So I have a NGINX server listening on port 8080 with uwsgi on Vagrant box. The config.vm.forward_port 8080, 80 is not working for me. I know that it's recommended to forward on ports higher than 2000, but I need the 80. Is there any issue for that?
I'm using vagrant for development, but I need to make some tests from outside using my domain name on port 80.
Thanks for your help.
When trying to forward ports to less than 1025 vagrant gives me following message which you might have missed:
You are trying to forward to privileged ports (ports <= 1024). Most
operating systems restrict this to only privileged process (typically
processes running as an administrative user). This is a warning in case
the port forwarding doesn't work. If any problems occur, please try a
port higher than 1024.
I was using port forwarding to same port with following configuration:
config.vm.forward_port 80, 80
And then run vagrant up, but when trying curl localhost, it wasn't able to connect to host. But when running vagrant as sudo user sudo vagrant up, then I was able to access the port from my host.
is port 80 available i.e. if you run netstat -an | grep 80, does it show in the list as already being used by another process? Is uwsgi added to the module list of nginx (and did you run make/make install on it)? Have you tried checking if you need to use higher privilenges (perhaps try running as sudo).
Related
I am trying to walk through a tutorial that brings up an application in a docker/podman container instance.
I have attempted to use -p port:port and --expose port but neither seems to work.
I've ensured that I see the port in a listen state with ss -an.
I've made sure there isn't anything else trying to bind to that port.
No matter what I do, I can never hit localhost:port or ip_address:port.
I feel like I am fundamentally missing something but don't know where to look next.
Any suggestions for things to try or documentation to review would be appreciated.
Thanks,
Shawn
Expose: (Reference)
Expose tells Podman that the container requests that port be open, but
does not forward it. All exposed ports will be forwarded to random
ports on the host if and only if --publish-all is also specified
As per Redhat documentation for Containerfile,
EXPOSE indicates that the container listens on the specified network
port at runtime. The EXPOSE instruction defines metadata only; it does
not make ports accessible from the host. The -p option in the podman
run command exposes container ports from the host.
To specify Port Number,
The -p option in the podman run command exposes container ports from
the host.
Example:
podman run -d -p 8080:80 --name httpd-basic quay.io/httpd-parent:2.4
In above example, Port # 80 is the port number which Container listens/exposes and we can access this from outside the container via Port # 8080
I have a wordpress official container with a dock port 80 mapped to 32795 external... when I go to administration area of wordpress I get this error:
Important: HTTP Loopback Connections are not enabled on this server. If you need to contact your web host, tell them that when PHP tries to connect back to the site at the URL http://localhost:32795/wp-admin/admin-ajax.php and it gets the error cURL error 7: Failed to connect to localhost port 32795: Connection refused. There may be a problem with the server configuration (eg local DNS problems, mod_security, etc) preventing connections from working properly.
I think the problem is that the site inside the container tries to communicate with the 32795 port instead of 80, but it can not because this door is only seen from the outside of the container...
I created a script inside the site with phpinfo, and I checked the loopback connections are on...
There is a solution for this? I have docker un windows with kitematic
thanks
I had a similar problem running WordPress with Nginx on Docker Desktop for Windows. I needed to add an entry to the container's hosts file that directed my local.example.com domain to hit my ingress-nginx controller so that WordPress' loopback requests would work. Although my setup might be slightly different this might help you.
Open /Windows/System32/drivers/etc/hosts and copy the IP address that's next to host.docker.internal. Add an entry to the container's hosts file on startup that ties the domain to the hosts IP by doing one of the following. IP is what you copied from your machine's hosts file by host.docker.internal
Docker argument:
--add-host="local.example.com:IP"
Docker compose:
extra_hosts:
- "local.example.com:IP"
Kubernetes:
hostAliases:
- ip: "IP"
hostnames:
- "local.example.com"
Problem is inside the container the opened port is 80 and docker is exposing 32795 for external connections
Wordpress configuration is pointing to port 32795, you might expose port 80 by doing docker run -p 80:80 and change wordpress configuration to use port 80
If you can't use port :80 a little bit more complicated solution is to use iptables port forwarding internally
Example
➜ ~ docker run -d --cap-add=NET_ADMIN --cap-add=NET_RAW -p 5000:80 nginx
835b039cc92bd9f32b960181bf370d39869c88f5a757423966b467fe01ac219e
➜ ~ docker exec -it 835b039cc92bd9 bash
root#835b039cc92b:/# apt update -qqq ; apt install iptables -yqqq
root#835b039cc92b:/# iptables -t nat -A OUTPUT -o lo -p tcp --dport 5000 -j REDIRECT --to-
port 80
root#835b039cc92b:/# apt install telnet -yqqq
root#835b039cc92b:/# telnet localhost 5000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root#835b039cc92b:/# exit
# from outside the container
➜ ~ telnet localhost 5000
Trying ::1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
I am trying to run Nginx, but I am getting the error below:
bind() to 0.0.0.0:80 failed (10013: An attempt was made to access a
socket in a way forbidden by its access permissions)
Please provide some help on what changes I need to do to make it working?
I have tried running on ports other than 80 and it works. but I need it to be running on 80.
Note: I am running on Windows 7 with command prompt running as Administrator.
If the port is already in use, you can change the default port of 80 to a different port that is not in use (maybe 8070). In conf\nginx.conf:
server {
listen 8070;
...
}
After startup, you should be able to hit localhost:8070.
tl;dr
netsh http add iplisten ipaddress=::
Faced similar issue. Run the above command in command prompt.
