 6253/tcp
wabiz_waweb_1 /opt/whatsapp/bin/wait_on_ ... Up 0.0.0.0:9090->443/tcp
and:
# netstat -tulpn | grep LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 18818/sshd
tcp6 0 0 :::22 :::* LISTEN 18818/sshd
tcp6 0 0 :::9090 :::* LISTEN 32144/docker-proxy
tcp6 0 0 :::33060 :::* LISTEN 32361/docker-proxy
I can test-connect to this locally:
# telnet localhost 9090
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
Yet when I attempt connect to it remotely, the connection is refused.
The firewall ports are all open to my IP (1-65535), I can remotely telnet to port 22 and also create a python simple-http-server and connect to that remotely too.
I thought that maybe IPV6 was being forced, but it is not:
# sysctl net.ipv6.bindv6only
net.ipv6.bindv6only = 0
Any suggestions on what the issue may be ?

Connection to MongoDb server hosted on CentOS is failing

Mongo up and running on CentOs Machine
All IPs enabled, no authorization
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
# security: none
# authorization: 'enabled
Port enabled
netstat -tulnp
(No info could be read for "-p": geteuid()=1001 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
Connection from the server itself using the IP works fine
mongo --host 10.X.X.16
MongoDB shell version v4.2.2
connecting to: mongodb://10.X.X.16:27017/?compressors=disabled&gssapiServiceName=mongodb
MongoDB server version: 4.2.2
Server has startup warnings:
2020-01-21T15:48:26.297-0800 I CONTROL [initandlisten]
Doing the same thing from a remote Windows Machine
mongo --host 10.X.X.16
MongoDB shell version v4.2.1
connecting to: mongodb://10.X.X.16:27017/?compressors=disabled&gssapiServiceName=mongodb
2020-01-21T15:59:07.563-0800 E QUERY [js] Error: couldn't connect to server 10.65.5.16:27017, connection attempt failed: NetworkTimeout: Error connecting to 10.X.X.16:27017 :: caused by :: Socket operation timed out :
connect#src/mongo/shell/mongo.js:341:17
#(connect):2:6
2020-01-21T15:59:07.571-0800 F - [main] exception: connect failed
2020-01-21T15:59:07.571-0800 E - [main] exiting with code 1
Thanks!

Problem fixed:
I had to disable the firewall for the mongo port
sudo firewall-cmd --zone=public --add-port=27017/tcp --permanent
sudo firewall-cmd --reload

Node.js not accepting connections on port 80

I am running my node server on ubuntu with sudo node index.js
Running curl http://localhost/health-check gives a response but if I use the public IP, it does not get any response
Running sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
59739/node
Running nmap -A -T4 myDomainName
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-22 12:32 UTC
Nmap scan report for myDomainName (IP address)
Host is up (0.0011s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
...
80/tcp closed http
443/tcp closed https
Running nmap localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-22 12:28 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000062s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Lastly sudo ufw status
To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
80/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Port 80 is open on localhost but not open on the domain name/ public ip

Unable to get PostgreSQL 9.4 to listen on port 5432

I'm using a Linux VM (Ubuntu 15.10) to spin up a Postgres Database, and as far as I can tell, everything should be configured right.
My firewall is disabled:
user#UBUNTUMACHINE:~$ sudo ufw status numbered Status: inactive
But it's only listening on port 22
user#UBUNTUMACHINE:~$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
If I enable the firewall, and tell it to listen to 5432, it shows up in the rules:
user#UBUNTUMACHINE:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
5432/tcp ALLOW IN Anywhere
5432 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
5432/tcp (v6) ALLOW IN Anywhere (v6)
5432 (v6) ALLOW IN Anywhere (v6)
But I get the same results as above for netstat.
As far as I can tell from researching the issue, I have the correct values in my postgresql.conf file:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
and I've tried both IP ranges and specific IPs as trusted in the pg_hba.conf file.
# Database administrative login by Unix domain socket
local all postgres ident sameuser
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
host all all 10.0.0.0/255 trust
host all all 10.11.0.0/255 trust
host all all 0.0.0.0/0 trust
Lastly, Postgres is running, per
user#UBUNTUMACHINE:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2017-03-08 11:09:57 CST; 57min ago
Process: 787 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 787 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postgresql.service
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Starting PostgreSQL RDBMS...
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:21 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:26 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.

The log is telling me invalid CIDR mask in address 10.0.0.0/255
:: 255 might be larger than 32
Postgres refuses to start, because it refuses the netmask /255 which islarger than the possible number of bits in the (32 bits) IP-address. You could consider this to be a bit picky for the .hba parser, but it could also be considerered a configuration error.
In any case: replace the /255 by something sensible, like /24 (or /16, since you have two of these entries) And: replace the trust by something more safe, after it appears to work.

Why isn't my port exposed? netstat output included

This is my problem
# docker exec -ti root_web_1 bash
[root#ca32f79bdc14]# curl couchdb:5984
curl: (7) Failed to connect to couchdb port 5984: Connection refused
[root#ca32f79bdc14]# curl redis:6379
-ERR wrong number of arguments for 'get' command
-ERR unknown command 'Host:'
-ERR unknown command 'User-Agent:'
-ERR unknown command 'Accept:'
^C
Question
Why can't I access couchdb:5984 ?
Background
When I am in my couchdb container I can curl localhost:5984 and it responds and netstat -nl gives me
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.11:35300 0.0.0.0:* LISTEN
udp 0 0 127.0.0.11:51267 0.0.0.0:*
and the Dockerfile contains EXPOSE 5984, but I get connection refused when doing curl couchdb:5984 from the web container.
When I do the same with redis, curl redis:6379 it responds and netstat -nl gives
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.11:46665 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::6379 :::* LISTEN
udp 0 0 127.0.0.11:49518 0.0.0.0:*
This is the couchdb Dockerfile
FROM fedora:25
RUN dnf -y update
RUN dnf -y install couchdb
EXPOSE 5984
CMD ["/usr/bin/couchdb"]
This is the docker-compose.yml.
version: '2'
networks:
revproxynet:
external: true
services:
web:
images: nginx
networks:
- revproxynet
redis:
image: redis
networks:
- revproxynet
couchdb:
build: /docker/couchdb/
networks:
- revproxynet
The network is created with docker network create revproxynet.

In /etc/couchdb/local.ini you need to have
[httpd]
bind_address = 0.0.0.0
and it will work.