Reputation: 31
Rancher doesn't expose ports
I have setup: Rancher (1.6.30) and Docker (18.09.9).
When I create a rancher cluster from docker-compose:
version: '2'
services:
mongo:
image: mongo:4.4.2
stdin_open: true
volumes:
- /var/lib/mongo/data/db:/data/db
tty: true
ports:
- 27017:27017/tcp
app1:
image: XX
stdin_open: true
tty: true
ports:
- 10503:80/tcp
labels:
io.rancher.container.pull_image: always
app2:
image: XX
stdin_open: true
tty: true
ports:
- 10504:8080/tcp
app3:
image: XX
stdin_open: true
tty: true
ports:
- 10502:8080/tcp
- 15502:8500/tcp
labels:
io.rancher.container.pull_image: always
db:
image: postgres:11.7-alpine
stdin_open: true
volumes:
- /var/lib/postgresql/data:/var/lib/postgresql/data
tty: true
ports:
- 10501:5432/tcp
labels:
io.rancher.container.pull_image: always
There are no ports exposed to the world. As we can see by using docker ps
Although, I can reach the service from outside the container, but only from current machine, when I use "localhost" in url. But when I try to connect from different IP - there is a timeout.
I think there is something wrong with rancher, because when i create container manually
docker run -p 10503:80 -d registry/service
service is accessible from anywhere and docker ps prints binding in "port" column.
This is iptables after creating docker containers by rancher:
iptables -L -n --line-numbers -t nat
As we can see, there are no bindings.
It's quite weird, because I have same situation in other server (same rancher + docker, same applications), and there everything works well.
Thanks in advance
Upvotes: 3
Views: 2488
Answers (1)
Reputation: 11
I had the same problem and tried different things for the last hours and what seems to be the cause is, that if you're using Debian 10 like me, Rancher 1.6 uses iptables for some rules and iptables-nft (which is simlinked from iptables) for other rules. Debian 10 uses iptables-nft but after switching back to iptables-legacy and rebooting, everything works as expected:
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
Source: https://wiki.debian.org/iptables
Upvotes: 1
Related Questions
- docker not exposing the port with network host
- Docker: How to start an existing container and forward the ports?
- local rancher host not visible on gui
- How to list exposed port of all containers?
- Docker port not being exposed
- What should I do if exposing ports in a Dockerfile do not take effect?
- Docker ports not being exposed properly
- Docker not exposing ports
- Docker doesn't open ports
- docker expose ports only on host