Login/Register
Docker can't connect to Container exposed port
Asked Answered
Solved dockernetworkingdocker-composecontainers
V

5

40

SCENARIO:

Hey there,I'm running a docker compose with containers. This compose file works like charm on ma local docker desktop on windows 10. I configured my own network with network driver bridge. Now I want to run the docker compose on an external server with an ubuntu vm. I have remote putty connection to the server. When I run docker-compose up all my services start successfully. I also have portainer running to have a gui control on that.

PROBLEM: Lika I said, all my services are an running. The only difference to my local setup is that I startet portainer as a single container. I cann connect to portainer with my Browser and inspect the whole setup. But when I want to call my expose container, I can't get a connection and get a connection faild error. When I have a look at the IP Adress Column in portainer in the Containers spec, I see that portainer has a different ip than my docker compose containers. So portainer has 172.17.xxx and all the other containers start with 172.20.xxx Obviosly my exposed ports in my private network are not exposed to the host bridge network.

What I expect I want to have my exposed ports to be availble by the ip of my virtual machine like my portainer instance.

Thoughts I'm pretty new to docker so I checked the docs and I thought because of the description:

Within a user-defined bridge network, linking is not supported. You can expose and publish container ports on containers in this network. This is useful if you want to make a portion of the bridge network available to an outside network.

..that bridge as the network driver would connect my network to the local host internet connection.

Question: Is there something wrong when I run portainer seperate from my compose? Is there something else to keep in mind when I run my compose on an external server and not on my localhost in point of networking?

compsose network cfg:

networks:
  my_net:
    driver: bridge

and my compose Version is 2.1

UPDATE: Docker ps says all up and running docker inpsect on a container I want to reach via Internet:

"NetworkSettings": {
            "Bridge": "",
            "SandboxID": "9e1e335ab30f1f4d3f690e8902e06523fa095e7d8bshddkdksis7d66s7sjdjd",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "7778/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "7778"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/9e1e386ttf56",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "my_net": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "3cb72e02c43b",
                        "usermanagement-service"
                    ],

                    "Gateway": "172.20.xx.x",
                    "IPAddress": "172.20.xx.xx",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "DriverOpts": null
                }
            }
        }
    }
Valance answered 1/3, 2019 at 8:51 Comment(10)
what is docker ps or docker inspect result for the container you want to expose ?Junji
updated my answerValance
you have this port 7778 exposed which can be access by anyone. what happen when you try to connect to it using the public ip and the port ?Junji
Yes I expected that i can connect to. But I get the described error that there is no answer by this ip and port.Valance
i mean the full message, does it says timeout? or connection refused ? or something else ?Junji
timeout. So it seems to be a Firewall problem on the serverside. I'm just wondering that 9000 worksValance
If its a timeout then yes probably a firewall however docker should be managing the firewall therefore the port should be allowed. Are you hosting on aws or something ? maybe you forget to allow the new ports on security group?Junji
Yes I guess you are right. I forgot to allow the ports. Thank you very much for your help. I know it's noob mistake but I'll never forget to keep that in mind again :DValance
I have added the answer with explanation so it might help others later :DJunji
It helped me to reinstall docker as it is written in docs.docker.com/engine/install/ubuntuBilicki
J
90

So the problem can be broken down to the following steps:

  1. Check the docker inspect or docker ps results to ensure that you have your port exposed correctly

  2. Try to connect to it using the public IP. If you got an error message for example

    • Connection Refused: The reason could be because the application inside the container is not running as expected. for example you need to ensure that the application bind to 0.0.0.0 and not 127.0.0.1

    • Connection Timeout: The reason could be a firewall outside the server like SecurityGroups in AWS or similar or maybe docker is not managing the server firewall (which is not the default setup)

Junji answered 1/3, 2019 at 9:58 Comment(7)
For future readers, in my case, a process of openvpn was causing timeout for me.Dane
Somehow this eluded me: you need to ensure that the application bind to 0.0.0.0 and not 127.0.0.1. That was my problem. The default port for the application (Apache Tika Server) was localhost, so I had to use --host=0.0.0.0 to fix it in docker. thhhhanks!Jointly
@Jointly in my case I was trying to bind the application to a host with the same name as the service (which is what is described on Docker's documentation) and in fact it only worked for me when I bound it to 0.0.0.0. My question is: if the documentation itself tells us to use the service name as host, why isn't it working? Any misconfiguration maybe?Sheilasheilah
@RodrigoChaves, could you explain the openvpn issue a bit more? How did you work around it?Grasshopper
Thank you guys, --host=0.0.0.0 was my problem as well!Cypsela
Thanks! In my case, the Jetty server inside the container was configured to use a different port than the docker was.Salary
In my case, I just stopped the docker service and started it again, and it worked.Thaothapa
K
23

In my case it was invalid order of arguments:

docker run myrazorapp -p 8080:80

when it should be:

docker run -p 8080:80 myrazorapp

Port args were simply ignored.

Kidnap answered 26/2, 2022 at 12:47 Comment(0)
H
5

Just recently we had similar problem with container to container connection and the problem was badly configured defaul ubuntu firewall ufw

So in our case solution was:

 sudo ufw disable
Huxham answered 20/11, 2022 at 18:20 Comment(0)
M
2

I had this issue running colima on MacOS. Other apps were working fine, which was confusing. Turns out restarting colima was the answer:

colima stop
colima start
Molder answered 4/6, 2023 at 17:39 Comment(1)
This does work on MacOS 14!Margay
P
-1

I had the problem that i specefied RUN npm start instead of CMD npm start

Your Container will start but it will never get exposed. This did it for me

Preventer answered 20/4, 2021 at 11:5 Comment(2)
What did it for you?Unequal
I think piecepaper meant he changed his Dockerfile to use CMD instead of RUN to execute the app and that fixed the issue for him.Glenda

© 2022 - 2024 — McMap. All rights reserved.