I wanted to learn docker swarm but I can't get it working on a fresh azure instance with debian 10.1 (edit: I also tried debian 9.11)
I've isolated the problem only to the following commands, which should give me a simple nginx welcome page on port 9000:
docker swarm init
docker service create --name nginx -p 9000:80 nginx
curl -vvv localhost:9000
But actually curl hangs and the service does not respond:
* Expire in 1 ms for 1 (transfer 0x5574dbd88f50)
* Expire in 1 ms for 1 (transfer 0x5574dbd88f50)
* Expire in 1 ms for 1 (transfer 0x5574dbd88f50)
* Trying ::1...
* TCP_NODELAY set
* Expire in 149998 ms for 3 (transfer 0x5574dbd88f50)
* Expire in 200 ms for 4 (transfer 0x5574dbd88f50)
* Connected to localhost (::1) port 9000 (#0)
> GET / HTTP/1.1
> Host: localhost:9000
> User-Agent: curl/7.64.0
> Accept: */*
>
Running nginx with docker run on the machine works.
Running the above commands on my windows machine with docker also works.
But as soon as I'm using docker stack deploy or docker service create I can't connect to the exposed ports.
Has this something to do with debian? My setup? Did I missed some configuration? What can I do to investigate this problem?
Docker version is 19.03.4
It may be that curl is using IPv6 and Nginx isn't configured for it. Try:
curl -vvv 127.0.0.1:9000
Use the command docker service ls to list the services. There you will find a column with the state of your service. If it is listed, then proceed to know if there is any error. Use the command docker service ps nginx and check the column Current state. If everything is healthy then check nginx logs with the command docker service logs -f nginx. Show us that, and we can continue helping.
I ran into a similar problem with curl hanging for docker swarm. I initially thought it was an issue with traefik, however I could reproduce it with a simple httpd container also. So it is probably related to ipv6 being selected by curl. Here are some options that worked
Adding -4 option to curl to force ipv4. This helped, but was intermittent.
Adding net.ipv6.conf.all.disable_ipv6 = 1 and net.ipv6.conf.default.disable_ipv6 = 1 to sudo vi /etc/sysctl.conf file and reloading it via sudo sysctl -p. Again intermittent.
Creating an overlay network docker network create -d overlay dcm-net and in the docker-compose.yml file marking this network external as follows:
networks:
dcm-net:
external: true
Option 3 worked the best for now.
Related
Summary
I've set up a registry container on a Debian host running on the default port 5000.
The Debian host runs as a virtual machine on top of a VMWare system. Port 5000 is open.
docker run -d -p 5000:5000 --name registry --restart=always registry:2
I then tagged an image for pushing to the registry
docker tag test-image localhost:5000/kp/testing:1.0.0
and tried pushing it
docker push localhost:5000/kp/testing:1.0.0
but it fails with Get http://localhost:5000/v2/: net/http: request canceled (Client.Timeout exceeded while awaiting headers).
The output from the registry container comes up empty. As if the request never reaches it.
What I tried
I then tried to cURL the _catalog endpoint and it just gets stuck when receiving response headers, the connection itself seems to be successful.
curl -v http://localhost:5000/v2/_catalog
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET /v2/_catalog HTTP/1.1
> Host: localhost:5000
> User-Agent: curl/7.52.1
> Accept: */*
>
I also tried creating a hostname for the registry on the host machine and setting that as the registry connection address but that ended in the same result.
In addition, I also tried adding the hostname to the insecure-registries array in /etc/docker/daemon.json but still ends with the same error.
I then tried setting it up with TLS using a self-signed certificate. Again, the connection seems to be established in cURL but no response headers are received.
Works remotely
Out of curiosity, I tried accessing it remotely so I cURL'ed the same address with the Debian host IP and it works!
curl -v http://<host-ip>:5000/v2/_catalog
* Trying <host-ip>...