This should free up port 80, and you'd be able to run nginx.
Description:
netsh http commands are used to query and configure HTTP.sys settings and parameters.
add iplisten :
Adds a new IP address to the IP listen list, excluding the port number.
"::" means any IPv6 address.
For more netsh http commands refer the netsh http commands documentation.
Hope this helps!!
You have to be admin or root to bind port 80. Something you can do if you cannot run as root, is that your application listens to other port, like 8080, and then you redirect messages directed to 80 to 8080. If you are using Linux you redirect messages with iptables.
nginx: [emerg] bind() to 0.0.0.0:80 failed (10013: An attempt was made to access a socket in a way forbidden by its access permissions)
I got a similar problem, My 80 port was listening to IIS (windows machine). Stopping IIS freed up 80 port.
The problem got resolved...!!
Please check if another Proxy is running under port 80 ---> in my case IIS was running as a reverse proxy, so nginx could not start..
Stopping IIS, and starting of NGXIN solved the problem
My Tomcat server was running on port 80. Changed the port number in conf\nginx.conf file and it started to work.
This is an old question but since I had this problem recently I thought of posting another possible reason in this problem.
If the user is using Docker and has already tried all proposed solutions as stated above and is wondering why port 80 is trying to bind although on your configurations you are overwriting the port to non root port e.g. listen 8080; it seems that the newer NGINX images have a default nginx.conf file in /etc/nginx/conf.d.
Sample:
$ grep -r 80 /etc/nginx/
/etc/nginx/conf.d/default.conf: listen 80;
On my case I removed it on my Dockerfile:
RUN set -x \
&& rm -f /etc/nginx/nginx.conf \
&& rm -f /etc/nginx/conf.d/default.conf
Next step pass from my custom configurations:
COPY ["conf/nginx.conf", "/etc/nginx/nginx.conf"]
I am using the latest version of boot2docker version 1.3.2, 495c19a on a windows 7 (SP1) 64 bit machine.
My docker container is running a celery process which attempts to connect to a rabbitMQ service running on the same machine that boot2docker is running on.
The Celery process running within the docker container cannot connect to RabbitMQ and reports the following :
[2014-12-02 10:28:41,141: ERROR/MainProcess] consumer: Cannot connect
to amqp:// guest:**#127.0.0.1:5672//: [Errno 111] Connection refused.
Trying again in 2.00 seconds...
I have reason to believe this is a network related issue, associated with routing from the container, to the VirtualBox host, and from the host to the RabbitMQ service running on the local machine; I do not know how to configure this and I was wondering if anyone can advise me how to proceed?
I tried setting up port 5672 in port forwarding but it didn't work (but I believe this is for incoming traffic to the VM, like boot2docker ssh).
I am running the container as docker run -i -t tagname
I am not specifying a host with -h when I run the container.
I'm sorry if this question appears rather clueless or if the answer appears obvious ... I appreciate any help!
Some additional information :
The routing table of the host VM is what boot2docker configured during installation as follows :
docker0 IP Address is 172.17.42.1
eth0 IP Address is 10.0.2.15
eth1 IP Address is 192.168.59.103
eth0 is attached to NAT (Adapter 1) in the VirtualBox VM network configuration.
Adapter 1 has port forwarding setup for ssh; default setting of host IP 127.0.0.1, host port 2022, guest port 22.
eth1 is attached to Host-only adapter (Adapter 2).
Both adapters are set to promiscuous mode (allow all).
The IP Address of the docker container is 172.17.0.33.
[2014-12-02 10:28:41,141: ERROR/MainProcess] consumer: Cannot connect to amqp:// guest:**#127.0.0.1:5672//: [Errno 111] Connection refused. Trying again in 2.00 seconds...
127.0.0.1 is a special IP address that means "me", and inside the container it means "me the container", so this is why it is not connecting to the outer host. So the first thing to do is change the IP address where you are trying to connect to Rabbit to that of the outer host where it is running.
Then you probably have to do something about routing, but let's take one step at a time.
as your RabbitMQ server is running on your Windows host, you need to tell your container that it should talk to that IP - which would probably be 192.168.59.3
most importantly, your container's 127.0.0.1 is only a loopback device to that container's services - not even the boot2docker vm's ports.
You could set up an ambassador container that has --expose=80 and uses something like socat to forward all traffic from that container to your host (see svendowideit/ambassador). Then you'd --link that ambassador container to your current image
but personally, I'd avoid that initially, and just configure your containerised app to talk to the real host's IP
You have to specifc explicitely ports for port redirection separately for boot2docker and docker.
Please try this:
c:\>boot2docker init
c:\>boot2docker up
c:\>boot2docker ssh -L 0.0.0.0:5672:localhost:5672
docker#boot2docker:~$ docker run -it -p 5672:5672 tagname
Fedora in VirtualBox running django dev server (bound to 0.0.0.0:8000) and nginx (listening to port 90)
I have NAT connection set up for the VM and port forwarding 8000 -> 8000, 8001 -> 90
I can see django as 127.0.0.1:8000
But no response from 127.0.0.1:8001
Any ideas?
Dumb question: Can the Fedora guest connect OK to nginx running locally?
Not so dumb question: Have you used tcpdump/wireshark/smartsniff or a similar tool to see if the traffic is making it through the host->guest at all? perhaps the Fedora firewall is blocking non-local connections to port 90?
Also, why not just add a "Host Only" second network adapter to the Fedora guest and forget about fiddling with the NAT settings?