gies0r
gies0r

Reputation: 5239

Docker exposed network port does not reach container service

I am building and starting it:

sudo docker build  -t docker_mads_dask_server ~/docker_setups/dask_cluster

echo "Stop/Remove dask_server"
sudo docker stop dask_server -t5
sudo docker rm dask_server

echo "Build tag"
sudo docker build --tag mads_servers.dask_server:0.1.2 ~/docker_setups/dask_cluster
sudo docker run --publish 0.0.0.0:8710:8710 --publish 0.0.0.0:8711:8711 --detach --name dask_server mads_servers.dask_server:0.1.2

And I can actually see how it runs:

$ sudo docker ps

CONTAINER ID        IMAGE                            COMMAND                  CREATED             STATUS              PORTS                                        NAMES
a29f89f6929f        mads_servers.dask_server:0.1.2   "python3 /code/mads/…"   4 minutes ago       Up 4 minutes        0.0.0.0:8710-8711->8710-8711/tcp, 8787/tcp   dask_server

Now I connect into the container:

$ sudo docker exec -it dask_server /bin/bash
root@a29f89f6929f

And see if the connection is open:

# (inside container)
$ curl -vvv http://127.0.0.1:8710
[...]
< HTTP/1.1 404 Not Found
< Server: TornadoServer/6.0.4

So the webserver is actually up and reachable within the container. Now lets check it from the outside:

# (outside container)
$ sudo netstat -tulpn | grep 87

tcp6       0      0 :::8710                 :::*                    LISTEN      8705/docker-proxy   
tcp6       0      0 :::8711                 :::*                    LISTEN      8692/docker-proxy  

Ports are open, a bit scared about tcp6 - So I changed it to explicit IP matches:

--publish 192.168.56.11:8710:8710 --publish 192.168.56.11:8711:8711

and the netstat now shows IPv4:

# (outside container)
tcp        0      0 192.168.56.11:8710      0.0.0.0:*               LISTEN      13039/docker-proxy  
tcp        0      0 192.168.56.11:8711      0.0.0.0:*               LISTEN      13025/docker-proxy  

but the same connection test gets:

$ curl -vvv http://127.0.0.1:8710
* Rebuilt URL to: http://127.0.0.1:8710/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8710 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8710
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Recv failure: Connection reset by peer
* stopped the pause stream!
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

My Dockerfile:

FROM ubuntu:20.04
FROM python:3.8

RUN apt update && apt install -y cowsay tmux vim net-tools iotop
RUN python -m pip install pandas numpy dask distributed redis sqlalchemy tornado cloudpickle
RUN python -m pip install dask[dataframe] --upgrade
ADD code/ /code/

# Dashboard port
EXPOSE 8710

# Scheduler port
EXPOSE 8711
EXPOSE 8787

CMD ["python3", "/code/mads/mads_pkg/mads_servers/dask_server.py"]

So why is the dask-proxy not forwarding it to the containers exposed port?

Upvotes: 0

Views: 854

Answers (1)

jmaitrehenry
jmaitrehenry

Reputation: 2420

Each containers have their own network stack and do not share the same localhost.

From your host, you could do the curl command with localhost as you exposed the port, but when you use an another container, you should use the other container name to connect or find it's IP and connect with it.

On your comment, you get the internal container IP but you try to connect from the host and no more from inside the other container.

And normally, you could replace --publish 0.0.0.0:8711:8711 with --publish 8711:8711 as by default docker will publish the port on all IP.

Upvotes: 1

Related Questions