time out for access flask app on azure VM - azure

I have a flask app running in a docker container on an Azure vm.
App is running at port 5000 and I'm exposing that port to docker
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57cdce7b5b2b auto_ml2:latest "/bin/sh -c 'python3…" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp serene_mcnulty
mlcontainers2#automl:/$
I'm trying to make the following API call:
headers = {'content-type': 'application/json'}
url = "http://XX.XX.X.XX:5000/api/AutoML"
resp = requests.post(url,data=json.dumps(data), headers=headers )
But after a while, I just get a time out error:
Failed to establish a new connection: [Errno 110] Connection timed out'))
I thought the port must be closed, so I added a rule for it and opened ports 80 and 5000-6000 and reboot the VM
But I get the same error after this.
EDIT
I tested it from the VM, there it works fine:
But from a remote request I keep getting the same error:

For this issue, first, you need to make sure that you can access the container from the image inside the VM. Then you need to add the rule to allow all the TCP ports necessary in the NSG which associated with the VM. Finally, you can access the API server outside the VM via the VM public IP with the right port which allowed in the NSG rule.

Related

How to add docker container as data source in grafana?

I have a Postgres Database which was deployed as a Docker container in Linux server. How can i add this as a data source in grafana? I tried finding the docker host IP address using sudo ip addr show docker0 and got the result as 172.17.255.255. I added this URL in Host name field. And added the port number as 5432. But still, grafana is unable to fetch the data from DB. How can i do this?
If your database has its port closed you should use a docker networks but if the port is exposed you should try to use your host ip address instead of the docker gateway address
With docker ps, check if your Postgres container expose the port, eg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e25459aa0ed6 postgres:10.17 "docker-entrypoint.s…" 12 seconds ago Up 11 seconds 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp jovial_merkle
If not, stop the service, then restart it exposing the port with docker run -d -p 5432:5432 ....
Check if there is any firewall rule that allow to access the port from outside the server.
Now you can reach you DB using the server IP

Does Azure Web App for containers support ssh access when running a multi-container app?

I'm running an Azure Web app (containers) with custom container images. I've followed the steps to enable ssh into a container image and it works great when I'm only running a single container. But when I run the app as a multi-container app (with docker-compose file) with more than one container image I get the error below. For additional context this is a small python web app that using nginx and redis hence the need for more than one container. Only one of my custom images has ssh enabled and running and exposing port 2222.
Is this even possible? If not then I'm not sure how feasible it is to run a web app multi-container if I have no way to access a container for support purposes.
az webapp remote-connection create -g GROUPNAME -n APPNAME -p 2222 --verbose
Configured default 'GROUPNAME' for arg resource_group_name
remote-connection is deprecated and moving to cli-core, use `webapp create-remote-connection`
Port 2222 is open
Creating a socket on port: 2222
Setting socket options
Binding to socket on local address and port
Finished initialization
Status response message: FAILURE:2222:Unable to connect to WebApp
WARNING - Remote debugging may not be setup properly. Reponse content: FAILURE:2222:Unable to connect to WebApp
SSH is available { username: root, password: Docker! }
Start your favorite client and connect to port 2222
I also tried the create-remote-connection command but got similar results.
az webapp create-remote-connection -n APPNAME -g GROUPNAME --verbose &
Error I receive is:
Auto-selecting port: 52661
Finished initialization
Status response message: FAILURE:2222:Unable to connect to WebApp
WARNING - Remote debugging may not be setup properly. Reponse content: FAILURE:2222:Unable to connect to WebApp
Connection is not ready yet, please wait
.
Status response message: FAILURE:2222:Unable to connect to WebApp
WARNING - Remote debugging may not be setup properly. Reponse content: FAILURE:2222:Unable to connect to WebApp
Looks like its not supported :(
see...
How to SSH in to different containers in Multi Container Azure App Service
and...
Support SSH to specific container in multi-container setup

