I'm having some troubles running Apache under Docker, and I wanted to ask for some directions. My current setup is the following : I have Docker 0.8 installed on an Ubuntu 12.04 server.
I want to run an Apache server under Docker, and bind it to a specific ip on the host, my intention being to run multiple Apache servers under Docker on the same hardware node each with it's one interface.
Now, I've been able to start the Apache server inside Docker, and have it run like a daemon (-D FOREGROUND, or under supervisord), and I've even been able to bind it to 0.0.0.0:$PORT and access it from the outside. But when I created multiple interfaces on the hardware node let's say 10.10.10.1, and 10.10.10.2, and tried to bind to -p 10.10.10.1:80:80, I'm not able to access 10.10.10.1:80 from the outside.
A little info about the network setup: I have my eth0 interface which has trunking out of which I create multiple vlans on which I want to put Docker instances (probably with a bridge on the eth0.$VLAN_NO, when I want to put more on the same vlan).
So basically, to reiterate, i have started a Docker container bound with -p 10.10.10.1:80:80, with an Apache inside Docker on port 80 and I can't access it (although binded on 0.0.0.0:80:80 works).
Related
I built both containers using a Dockerfile (for each). I have the NGINX container pointing (proxy_pass http://localhost:8080) to the port that the web app is exposed (via -p 8080:80). I am able to get it to work when I just install NGINX in the linux machine, but when I use a dockerized NGINX, I just get the default NGINX index.html. Do I have to build both containers using Docker-Compose.yml file (as oppose to Dockerfile) when I want the containers working together? Sorry, if I didn't put any code, but at this point, I'm just wanting to know if I'm taking the correct approach (using Dockerfile or Docker-Compose).
The Nginx proxy needs access to the host (!) network for this to work, e.g.:
docker container run ... --net=host ... nginx
Without it, localhost refers to the proxy (localhost) which likely has nothing on :8080 and certainly not your web app.
Alternatively, if the proxy's container (!), can resolve|access the host then processes in the container can refer to host-accessible ports using the host's DNS name or IP.
Docker Compose (conventionally) solves this by putting the containers onto a new virtual network. The difference then would be that, rather than mapping everything onto host ports, each container (called a service) gets a unique name and a container called proxy could refer to a container called web on port 8080 as http://web:8080.
You may achieve similar results with Docker only by creating a network and then running containers on it, e.g:
docker network create ${NETWORK}
docker container run ... --net=${NETWORK} --name=proxy ...
...
I am running a angular app on node server and in server.js I have specified app.listen(8084,localhost)..So when i run npm start in the docker container and try to -p 8084:8084 in docker run I was not able to get anything, even though the curl command inside my container curl localhost:8084 was giving me right result.
So i change the app.listen(8084) and the -p 8084:8084 started working..I am not sure why ?
When you open socket, you need to bind it to some interface in your system. There are predefined values:
0.0.0.0 - all interfaces, your service will be available from any interface
locahost, 127.0.0.1 - bind locally. That means service is NOT available from oustide -- this is your case.
You also can specify particular interface IP address to bind to it.
When you start your container, by default docker start default bridge network, so your container is being put into separate network and to access it, you need to allow incoming remote connections in container.
You bind your service to localhost into a container, so no communication is possible outside the container. localhost for your node server is not the same than localhost for your container.
I have a situation where node-container can reach mongo-container if it uses mongo-container's name such that Docker translates it to its internal IP (which I think is how it works). They are running at the same Docker host.
However, if developing locally (not on the Docker host server), we reach mongo by giving domain-name:port to the node-container. This configuration works fine both locally (with/without Docker) and at the server, but only without Docker (so npm start "directly").
The Docker containers at the host are connected to a Docker bridge network.
We would like to use the domain-name:port configuration everywhere ideally, so that we don't have to think about the Docker side of things.
I would like to understand what happens in terms of networking. My rough networking understanding thinks this happens:
WORKING SITUATION # SERVER BY SKIPPING DOCKER:
Host[npm start]-->Node[need to check <domain-name:port>]-->DNS server[this is the IP you need]-->Host[Yes my IP + that port leads to mongo-container].
BROKEN SITUATION # SERVER BY USING NODE BEHIND DOCKER:
Host[docker-compose up etc... npm start via node container]-->Node[need to check <domain-name:port>]-->DNS server[Problem here?].
Thanks for any insights.
So, I'm trying to get Jenkins working inside of docker as an exercise to get experience using docker. I have a small linux server, running Ubuntu 14.04 in my house (computer I wasn't using for anything else), and have no issues getting the container to start up, and connect to Jenkins over my local network.
My issue comes in when I try to connect to it from outside of my local network. I have port 8080 forwarded to the serve with the container, and if I run a port checker it says the port is open. However, when I actually try and go to my-ip:8080, I will either get nothing if I started the container just with -p 8080:8080 or "Error: Invalid request or server failed. HTTP_Proxy" if I run it with -p 0.0.0.0:8080:8080.
I wanted to make sure it wasn't jenkins, so I tried getting just a simple hello world flask application to work, and had the exact same issue. Any recommendations? Do I need to add anything extra inside Ubuntu to get it to allow outside connections to go to my containers?
EDIT: I'm also just using the official Jenkins image from docker hub.
If you are running this:
docker run -p 8080:8080 jenkins
Then to connect to jenkins you will have to connect to (in essence you are doing port forwarding):
http://127.0.0.1:8080 or http://localhost:8080
If you are just running this:
docker run jenkins
You can connect to jenkins using the container's IP
http://<containers-ip>:8080
The Dockerfile when the Jenkins container is built already exposes port 8080
The Docker Site has a great amount of information on container networks.
https://docs.docker.com/articles/networking
"By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers."
You will need to provide special options when invoking docker run in order for containers to accept incoming connections.
Use the -P or --publish-all=true|false for containers to accept incoming connections.
The below should allow you to access it from another network:
docker run -P -p 8080:8080 jenkins
if you can connect to Jenkins over local network from a machine different than the one docker is running on but not from outside your local network, then the problem is not docker. In this case the problem is what ever machine who is receiving outside connection (normally your router, modem or ...) does not know to which machine the outside request should be forwarded.
You have to make sure you are forwarding the proper port on your external IP to proper port on the machine which is running Docker. This can be normally done on your internet modem/router.
I am running docker on OSX via boot2docker. I am using docker remotely, via the API.
I create several images of a web server. Docker assigns different IP address to each container, like 172.17.0.61. Each web server is running on port 8080.
Inside VM, I can ping the server on this address.
How can I map these different container IP addresses (from VM) to the same one in VM, but on different port? E.G.
<local.ip>:9001 -> 172.17.0.61:8080
<local.ip>:9002 -> 172.17.0.62:8080
where local.ip may be either ip from boot2docker or anything else.
Possible solution is to define port bindings when creating container and bind each container to a different port. However, I would like to avoid that, since this config becomes part of the container, and only exist because running on OSX. If I do all this above on linux, we would not have this issue.
How to map inner containers to different ports?
Publishing ports is the right solution. You have the same problem whether you're running remotely or locally, just the IP address changes.
For example, say I start the following web servers:
$ docker run -d -p 8000:80 nginx
$ docker run -d -p 8001:80 nginx
From inside the VM (run boot2docker ssh), I can then run curl localhost:8000 or curl localhost:8001 to reach the website. This is the normal way of working with Docker on Linux. From the Mac command line, it becomes curl $(boot2docker ip):8000 because of the VM, but we've not done anything different with regards to starting the web servers because of boot2docker.