I have a situation where node-container can reach mongo-container if it uses mongo-container's name such that Docker translates it to its internal IP (which I think is how it works). They are running at the same Docker host.
However, if developing locally (not on the Docker host server), we reach mongo by giving domain-name:port to the node-container. This configuration works fine both locally (with/without Docker) and at the server, but only without Docker (so npm start "directly").
The Docker containers at the host are connected to a Docker bridge network.
We would like to use the domain-name:port configuration everywhere ideally, so that we don't have to think about the Docker side of things.
I would like to understand what happens in terms of networking. My rough networking understanding thinks this happens:
WORKING SITUATION # SERVER BY SKIPPING DOCKER:
Host[npm start]-->Node[need to check <domain-name:port>]-->DNS server[this is the IP you need]-->Host[Yes my IP + that port leads to mongo-container].
BROKEN SITUATION # SERVER BY USING NODE BEHIND DOCKER:
Host[docker-compose up etc... npm start via node container]-->Node[need to check <domain-name:port>]-->DNS server[Problem here?].
Thanks for any insights.
Related
I am newbie on docker.
I want to migrate my nodejs app to docker, and existing database already installed on server (172.17.2.1). I set mariadb host 172.17.2.1 on my nodejs config.
After that, I created an images and run with :
docker run -p 3009:3009 -d my-node
actually its already running, but when I tested to open by browser, I got an error that my app cannot connect to 172.17.2.1 (connecting to database).
I try to create bridge IP (172.17.2.135) and make a same subnet, but still got a same error.
My images on docker inside doesn't know 172.17.2.1 on my LAN.
Please help me,
I use windows 10 environment
You have two options to allow your container to reach an external server:
Run your docker container on your host network:
docker run -p 3009:3009 --network host -d my-node
This way your container will be able to reach anything reachable from your machine
create a network bridge: in this case docker will route the traffic from the container to the external server. the bridge IP can't be your docker machine IP as you tried to do.
I built both containers using a Dockerfile (for each). I have the NGINX container pointing (proxy_pass http://localhost:8080) to the port that the web app is exposed (via -p 8080:80). I am able to get it to work when I just install NGINX in the linux machine, but when I use a dockerized NGINX, I just get the default NGINX index.html. Do I have to build both containers using Docker-Compose.yml file (as oppose to Dockerfile) when I want the containers working together? Sorry, if I didn't put any code, but at this point, I'm just wanting to know if I'm taking the correct approach (using Dockerfile or Docker-Compose).
The Nginx proxy needs access to the host (!) network for this to work, e.g.:
docker container run ... --net=host ... nginx
Without it, localhost refers to the proxy (localhost) which likely has nothing on :8080 and certainly not your web app.
Alternatively, if the proxy's container (!), can resolve|access the host then processes in the container can refer to host-accessible ports using the host's DNS name or IP.
Docker Compose (conventionally) solves this by putting the containers onto a new virtual network. The difference then would be that, rather than mapping everything onto host ports, each container (called a service) gets a unique name and a container called proxy could refer to a container called web on port 8080 as http://web:8080.
You may achieve similar results with Docker only by creating a network and then running containers on it, e.g:
docker network create ${NETWORK}
docker container run ... --net=${NETWORK} --name=proxy ...
...
I have a simple NodeJS website. I serve it up locally to port 80 via:
npm start
and all is well. I can access the website through the local ip on phones and other devices using the same network, including the computer itself.
However, when I serve to 80 from the docker container running the npm server via
docker run -p 80:80
All seems well when I test the local ip on the host machine itself. But when I try to access it using phones and other devices using same network, I timeout.
I would expect the docker website to work everywhere on the local network, just the same as my non-container npm start command.
Windows Defender Firewall was blocking the connections going to and from the container.
So, I'm trying to get Jenkins working inside of docker as an exercise to get experience using docker. I have a small linux server, running Ubuntu 14.04 in my house (computer I wasn't using for anything else), and have no issues getting the container to start up, and connect to Jenkins over my local network.
My issue comes in when I try to connect to it from outside of my local network. I have port 8080 forwarded to the serve with the container, and if I run a port checker it says the port is open. However, when I actually try and go to my-ip:8080, I will either get nothing if I started the container just with -p 8080:8080 or "Error: Invalid request or server failed. HTTP_Proxy" if I run it with -p 0.0.0.0:8080:8080.
I wanted to make sure it wasn't jenkins, so I tried getting just a simple hello world flask application to work, and had the exact same issue. Any recommendations? Do I need to add anything extra inside Ubuntu to get it to allow outside connections to go to my containers?
EDIT: I'm also just using the official Jenkins image from docker hub.
If you are running this:
docker run -p 8080:8080 jenkins
Then to connect to jenkins you will have to connect to (in essence you are doing port forwarding):
http://127.0.0.1:8080 or http://localhost:8080
If you are just running this:
docker run jenkins
You can connect to jenkins using the container's IP
http://<containers-ip>:8080
The Dockerfile when the Jenkins container is built already exposes port 8080
The Docker Site has a great amount of information on container networks.
https://docs.docker.com/articles/networking
"By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers."
You will need to provide special options when invoking docker run in order for containers to accept incoming connections.
Use the -P or --publish-all=true|false for containers to accept incoming connections.
The below should allow you to access it from another network:
docker run -P -p 8080:8080 jenkins
if you can connect to Jenkins over local network from a machine different than the one docker is running on but not from outside your local network, then the problem is not docker. In this case the problem is what ever machine who is receiving outside connection (normally your router, modem or ...) does not know to which machine the outside request should be forwarded.
You have to make sure you are forwarding the proper port on your external IP to proper port on the machine which is running Docker. This can be normally done on your internet modem/router.
I'm having some troubles running Apache under Docker, and I wanted to ask for some directions. My current setup is the following : I have Docker 0.8 installed on an Ubuntu 12.04 server.
I want to run an Apache server under Docker, and bind it to a specific ip on the host, my intention being to run multiple Apache servers under Docker on the same hardware node each with it's one interface.
Now, I've been able to start the Apache server inside Docker, and have it run like a daemon (-D FOREGROUND, or under supervisord), and I've even been able to bind it to 0.0.0.0:$PORT and access it from the outside. But when I created multiple interfaces on the hardware node let's say 10.10.10.1, and 10.10.10.2, and tried to bind to -p 10.10.10.1:80:80, I'm not able to access 10.10.10.1:80 from the outside.
A little info about the network setup: I have my eth0 interface which has trunking out of which I create multiple vlans on which I want to put Docker instances (probably with a bridge on the eth0.$VLAN_NO, when I want to put more on the same vlan).
So basically, to reiterate, i have started a Docker container bound with -p 10.10.10.1:80:80, with an Apache inside Docker on port 80 and I can't access it (although binded on 0.0.0.0:80:80 works).