* TCP_NODELAY set
* Connected to <host-ip> (<host-ip>) port 5000 (#0)
> GET /v2/_catalog HTTP/1.1
> Host: <host-ip>:5000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Tue, 09 Jan 2018 07:30:30 GMT
< Content-Length: 20
<
{"repositories":[]}
To the question
It seems really unrealistic for it to not work locally on Debian as I've set it up using localhost on both a MacOS and an Arch Linux machine. I don't think the VMWare system could be interfering with local connectivity, especially if it works remotely?
Have I missed something which is preventing the registry to be accessible locally?
isnt it need to have mount point -v for storing files in local directory like:
docker run -d -p 5000:5000 -v $HOME/registry:/var/lib/registry registry:2
this way it uses the registry folder in your home directory at /var/lib/registry in the container, which is where the registry in the container will store files by default.
This question shows research effort; it is useful and clear
I have checked the cURL not working properly
When I run the command curl -I https://www.example.com/sitemap.xml
curl: (7) Failed to connect
Failed to connect on all port
this error only on one domain, all other domain working fine, curl: (7) Failed to connect to port 80, and 443
Thanks...
First Check your /etc/hosts file entries, may be the URL which You're requesting, is pointing to your localhost.
If the URL is not listed in your /etc/hosts file, then try to execute following command to understand the flow of Curl Execution for the particular URL:
curl --ipv4 -v "https://example.com/";
After many search, I found that Hosts settings not correct
Then I check nano /etc/hosts
The Domain point to wrong IP in hosts file
I change the wrong IP and its working Fine
This is new error Related to curl: (7) Failed to connect
curl: (7) Failed to connect
The above error message means that your web-server (at least the one specified with curl) is not running at all — no web-server is running on the specified port and the specified (or implied) port. (So, XML doesn't have anything to do with that.)
you can download the key with browser
then open terminal in downloads
then type sudo apt-key add <key_name>.asc
Mine is Red Hat Enterprise(RHEL) Virtual Machine and I was getting something like the following.
Error "curl: (7) Failed to connect to localhost port 80: Connection refused"
I stopped the firewall by running the following commands and it started working.
sudo systemctl stop firewalld
sudo systemctl disable firewalld
If the curl is to the outside world, like:
curl www.google.com
I have to restart my cntlm service:
systemctl restart cntlm
If it's within my network:
curl inside.server.local
Then a docker network is overlapping something with my CNTLM proxy, and I just remove all docker networks to fix it - you can also just remove the last network you just created, but I'm lazy.
docker network rm $(docker network ls -q)
And then I can work again.
I am new to using Google Cloud Platform and am trying to host a very simple static site. I have followed Google's tutorial for running a basic apache webserver exactly and yet, when I click on the external IP of my site, I am taken to a page that says "This site can't be reached. <my site's IP address> unexpectedly closed the connection ERR_CONNECTION_CLOSED.
Since creating the VM, I have run the following commands:
sudo apt-get update && sudo apt-get install apache2 -y
echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/html/index.html
I also ran ping <site IP address> and saw lines of the form
PING <IP address> 56(84) bytes of data.
64 bytes from <IP address>: icmp_seq=1 ttl=76 time=0.746 ms
I have ensured that the Firewall settings on my VM are set to allow both HTTP and HTTPS traffic.
Why can I not see the simple Hello World page that should be hosted at my site? Do I need to manually start apache? I have tried to and not had any success.
(My VM has Debian 8 as the Boot Image)
UPDATE
At the request of a user below, I ran sudo service apache2 status but got the response below:
apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Drop-In: /lib/systemd/system/apache2.service.d
└─forking.conf
Active: active (running) since Mon 2017-01-23 01:27:44 UTC; 11h ago
CGroup: /system.slice/apache2.service
├─2570 /usr/sbin/apache2 -k start
├─2573 /usr/sbin/apache2 -k start
└─2574 /usr/sbin/apache2 -k start
Running sudo service apache2 start did not seem to do anything.
service apache2 status
and
service apache2 start
On the VM did you check the boxes to allow HTTP?
Can you telnet to port 80 of your server ?. Try the following command:
telnet your-server-ip 80
If the above command does not work, then most likely the firewall is blocking port 80. Do you have a second firewall running on your server, such as iptables?.
You need to enable SSL for apache.
