I'm "dockerizing" an app which does UDP broadcast heartbeating on a known port. This is with docker-engine-1.7.0 on a variety of hosts (Fedora, Centos7, SLES 12).
I notice that the 'docker0' bridge on the docker host and 'eth0' inside the container each have a broadcast address of 0.0.0.0.
Assuming admin privilege on the host I can manually set the broadcast address on docker0. Likewise in the container (if the container is running privileged or with NET_ADMIN, NET_BROADCAST), but I'm curious why the broadcast address isn't set by default. Is there a configuration option I'm missing for Docker to do this automatically?
Host:
# ifconfig docker0 broadcast 172.17.255.255 up
# tcpdump -i docker0 -p 5000
Container:
# ifconfig eth0 broadcast 172.17.255.255 up
# echo "Hello world" | socat - UDP-DATAGRAM:172.17.255.255:5000,broadcast
Broadcast from the host to the container also works once the broadcast addresses are set.
if you are passing NET_ADMIN to the Docker container, I would not use the docker0 network at all for your application.
If I understood correctly what you are trying to do, the UDP broadcast heartbeating on a known port is used by Docker containers that belong to different hosts to find each other, and not by different docker containers in the same host.
I would then recommend to use --net=host:
docker run --net=host --cap-add NET_ADMIN ....
Like this if you get a shell into the docker container, you will see that the network environment is exactly the same one of the host that is running the containers. If your application was running on that server earlier using UDP broadcast, it will work exactly in the same way in the docker container.
Related
In the official documentation of selenium docker setup, I see a config.toml file which contains below info
[docker]
# Configs have a mapping between the Docker image to use and the capabilities that need to be matched to
# start a container with the given image.
configs = [
"selenium/standalone-firefox:4.3.0-20220706", "{\"browserName\": \"firefox\"}",
"selenium/standalone-chrome:4.3.0-20220706", "{\"browserName\": \"chrome\"}",
"selenium/standalone-edge:4.3.0-20220706", "{\"browserName\": \"MicrosoftEdge\"}"
]
# URL for connecting to the docker daemon
# Most simple approach, leave it as http://127.0.0.1:2375, and mount /var/run/docker.sock.
# 127.0.0.1 is used because interally the container uses socat when /var/run/docker.sock is mounted
# If var/run/docker.sock is not mounted:
# Windows: make sure Docker Desktop exposes the daemon via tcp, and use http://host.docker.internal:2375.
# macOS: install socat and run the following command, socat -4 TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock,
# then use http://host.docker.internal:2375.
# Linux: varies from machine to machine, please mount /var/run/docker.sock. If this does not work, please create an issue.
url = "http://127.0.0.1:2375"
# Docker image used for video recording
video-image = "selenium/video:ffmpeg-4.3.1-20220706"
# Uncomment the following section if you are running the node on a separate VM
# Fill out the placeholders with appropriate values
[server]
host = <ip-from-node-machine>
port = <port-from-node-machine>
What does the bottom two parameters represent host and port?
FYI- I am planning to run the hub container in one VM and nodes containers in another VM's.
Correct me if I am wrong, I am guessing config.toml file should be present in the VM's where we would be running the nodes
So, for host= should we need to give Ip of where hub is up and running?
and
for port= where we get the port number?
Expecting answers ASAP, thanks in advance
Yes, the host and port values are the details of where your Hub is running. Port number is 4444 if your hub is running on the default port.
I'm running to APIs through docker-compose on linux. I tried to pass them IPs that docker containers have, i checked with: docker inspect . They are on the same (docker)network. Should this work, and I'm mistaken, or is there simpler way to set each their address in some easy way. I went through docker docs, but nothing seems to resolve the problem.
Whenever you start docker containers and expose ports from each container, the default IP would be localhost or 0.0.0.0
So, containers can communicate via: localhost:<port_of_other_container>
If it doesn't work try with ifconfig -> en0 -> inet address instead of localhost.
I have downloaded the Odoo container and I want to docker run it inside my server and gain access from outside. This means I want to run the container in localhost:8069 and gain access from :8000 (8000 is an open port and apache2 serves from it). Is this possible?
To allow Dockerized services to be access from outside you can use the option --publish of the command docker run
From the man page:
-p, --publish=[]
Publish a container's port, or range of ports, to the host.
Format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox but not docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox) With ip: docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage Use docker port to see the actual mapping: docker port CONTAINER $CONTAINERPORT
Then running: docker run -p 1.2.3.4:8000:80 image-name will bind the socket 1.2.3.4:8000 of the server to the port 80 of the container.
