I am trying to add a SSL certificate to a wordpress container but the default compose configuration only redirects port 80.
How can I add a new port in the running container? I tried to modify the docker-compose.yml file and restart the container but this doesn't solve the problem.
Thank you.
You should re-create container, when listening new port, like this
docker-compose up -d --force-recreate {CONTAINER}
Expose ports.
Either specify both ports (HOST:CONTAINER), or just the container port (an ephemeral host port is chosen).
Note: When mapping ports in the HOST:CONTAINER format, you may experience erroneous results when using a container port lower than 60, because YAML parses numbers in the format xx:yy as a base-60 value. For this reason, we recommend always explicitly specifying your port mappings as strings.
ports:
- "3000"
- "3000-3005"
- "8000:8000"
- "9090-9091:8080-8081"
- "49100:22"
- "127.0.0.1:8001:8001"
- "127.0.0.1:5000-5010:5000-5010"
- "6060:6060/udp"
https://docs.docker.com/compose/compose-file/#pid
After you add the new port to the docker-compose file, what I did that works is:
Stop the container
docker-compose stop <service name>
Run the docker-compose up command (NOTE: docker-compose start did not work)
docker-compose up -d
According to the documentation the 'docker-compose' command:
Builds, (re)creates, starts, and attaches to containers for a service
... Unless they are already running
That started up the stopped service, WITH the exposed ports I had configured.
Have you tried like in this example:
https://docs.docker.com/compose/compose-file/#ports
Should work like this:
my-services:
ports:
- "80:80"
- "443:443"
you just add the new port in the port section of the docker-compose.yml and then you must do
docker-compose up -d
because it will read the .yml file again and recreate the container. If you do just restart it will not read the new config from the .yml and just restart the same container.
Related
As a training mockup I am trying to setup a jenkins instance behind an nginx reverse proxy ensuring also https.
So I create one container for nginx and one for jenkins. I have succeded, including the nginx configuration with (auto-signed) certificates.
I can reach the jenkins instance using https and the nginx container ip from my machine.
But my final goal is to completely isolate the jenkins container so that it cannot be reached at all from "outside". And this is not achieved.
The default port declared in the official image being 8080, I can still reach the jenkins instance with the jenkins container IP and the port 8080.
I'd made a first setup through an ansible playbook using docker container and it worked well.
But, I cannot obtain the same behavior with docker-compose.
Here is the docker-compose file I wrote.
version: "3.5"
services:
revproxy:
image: nginx:alpine
depends_on:
- jenkins_ci
networks:
- proxy
ports:
- "90:8080"
- "443:443"
volumes:
- /home/vagrant/dockerResources/etc/certs:/etc/nginx/certs
- /home/vagrant/dockerResources/etc/nginx/conf.d/reverse_proxy.conf:/etc/nginx/conf.d/reverse_proxy.conf
jenkins_ci:
image: jenkins/jenkins:lts
networks:
- proxy
networks:
proxy:
name: revProxy
internal: yes
When inspecting the jenkins_ci container, I can find its IP and direct my browser to this IP with port 8080. That's I don't want to be able to do. I would like the jenkins container to be reachable only through nginx reverse proxy address.
If someone could give me a hint.
I finally found a solution to my problem.
Knowing that the jenkins image default exposed port is 8080, I have set :
ports:
- "8080"
on the jenkins_ci service definition in the docker-compose file.
Now, I can see that there is no more IP address for jenkins_ci container. Nevertheless, it remains accessible from another container (here, the nginx one) thanks to the service name (so jenkins_ci).
I found the solution within this question.
Unfortunaltely, declaring the exposed port number without its public counterpart to hide the exposed port (and thus the IP if no port at all are publicly exposed) is not recall in the docker-compose port syntax section.
Hi I'm am creating 3 webApi's a GateWay and I'm using docker in visualStudio0217 (.netCore).
The projects compile fine and I see the images were created.
But whe I try to go to the Url's http://LocalHost:9002 or http://LocalHost:9000 these dont work
I have this docker compose:
Do I need to do something else?
instead of http://LocalHost:9002 use http://localhost:57978
instead of http://LocalHost:9000 use http://localhost:46429
Explanation
0.0.0.0:57978->8041/tcp means that host port 57978 is mapped to container port 8041
0.0.0.0:46429->8043/tcp means that host port 46429 is mapped to container port 8043
You can use this command to inspect your connections
docker inspect container_name
Maybe you can try to add the "ports" in your docker-compose for each service.
Example:
ports:
- "9002:80"
Consider the following docker-compose.yml
version: '2'
services:
serv1:
build: .
ports:
- "8080:8080"
links:
- serv2
serv2:
image: redis
ports:
- "6379:6379"
I am fowarding the ports to the host in order to manage my services, but the services can access each other simply using the default docker network. For example, a program running on serv1 could access redis:6379 and some DNS magic will make that work. I would like to add my host to this network so that i can access container's ports by their hostname:port.
