Can't Access Publicly Exposed Docker Container Port from External Machine, Only from Localhost

  • Home
  • Languages
  • Linux
  • Can't Access Publicly Exposed Docker Container Port from External Machine, Only from Localhost

Can't access publicly exposed Docker container port from external machine, only from localhost?

You didn't publicly publish your port with this flag:

-p 127.0.0.1:7091:7091

That flag says to publish on the host 127.0.0.1 interface (localhost), port 7091 to the containers port 7091. The only way to reach that port is to be on the host and connect to the loopback interface.

To publicly publish the port, remove the IP from that flag:

-p 7091:7091

or explicitly publish to all interfaces with:

-p 0.0.0.0:7091:7091

The latter format is identical to the first one as long as you haven't overridden your docker daemon settings with dockerd --ip x.x.x.x or setting the ip value in your /etc/docker/daemon.json file.

Docker can't connect to Container exposed port

So the problem can be broken down to the following steps:

  1. Check the docker inspect or docker ps results to ensure that you have your port exposed correctly

  2. Try to connect to it using the public IP. If you got an error message for example

    • Connection Refused: The reason could be because the application inside the container is not running as expected. for example you need to ensure that the application bind to 0.0.0.0 and not 127.0.0.1

    • Connection Timeout: The reason could be a firewall outside the server like SecurityGroups in AWS or similar or maybe docker is not managing the server firewall (which is not the default setup)

How to connect to a docker container from outside the host (same network) [Windows]

TL;DR Check the network mode of your VirtualBox host - it should be bridged if you want the virtual machine (and the Docker container it's hosting) accessible on your local network.

It sounds like your confusion lies in which host to connect to in order to access your application via HTTP. You haven't really spelled out what your configuration is - I'm going to make some guesses, based on the fact that you've got "Windows" and "VirtualBox" in your tags.

I'm guessing that you have Docker running on some flavour of Linux running in VirtualBox on a Windows host. I'm going to label the IP addresses as follows:

D = the IP address of the Docker container

L = the IP address of the Linux host running in VirtualBox

W = the IP address of the Windows host

When you run your Go application on your Windows host, you can connect to it with http://W:8080/ from anywhere on your local network. This works because the Go application binds the port 8080 on the Windows machine and anybody who tries to access port 8080 at the IP address W will get connected.

And here's where it becomes more complicated:

VirtualBox, when it sets up a virtual machine (VM), can configure the network in one of several different modes. I don't remember what all the different options are, but the one you want is bridged. In this mode, VirtualBox connects the virtual machine to your local network as if it were a stand-alone machine on the network, just like any other machine that was plugged in to your network. In bridged mode, the virtual machine appears on your network like any other machine. Other modes set things up differently and the machine will not be visible on your network.

So, assuming you set up networking correctly for the Linux host (bridged), the Linux host will have an IP address on your local network (something like 192.168.0.x) and you will be able to access your Docker container at http://L:8080/.

If the Linux host is set to some mode other than bridged, you might be able to access from the Windows host, but this is going to depend on exactly what mode it's in.

EDIT - based on the comments below, it sounds very much like the situation I've described above is correct.

Let's back up a little: here's how Docker works on my computer (Ubuntu Linux).

Imagine I run the same command you have: docker run -p 8080:8080 dockertest. What this does is start a new container based on the dockertest image and forward (connect) port 8080 on the Linux host (my PC) to port 8080 on the container. Docker sets up it's own internal networking (with its own set of IP addresses) to allow the Docker daemon to communicate and to allow containers to communicate with one another. So basically what you're doing with that -p 8080:8080 is connecting Docker's internal networking with the "external" network - ie. the host's network adapter - on a particular port.

With me so far? OK, now let's take a step back and look at your system. Your machine is running Windows - Docker does not (currently) run on Windows, so the tool you're using has set up a Linux host in a VirtualBox virtual machine. When you do the docker run in your environment, exactly the same thing is happening - port 8080 on the Linux host is connected to port 8080 on the container. The big difference here is that your Windows host is not the Linux host on which the container is running, so there's another layer here and it's communication across this layer where you are running into problems.

What you need is one of two things:

  1. to connect port 8080 on the VirtualBox VM to port 8080 on the Windows host, just like you connect the Docker container to the host port.

  2. to connect the VirtualBox VM directly to your local network with the bridged network mode I described above.

If you go for the first option, you will be able to access the container at http://W:8080 where W is the IP address or hostname of the Windows host. If you opt for the second, you will be able to access the container at http://L:8080 where L is the IP address or hostname of the Linux VM.

