I would like to deploy a container based app in azure container service, and followed this tutorial.
https://learn.microsoft.com/en-us/azure/container-service/dcos-swarm/container-service-mesos-marathon-ui
Everything went well except that the public url is showing
ERR_CONNECTION_TIMED_OUT in browser.
When pinging the url, able to get the IP address but pings are showing as timed out.
I have verified agents LB with port 80 as allowed in the rules list.
How to access the application through public web ?
When pinging the url, able to get the IP address but pings are showing
as timed out.
Azure disable ICMP package, so you could not ping Azure public IP address. You could use telnet or tcping to check whether your service is listening.
Do you bind port 80 of the container to port 80 of the DC/OS agent? If I don't do this, I get same error log with you. Please refer to this link.
Note: I test in my lab, if I did not do this, nginx service will listen on other port. I ssh to the agent VM.
root#dcos-agent-public-65818314000001:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7e8091548413 nginx "nginx -g 'daemon off" 14 minutes ago Up 14 minutes 0.0.0.0:4912->80/tcp mesos-d7be0314-6be2-467b-8376-433a05033b17-S1.42edeac0-2aa3-4ecd-acaa-17d5f2f4ac19
The service is listening on port 4912 not 80.
If you do this step, I suggest you also could ssh to agent VM(same user name and private key) and execute docker ps .
Related
I have my website running in a docker container hosted on azure vm. I can ping, ssh - but cant browser outside of the vm. Mysql, http, htpps,ssh, ICMP ports are open.
What am i missing here?
I have a flask app running in a docker container on an Azure vm.
App is running at port 5000 and I'm exposing that port to docker
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57cdce7b5b2b auto_ml2:latest "/bin/sh -c 'python3…" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp serene_mcnulty
mlcontainers2#automl:/$
I'm trying to make the following API call:
headers = {'content-type': 'application/json'}
url = "http://XX.XX.X.XX:5000/api/AutoML"
resp = requests.post(url,data=json.dumps(data), headers=headers )
But after a while, I just get a time out error:
Failed to establish a new connection: [Errno 110] Connection timed out'))
I thought the port must be closed, so I added a rule for it and opened ports 80 and 5000-6000 and reboot the VM
But I get the same error after this.
EDIT
I tested it from the VM, there it works fine:
But from a remote request I keep getting the same error:
For this issue, first, you need to make sure that you can access the container from the image inside the VM. Then you need to add the rule to allow all the TCP ports necessary in the NSG which associated with the VM. Finally, you can access the API server outside the VM via the VM public IP with the right port which allowed in the NSG rule.
I have created a docker container in Azure on Windows 2016.
Here is my DOCKERFILE:
FROM microsoft/aspnet
COPY ./ /inetpub/wwwroot
EXPOSE 443
EXPOSE 80
I run it up like so:
docker run -d --name myctr myimg -p 443:443
I can browse to it via the a domain name, which I configure in the hosts file. SUCCESS!
On a remote machine, outside of the Azure network, I configure my hosts file, using the IP address of the Azure VM (and have also tried using the IP address of the container - not sure which one to use!)
However, I can't browse to it from outside of Azure.
Windows Firewall
I have disabled the Windows firewall.
Azure NSG
I have set up a Network Security Group which allows traffic in on port 443 (I have another website running on this box, and can access it from outside of Azure, with success)
Netstat shows the following:
netstat -ano | findstr :443 | findstr ESTABLISHED
TCP 10.0.0.4:49682 99.99.99.99:443 ESTABLISHED 1252
TCP 10.0.0.4:49700 99.99.99.98:443 ESTABLISHED 2476
TCP 10.0.0.4:49718 99.99.99.92:443 ESTABLISHED 5112
How do I configure the container/host/Azure so that I can view the website hosted on the container from a remote machine outside of Azure?
Any ideas greatly appreciated!
How do I configure the container/host/Azure so that I can view the
website hosted on the container from a remote machine outside of
Azure?
By default,-p 80:80 means we are mapping port 80 of container to host port 80. So now others can access port 80 of your host to hit port 80 of container.
Here a example:
PS C:\Users\jason> docker run -d -p 80:80 microsoft/iis
3bf999503cd3110ae8fb1c01cc5c8c6153645a0d533960339490a0ba50634d3a
After add port 80 to NSG inbound rule, I can browse it via Internet:
I have set up a Network Security Group which allows traffic in on port
443 (I have another website running on this box, and can access it
from outside of Azure, with success)
In your scenario, your port 443 in use, we can't bind docker with port 443, please try another port.
1- I created a new containerservice in azure.
2 - The creation was done following the portal step by step.
3 - I have not changed any configuration of any service, VM, balancing, master and agent.
4 - I can connect with PuTTY normally.
5 - I can open a tunnel by redirecting port 80 to port 80.
Following this tutorial, I can put the container to run::
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffe6a1c890e4 yeasy/simple-web "/bin/sh -c 'pytho..." 31 minutes ago Up 31 minutes 0.0.0.0:80->80/tcp vibrant_morse
If I access localhost from my browser I can reach port 80 of the container and see the identical "Real Visit Results" page of the tutorial.
But in the tutorial it says that if I use load balancer's DNS I should see the result, that's my problem, I can not access the container through DNS, I only get timeout.
Reinforcing, I created a container service and did not change any configuration, just entered with PuTTY and put the container to run.
According to your description, it seems that you don't set your DOCKER_HOST environment variable to the local port configured for the tunnel. When you ssh to your master VM, you need execute command below:
export DOCKER_HOST=:2375
Run the Docker commands that tunnel to the Docker Swarm cluster. For example:
docker info
If you don't set the environment variable on the tunnel, the docker contanier is created on master VM, so you could not get the Web with agent Public IP.
Also, you could not set environment variable, but you need to point to the host when you execute docker command. More information please refer to this link
I want to telnet virtual machine on port 1234. I have server.exe running on vm which listens to port 1234.
When I run telnet within virtual machine cmd "telnet 127.0.0.1 1234" response is
"ok"
However when I run telnet from outside using "telnet publicIP 1234" response is
Connecting To publicIP...Could not open connection to the host, on
port 1234: Connect failed
I have added endpoints in azure portal and tried switching off the firewall from both virtual machine and my local machine.
Can anyone please suggest?
Two things to consider:
Make sure that your server.exe listens also the VM network adapter, but not only on 127.0.0.1
Make sure that your ISP( Internet Provider) does not block outgoing ports - very common issue.
To avoid (2) change the public port for the VM Endpoint to 80 and try with telnet publicIP 80
To make sure you comply with (1), while on the VM try telnet **localIP** 1234