When I try to assign a public IP address to a container of mine (this one is an Nginx proxy container, so I'm exposing ports 80 and 443) I've had pretty significant issues with getting the public IP address to actually work.
Sometimes it will hang while networking the container, and other times the networking will finish but the public IP address still doesn't show any content.
I decided to cf ic exec -it nginx bash into the container and see if I could connect to any site simply by doing something like ping 8.8.8.8 and it fails to even connect, telling me Destination Host Unreachable. I'm wondering if this has something to do with the Nginx container or if anyone else has had issues networking with Bluemix Containers?
Sounds like an issue on containers network for that tenant. In this case, only container team can assist you. So open a support request directly from your Bluemix console or you can open a new ticket here: https://support.ng.bluemix.net/gethelp/
Related
I have a docker container running on a Centos host and has a host port: container port mapping. The docker container has an web application running.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2f8ce62bb69 image1 "/bin/bash" 16 hours ago Up 16 hours 22/tcp, 0.0.0.0:7001->7001/tcp nostalgic_elion
I can access the application over http by host IP address and host port which is mapped. However if I replace the host IP with container IP, then I get an error saying "site cannot be reached" ERR_CONNECTION_TIMED_OUT.
Is it possible to access using the container IP and exposed port over http? Unfortunately I do not have much background on networking.
By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers. (https://docs.docker.com/v1.7/articles/networking/)
The docs however, say it is possible to have outside world talk to containers with some extra run options. The docs say about using the run with options -P or ----publish-all=true|false. Refer the options in the same docker networking page.
If your only need is to share different ip address to teams. update your host file with the docker containers ip address - localhost
My /etc/hosts file:
container-ip localhost
container-ip localhost
container-ip localhost
I'm using Docker to network together two containers and one of the containers needs to be able to access the host network for service discovery. I cannot use -net=host because that makes the other container inaccessible.
What I am looking for is essentially a way to add the host network as a "secondary" network to the docker container so it can access other containers, as well as the host network.
Hopefully that makes sense. Docker is still very new to me so I apologize if my explanation is lacking.
EDIT: To elaborate more on the kind of discovery I need, basically I am running Plex media server inside a container and PlexConnect inside another container. In order for PlexConnect to be able to detect the right IP for Plex, it needs to be able to access the 192.168 local network of the host since it serves as the DNS for an AppleTV outside the Docker network.
So containers are as follows:
Plex (bridge mode and binds to the host port 192.168.1.100:32400)
PlexConnect (separate subnet of bridge mode, needs to be able to access 192.168.1.100:32400)
tl;dr I need what BMitch suggested below but the docker-compose version.
I have a use-case where my Docker container's second interface needs to share the interface of the host's second network interface. Is this possible using docker network connect? If so, how would it be done?
May not be the answer, but a bit too long to explain in a comment
If I were you I would:
Start the container with --net=host
Start up the container by sharing the host stack IP:
user#host:~$ docker run --name=c0 --net=host docker-image
Plug it in into the network
With the command
user#host:~$ docker network connect mynet c0
But I just tried it and here is the error message:
Error response from daemon: Container sharing network namespace with another container or host cannot be connected to any other network
As this is not working I guess it is not (yet?) possible. I suggest you to work around your need of the host stack IP (which must be consider as insecure btw).
Why do you need the host stack IP?
I'm pretty new to Docker. I started by approaching with the VM mindset, but I'm realizing that it uses a whole different paradigm from VMs, or even traditional LXC containers.
The biggest challenge has been with understanding how networking works. I'm trying to use Docker to run multiple services on a machine that require some of the same ports, to avoid port conflicts.
I want to access all of them using the FQDN of the host machine, without having to worry about adding the container FQDNs to DNS. I'm forwarding the relevant container ports to unused host ports.
The problem is that, when I try to access the services from my browser, it's redirected to the FQDN of the container, which it can't resolve. The result is a "Server not found" error.
Is there a way to hide all the containers behind the host's FQDN, without ever having to resolve the containers' FQDNs?
You can make each docker container use a different outside port and then have a server docker with something like nginx or apache that reverse proxies the requests. I had to build something like this that takes everything in at one hostname and then passes through all the traffic to the appropriate container and port.
The difficulty is docker containers having new addresses each time they're created. You can dynamically figure out their addresses when they start up and have the proxy container start last with those addresses. The way you can grab those addresses is with a 'docker inspect' and awk the data you want, or you can use one of these libraries like docker-py to grab the relevant data.
On a VPS with a static, publicly routable IP, I have a simple web server running (on port 8080) in a container that exports port 8080 (-p 0.0.0.0:8080:8080).
If I spin up another container on the same box and try to curl <public ip of host>:8080 it resolves the address, tries to connect but fails when making the request (it just hangs).
From the host's shell (outside containers), curl <public ip of host>:8080 succeeds.
Why is this happening? My feeling is that, somehow, the virtual network cards fail to communicate with each other. Is there a workaround (besides using docker links)?
According to Docker's advanced networking docs (http://docs.docker.io/use/networking/): "Docker uses iptables under the hood to either accept or drop communication between containers."
As such, I believe you would need to setup inbound and outbound routing with iptables. This article gives a solid description of how to do so: http://blog.codeaholics.org/2013/giving-dockerlxc-containers-a-routable-ip-address/