You can accomplish this by running a dns proxy (like dnsmasq) in a container that is on the same network as the application. Then point your hosts dns at the container ip, and you'll be able to resolve hostnames as if you were in the container on the network.
https://github.com/hiroshi/docker-dns-proxy is one example of this.
If you need a quick workaround to access a container:
Get the container IP:
$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id
172.19.0.9
If you need to use the container name, add it to your /etc/hosts.
# /etc/hosts
172.19.0.9 container_name
I am not sure if I understand you correctly. You want e.g. your redis server be accessible not only from containers that are in the same network, but also from outside the container using your host ip address?
To accomplish that you have to use the expose command as described here https://docs.docker.com/compose/compose-file/#/expose
expose:
- "6379"
So
ports:
- "6379:6379"
expose:
- "6379"
should do the trick.
The EXPOSE instruction informs Docker that the container listens on
the specified network ports at runtime. EXPOSE does not make the ports
of the container accessible to the host. To do that, you must use
either the -p flag to publish a range of ports or the -P flag to
publish all of the exposed ports. You can expose one port number and
publish it externally under another number.
from https://docs.docker.com/engine/reference/builder/#expose
Just modify the hosts file on your host machine to add the container entries.
Example:
127.0.0.1 container1
127.0.0.1 container2
127.0.0.1 container3
Assuming that the binding of the ports has been done.
I need a better up-to-date solution the following problem:
Problem: I have to manually create an iptable rule in order to allow a route from a dynamically docker bridge to the host. Otherwise container a cannot connect to container b because there is by default no route from a docker network to the docker host itself.
I have the following setup:
container-nginx (docker)
|
|-container-jira (docker) (https://jira.example.com)
|-container-confluence (docker) (https://confluence.example.com)
In order to have properly functioning Atlassian application links between Jira and Confluence:
Jira accesses Confluence over https://confluence.example.com
Confluence accesses Jira over https://jira.example.com
I use docker-compose for the whole setup and all container are inside the same network. By default this will not work i will get "no route to host" in both containers for hosts confluence.example.com and jira.example.com. Because every container inside the docker network have no route to the docker host itself.
Currently, each time the setup is initialized I manually create an iptable rule from the dynamically created docker bridge with id "br-wejfiweji" to the host.
This is cumbersome, is there "a new way" or "better way" to do this in Docker 1.11.x?
docker-compose version 2 does create a network which allows all containers to see each other. See "Networking in Compose" (since docker 1.10)
If your containers are created with the right hostname, that is jira.example.com and confluence.example.com (see docker-compose.yml hostname directive), nginx can proxy-pass directly to jira.example.com and confluence.example.com.
Those two hostname will resolve to the right IP address within the network created by docker-compose for those 3 (nginx, jira and confluence) containers.
I suggest in the comment to use an alias in order for jira to see confluence as nginx (nginx being aliases to confluence), in order for jira to always use nginx when accessing confluence.
version: '2'
services:
# HTTPS-ReverseProxy
nginx:
image: blacklabelops/nginx
container_name: nginx
networks:
default:
aliases:
- 'crucible.example.com'
- 'confluence.example.com'
- 'crowd.example.com'
- 'bitbucket.example.com'
- 'jira.example.com'
ports:
- '443:443'
I am trying to setup xdebug integration on my docker-based setup.
I am using Docker for Mac 1.12.0-rc2-beta17 with the "native" docker machine
I have a container, with xdebug installed, exposing port 9000 and mapping it to the port 9000:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6950c2a2b05d app "/usr/bin/supervisord" 9 minutes ago Up 9 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:2222->22/tcp app_1
When I'm trying to use PhpStorm to listen to the port 9000 for debug connections, I'm getting an error "Cannot listen: port 9000 is busy".
I must precise that I'm a newbie in networks..
It dependent how you want to connect via Xdebug
xdebug.remote_connect_back=1 said that PHP will wait until a HTTP request with GET parameter XDEBUG_SESSION_START=<IDE_key>. Then will PHP within the server try to connect back via port 9000 where your PHPStorm is listing. Classic don't call us, we will call you situation.
Now your situation with docker say simple, your container is responsible for port 9000. So PHP will get a loopback and PHPStorm isn't able to use port 9000 because its already used by your docker container.
So skip the assignment of port 9000 to docker, that will fix this situation.
You must bind 9000 port with --expose option.
This is the reference
if you are using docker compose sample docker-compose.yml file is here:
version: '2'
services:
your_app:
ports:
- "80:80"
expose:
- "9000"
image: "your-image:tag"
Firstly check your container logs to debug:
docker logs 6950c2a2b05d
or
docker logs app_1
Add -f flags for tail-like behavior:
docker logs -f app_1
Two things I discovered:
There is no need to expose the port 9000 on a container with xdebug (that seems rather counter-intuitive for me, as I do not exactly understand how my IDE connects to xdebug then).
I was able to use xdebug using the workaround described in https://forums.docker.com/t/ip-address-for-xdebug/10460/4.