Unable to connect to Docker service

0
votes

I am running a Docker image in a MAC machine and when I logged into the container, I see the ip address as "172.17.0.2"( cat /etc/hosts).

  1. How does docker choose the IP?

  2. Is there any IP range that Docker choose?

  3. What if I run multiple container on the same host? Will it be different?

  4. /etc/resolve.conf gives some IP. What is that IP and where does it get?

  5. How to connect to Docker service using the internal IP, say 172.17.0.2

ping CONTAINER_ID -> returns the IP 172.17.0.2

How does it resolve the hostname?

I tried reading through networking but it doesn't help.

Also, I am running my service in the port 8443. Still, I am unable to connect.

I tried running,

docker run -net host -p 8443:8443 IMAGE

Still no luck.

Tried the below approach also.

docker run -p MY_MACHINE_IP:8080:8080 IMAGE

Tried with,

http://MY_MACHINE_IP:8080

http://localhost:8080

None of the above works.

ifconfig output,

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 60:f8:1d:b2:cb:0c 
    inet6 fe80::49d:a511:dc4e:7960%en0 prefixlen 64 secured scopeid 0x5 
    inet 10.231.168.63 netmask 0xffe00000 broadcast 10.255.255.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 02:f8:1d:b2:cb:0c 
    media: autoselect
    status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
    ether 0a:71:96:61:e4:eb 
    inet6 fe80::871:96ff:fe61:e4eb%awdl0 prefixlen 64 scopeid 0x7 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:57:48:30 
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:57:48:31 
    media: autoselect <full-duplex>
    status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 72:00:07:57:48:30 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 8 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 9 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::3f17:8946:c18d:5d25%utun0 prefixlen 64 scopeid 0xb 
    nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::20aa:76fd:d68:7fb2%utun2 prefixlen 64 scopeid 0xd 
    nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::e42a:c616:4960:2c43%utun3 prefixlen 64 scopeid 0x10 
    nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1342
    inet 17...... --> 17.... netmask 0xff000000 
    inet6 fe80::93df:7780:862c:8a06%utun1 prefixlen 64 scopeid 0x12 
    nd6 options=201<PERFORMNUD,DAD>
3
dockerdocker-for-mac

3 Answers

0
votes

for the first 4 question you can find here some information, in general the docker network is the responsable about manager the network.

Usually I specify the prots like this:

docker run -p 8443:8443 IMAGE

and it work.

An reference to an existing topic is here

0
votes

1. How does docker choose the IP?

When docker installed in your machine it will create docker0 interface. It will gives ip address to your container whenever it launch. you can verify the ip range for docker0 by ifconfig command.

2. Is there any IP range that docker choose?

Yes, Please refer my answer 1.

3. What if i run multiple container on the same host? Will it be different?

Yes, It will be different from the range of docker0 interface until you create your own network using docker network create for more refer : Docker Networking

4./etc/resolve.conf gives some IP. What is that IP and where does it get?

It's internal DNS of docker network you can give your DNS ip in vi /etc/systemd/system/docker.service.d/docker.conf add your DNS server on line like below:

[Service]
        ExecStart=
        ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock -g "/opt/docker_storage" --dns <replace-dns-ip>

5. How to connect to docker service using the internal IP, say 172.17.0.2

You have to expose port to connect like docker run -p 8443:8443 <image-name> after that you can connect by telnet localhost 8443 or curl http://172.17.0.2:8443

Most important

Add the following to /etc/sysctl.conf

net.ipv4.ip_forward = 1 and apply settings by

sysctl -p /etc/sysctl.conf

Hope this will help.

Thank you!

0
votes

Docker manages all of this internal networking machinery itself. This includes allocating IP(v4) addresses from a private range, a NAT setup for outbound connections, and a DNS service to allow containers to communicate with each other.

A stable, reasonable setup is:

  • Run docker network create mynet, once, to create a non-default network. (Docker Compose will do this for you automatically.)
  • Run your containers with --net mynet.
  • When containers need to communicate with each other, they can use other containers' --name as DNS names (you can connect to http://other-container-name).
  • If you need to reach a container from elsewhere, publish its service port using docker run -p or the Docker Compose ports: section. It can be reached using the host's DNS name or IP address and the published port.
  • Never ever use the container-private IP addresses (directly).
  • Never use localhost unless you're absolutely sure about what it means. (It's a correct way to reach a published port from a browser running on the host that's running the containers; it's almost definitely not what you mean from within a container.)

The problems I've seen with the container-private IP addresses tend to be around the second time you use them: because you relaunched the container and the IP address changed; because it worked from your local host and now you want to reach it from somewhere else.

To answer your initial questions briefly: (1-2) Docker assigns them itself from a network that can be configured but often defaults to 172.17.0.0/16; (3) different containers have different private IP addresses; (4-5) Docker provides its own DNS service and /etc/resolv.conf points there; (6) ICMP connectivity usually doesn't prove much and you don't need to ping containers (use dig or nslookup for DNS debugging, curl for actual HTTP requests).