I've been following this tutorial for beginners about docker which basically instructs you to create an apache container and map a localhost port to the one on the container.
when I try localhost:80 it doesn't connect, although the container is up and running.
I even made a rule in the firewall to allow connection to port 80, but couldn't get connected to the localhost.
Any ideas ?
On Windows/OS X, Docker is running inside a Linux virtual machine (Docker Toolbox) with a default IP address of 192.168.99.100. Thus, when you use docker run -p 80:80 to bind the container port to host port, it in fact binds to the virtual machine's port 80. Thus the address you need is http://192.168.99.100.
The 172.17.0.3 address is the address of the docker container inside that virtual machine, and is not accessible directly from Windows/OS X.
Add a line to your DockerFile before restarting apache.
RUN echo 'ServerName localhost' >> /etc/apache2/apache2.conf
I stumbled upon this question as I was looking for a way to bind my local HTTP port (80) to the HTTP port of my container, an Apache container running on Docker Desktop for Windows - through WSL2 (this is important)
I couldn't find a quick and easy way to do this, so I figured it out myself.
What you must do is bind your local port (on Windows) to the port on WSL.
Here is how I did it :
$wsl_ip = (wsl -d "docker-desktop" -- "ifconfig" "eth0" "|" "grep" "inet addr:").trim("").split(":").split()[2]
netsh interface portproxy add v4tov4 listenport=443 listenaddress=0.0.0.0 connectport=443 connectaddress=$wsl_ip
netsh interface portproxy add v4tov4 listenport=80 listenaddress=0.0.0.0 connectport=80 connectaddress=$wsl_ip
You can either create a Powershell Script (.ps1) and run it with Powershell, or copy/paste each command line into Windows Terminal / Powershell running with Administrator Privileges.
What this does is :
attach to the "docker-desktop" distribution running in WSL2 2
run "ifconfig eth0 | grep inet addr:" to get the local IP address of
the "virtual machine"
parse the result, and use Netsh to
create a portproxy between port 80 of your Windows machine and port
80 of your Linux machine. Same is done for port 443. You can easily
map other ports if you understand what the command is doing.
More explanation :
Since Docker for Windows 10/11 uses WSL2, when you expose a port (through docker-compose or with an EXPOSE command in your Dockerfile), it is exposed to a Linux Distribution called "docker-desktop" that is ran with WSL2. For some reason, ports 80 and 443 that are exposed from a container are NOT forwarded to the host.
The official documentation acknoledges some issues but their solution is just to use another port (for example, 8080 mapped to 80).
Issues with this method :
Each time you reboot your system (or WSL2), the Linux machine gets assigned a new IP and you have to do it again. What you could do is setup a command to run when your container starts that connects through ssh to the host and runs the script, but I'm too lazy to have done it myself.
I have used these instructions for Running Gui Apps with Docker to create images that allow me to launch GUI based applications.
It all works flawlessly when running Docker on the same machine, but it stops working when running it on a remote host.
Locally, I can run
docker --rm --ti -e DISPLAY -e <X tmp> <image_name> xclock
And I can get xclock running on my host machine.
When connecting remotely to a host with XForwarding, I am able to run X applications that show up on my local X Server, as anyone would expect.
However if in the remote host I try to run the above docker command, it fails to connect to the DISPLAY (usually localhost:10.0)
I think the problem is that the XForwarding is setup on the localhost interface of the remote host.
So the docker host has no way to connect to DISPLAY=localhost:10.0 because that localhost means the remote host, unreachable from docker itself.
Can anyone suggest an elegant way to solve this?
Regards
Alessandro
EDIT1:
One possible way I guess is to use socat to forward the remote /tmp/.X11-unix to the local machine. This way I would not need to use port forwarding.
It also looks like openssh 6.7 will natively support unix socket forwarding.
When running X applications through SSH (ssh -X), you are not using the /tmp/.X11-unix socket to communicate with the X server. You are rather using a tunnel through SSH reached via "localhost:10.0".
In order to get this to work, you need to make sure the SSH server supports X connections to the external address by setting
X11UseLocalhost no
in /etc/ssh/sshd_config.
Then $DISPLAY inside the container should be set to the IP address of the Docker host computer on the docker interface - typically 172.17.0.1. So $DISPLAY will then be 172.17.0.1:10
You need to add the X authentication token inside the docker container with "xauth add" (see here)
If there is any firewall on the Docker host computer, you will have to open up the TCP ports related to this tunnel. Typically you will have to run something like
ufw allow from 172.17.0.0/16 to any port $TCPPORT proto tcp
if you use ufw.
Then it should work. I hope it helps. See also my other answer here https://stackoverflow.com/a/48235281/5744809 for more details.