(the important bit is making a syslink in the sites-enabled folder of the ssl config file in the site-available folder) that will get it running but you'll need to tinker with the ssl key/cert stuff (check out certbot)
here is a guide: https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/
To those facing this same issue, by default google tries to access URL/IP on HTTPS. But since SSL is not installed, it will not be able to access it. You have two options, 1) Install SSL on the root IP or remove the 's' in the https://xxxxxx address.
https://xxxipORwebAddress
to
http://xxxipORwebAddress
I hope it helps
I am brand new to docker and I am attempting to follow the node js tutorial that they have listed: https://docs.docker.com/examples/nodejs_web_app/
I follow this tutorial and everything seems to work great until the test portion and I can't curl to the port specified.
$ curl -i localhost:49160
curl: (7) Failed to connect to localhost port 49160: Connection refused
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21e727bc5a7d username/docker-test "node /src/index.js" 13 minutes ago Up 13 minutes 0.0.0.0:49160->8080/tcp gloomy_heisenberg
$ docker logs 21e727bc5a7d
Running on localhost:8080
$ docker exec -it 21e727bc5a7d bash
[root#21e727bc5a7d /]# netstat -tulpn
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1/node'
Not sure if I am confused about something or how to troubleshoot this, any ideas?
This is the solution:
Run you application like this:
docker run --rm -i -t -p 49160:8080 <your username>/centos-node-hello
An output should come saying listening to port 8080.
This means that the application is running
Open another docker CLI terminal and type:
docker-machine ls
You will see and IP address and a port. Example: 192.168.99.100:<some-number>
Go to a browser and type the IP address and the exported port number.
In this case, 192.168.99.100:49160, and your website should come on.
Hope it helps.
I experienced the same problem and discovered it was due to boot2docker not forwarding my localhost to the virtual machine in which Docker is running.
Find out the IP of the VM running Docker like so:
$ boot2docker ip
You'll see output like:
$ 192.168.99.102
And with the printout it gives you, curl your specified port on that IP. For example:
$ curl -i 192.168.99.102:49160
If you are using Mac OS X and have installed docker using Docker Toolbox, you can use:
curl $(docker-machine ip default):49160
I can tell you how to troubleshoot this issue at least.
First check the logs, you'll need the container id to do this. You get the id of the container using docker ps
Run docker <id> logs to view the logs. It's possible your command returned an error.
If you'd like to get a closer look, You can start a BASH shell on the container. Run this command docker exec -it <id> bash and that will give you a shell on the container to troubleshoot. The shell is the same instance of the container so you can troubleshoot the running service.
Hit given command to find IP address of docker-machine
$ docker-machine ls
The output will be like :
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.100:2376 v1.10.3
Now run your application from host machine as :
$ curl -i 192.168.99.100:49160
I've installed CouchDB on my vagrant 0.9.0 box that is running CentOS 6.2.
In Vagrantfile I've added config.vm.forward_port 5984, 5985.
After reloading vagrant i attempt to curl the address: curl -v localhost:5985 with poor results.
* About to connect() to localhost port 5985 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5985 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8r zlib/1.2.3
> Host: localhost:5985
> Accept: */*
>
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0
I get the feeling that port forwarding isn't working properly - at first I thought it might have something to do with iptables so I disabled that but, alas, results did not improve.
Been beating my head against this for days now. Would greatly appreciate some assistance.
It's quite likely that your CouchDB is listening on address 127.0.0.1 of the virtual machine (not of the physical machine). This is the default for CouchDB. Do you have the following in local.ini?
[httpd]
bind_address = 0.0.0.0
After restarting CouchDB check with netstat, on the virtual machine, if the change took effect:
sudo netstat -tlnp |grep :5984
Then check that CouchDB is running fine from the virtual machine:
curl http://127.0.0.1:5984/
If you don't see {"couchdb":"Welcome","version":"1.1.1"}, check the logs for error messages. It may be some permissions problem.
How have you installed CouchDB?
in my case, the solution to a very similar problem was much more obvious: coming from ubuntu, I didn't expect a firewall to be running on the centos box
this will disable it:
sudo service iptables stop
thanks to this blog!