Azure Cloud App ERR_CONNECTION_TIMED_OUT

I would like to deploy a container based app in azure container service, and followed this tutorial.
https://learn.microsoft.com/en-us/azure/container-service/dcos-swarm/container-service-mesos-marathon-ui
Everything went well except that the public url is showing
ERR_CONNECTION_TIMED_OUT in browser.
When pinging the url, able to get the IP address but pings are showing as timed out.
I have verified agents LB with port 80 as allowed in the rules list.
How to access the application through public web ?
When pinging the url, able to get the IP address but pings are showing
as timed out.
Azure disable ICMP package, so you could not ping Azure public IP address. You could use telnet or tcping to check whether your service is listening.
Do you bind port 80 of the container to port 80 of the DC/OS agent? If I don't do this, I get same error log with you. Please refer to this link.
Note: I test in my lab, if I did not do this, nginx service will listen on other port. I ssh to the agent VM.
root#dcos-agent-public-65818314000001:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e8091548413 nginx "nginx -g 'daemon off" 14 minutes ago Up 14 minutes 0.0.0.0:4912->80/tcp mesos-d7be0314-6be2-467b-8376-433a05033b17-S1.42edeac0-2aa3-4ecd-acaa-17d5f2f4ac19
The service is listening on port 4912 not 80.
If you do this step, I suggest you also could ssh to agent VM(same user name and private key) and execute docker ps .

DNS Swarm agent not working on Azure

1- I created a new containerservice in azure.
2 - The creation was done following the portal step by step.
3 - I have not changed any configuration of any service, VM, balancing, master and agent.
4 - I can connect with PuTTY normally.
5 - I can open a tunnel by redirecting port 80 to port 80.
Following this tutorial, I can put the container to run::
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffe6a1c890e4 yeasy/simple-web "/bin/sh -c 'pytho..." 31 minutes ago Up 31 minutes 0.0.0.0:80->80/tcp vibrant_morse
If I access localhost from my browser I can reach port 80 of the container and see the identical "Real Visit Results" page of the tutorial.
But in the tutorial it says that if I use load balancer's DNS I should see the result, that's my problem, I can not access the container through DNS, I only get timeout.
Reinforcing, I created a container service and did not change any configuration, just entered with PuTTY and put the container to run.
According to your description, it seems that you don't set your DOCKER_HOST environment variable to the local port configured for the tunnel. When you ssh to your master VM, you need execute command below:
export DOCKER_HOST=:2375
Run the Docker commands that tunnel to the Docker Swarm cluster. For example:
docker info
If you don't set the environment variable on the tunnel, the docker contanier is created on master VM, so you could not get the Web with agent Public IP.
Also, you could not set environment variable, but you need to point to the host when you execute docker command. More information please refer to this link

Cannot list directory on IIS FTP server on Azure, even after configuring Azure inbound rules and Windows firewall

I'am running Windows Server 2012 in Azure, and I've configured the FTP server in IIS. When I try to connect the server, it accepts the username and password and log me in but not showing the directory listing.
I've tried using FileZilla FTP client to connect and it saying the same error.
Status: Resolving address of jothiprakashanandan.southindia.cloudapp.azure.com
Status: Connecting to 104.211.244.241:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Status: Disconnected from server
The inbound rule of Azure is this:
The VM's firewall inbound rule.
However when I try to login from the VM's browser it is working fine and showing the directory list.
In Azure, we should deploy the passive mode FTP, we should add data channel ports range in FTP Firewall Support, then add those ports to NSG and windows firewall inbound rules.
By the way, although the windows firewall seems to allow all traffic that’s required, we also need to enable stateful FTP filtering on the firewall:
netsh advfirewall set global StatefulFtp enable
Then restart the FTP windows service and we should be up and running:
net stop ftpsvc
net start ftpsvc
Here is a similar case, same error as you, please refer to it.
Check which port does the FTP site listen on:
It is usually necessary to restart the Microsoft FTP service after enabling the FTP server rules in Windows firewall to have the change take an effect.
Or restarting a whole machine.
See my guide to Installing an FTP Server on Windows using IIS.
The issue was with Azure network NSG. you need to enable the port range on which data is getting transferred.
Added new rule in NSG to open this port range and it worked.

Resources