So that's all the higher-level explanation - now you need to figure out how to change the configuration of the VirtualBox VM. And here's where I can't really help you - I don't know what tool you're using to do all this on your Windows machine and I'm not at all familiar with using Docker on Windows.

If you can get to the VirtualBox configuration window, you can make the changes described below. There is also a command line client that will modify VMs, but I'm not familiar with that.

For bridged mode (and this really is the simplest choice), shut down your VM, click the "Settings" button at the top, and change the network mode to bridged, then restart the VM and you're good to go. The VM should pick up an IP address on your local network via DHCP and should be visible to other computers on the network at that IP address.

Exposing a docker container to the internet

Let's say your application inside docker is now working on port 8000
You want to expose your application to internet.
The request would go: internet -> router -> physical computer (host machine) -> docker.

  1. You need to export your application to your host machine, this could be done via EXPOSE 8000 instruction in Dockerfile.
    That port should be accessible from your host machine first, so, when starting your docker image as docker container, you should add -p parameter, such as
    sudo docker run -d -it -p 8000:8000 --name docker_contaier_name docker_image_name
    From now on, your docker application can be access within your host machine, let's say it is your physical computer.
  2. Forward port from your router to your host machine
    This time, you may want to do as what you did in your question.
  3. Access your application from internet.
    If I am thinking correctly, the ip address 10.0.0.140 is just your computer LAN IP address, it cannot accessible from internet.
    You can only able to connect to your app via an internet IP, to do that, you can check your router to see what is your WAN IP address, which will be assigned to your router by your internet service provider. Or go google with "what is my IP"

Can't connect to db from docker container

You can run the application through the host network mode which will make the container able to connect to the localhost of your main server (the docker host) while keeping the bind-address points to 127.0.0.1.

So you need to run your application like this if you are using docker cli:

docker run --network=host myappimage

In case of docker-compose you will use is in your service:

network_mode: host

Why can't I access open HTTP port of NiFi flow via Docker?

It looks like you were hit with a bit of container inception. The template you are using specifies a hostname for the HandleHttpRequest processor of "localhost". Accordingly, it will only accept requests on the loopback interface internal to the container instance.

Template Configuration

You will need to remove this from your template instance such that it can bind to all interfaces and allow the port forwarding to work as expected via the docker command arguments.

Backend only works in localhost React + Springboot + docker

Here is your error

Failed to load resource: net::ERR_CONNECTION_REFUSED
localhost:8080/api/account/login:1 TypeError: Failed to
fetch

In react you have configured the URL with which the frontend will call the backend server. In that configuration you have wrongly configured the url as localhost:8080.

The React Frontend normally runs in the clients browser (If you don't have it configured otherwise) which I suppose is the case also here.

So when the browser of the client tries to call localhost:8080 it is able to do so when the client sits on the same machine where the backend server runs, as the same machine understands that the backend server runs on localhost:8080.

But when the client sits to some other machine inside the network, the Frontend (clients browser) tries again to call localhost:8080 but that machine does not have locally the server running. Therefore the error.

Solution

Configure the React application code, so that it uses as address to reach the backend not localhost:8080 but some address that is known from all hosts in the network, meaning the ip address of the machine where the server runs. Could be 192.168.1.x:8080 as you say that this is reachable from some user outside of the machine where the server runs.

Docker - Cant access docker port from outside

I made a issue at github as swell and one guy saved the day.

Here's he's response:

Server listening on 127.0.0.1:9700
Your application is listening on localhost. localhost is scoped to the container itself. Thus to be able to connect to it, you would have to be inside the container.
To fix, you need to get your application to listen on 0.0.0.0 instead.


Related Topics

How to Specify Which Version of Perl to Use on Centos

How Is a Memory Barrier in Linux Kernel Is Used

What Is The Linux Equivalent to Msvc++'s Option /D1Reportsingleclasslayout

When Does The Write() System Call Write All of The Requested Buffer Versus Just Doing a Partial Write

How to Translate X11 Keycode Back to Scancode or Hid Usage Id Reliably

Busybox in Embedded Linux Shows "Applet Not Found"

Gcloud - How to Automate Installation of Gcloud on a Server

Embedding an Application (In This Case a Terminal) Within a Qt Application

How to Measure Mispredictions for a Single Branch on Linux

How Is Ram Allocated

How to Exit The Wh Mode in Gdb

Scsi Read (10) and Write (10) with The Scsi Generic Interface

Installing Oracle Instantclient on Linux Without Setting Environment Variables

Execute a Script After Every Git Push

Killing Process in Shell Script

Shared Volume in Docker Through Vagrant

How to Take Advantage of The Vdso Object with Your Own Programming Language

New Syscall Not Found (Linux Kernel 3.0.0) Where Should I Start Looking


Leave a reply



Submit