I am running on my personal machine with Ubuntu 18.04 multiple lxc containers. Each container has Ubuntu 18.04 as well. For each container I am running an application which offers a UI on https://localhost:3000/. Since every container has a local IP address in my network then I should be able to call forth the application UI on my host machine using https://:3000/ .
This doesn’t work. If I run Apache2 inside the containers, I can see the default page for http:// but nothing on the other application running on port 3000. I can confirm the app on port 3000 is working.
user#pc:~$ nc -zv 10.155.120.175 22
Connection to 10.155.120.175 22 port [tcp/ssh] succeeded!
user#pc:~$ nc -zv 10.155.120.175 3000
nc: connect to 10.155.120.175 port 3000 (tcp) failed: Connection refused
I also noticed that the application logs inside the VM contained this line, but I dont know what it means in the context of app health.
Nov 17 20:38:49 server systemd[1]: app.service: Failed to reset devices.list: Operation not permitted
How can I enable ip:port access between host and lxc vm (and between lxc vms)? I want my lxc instances to be able to communicate with each other and my main host, exchange data etc.But I cant even open the UI of an app running inside a container on my browser.
Edit:
When I enable ufw in the container not even the default apache2 webpage opens anymore. Once I disable ufw in the container apache2 page becomes accessible again via
Related
I'm running a private container registry on my docker host. The same docker host is running Portainer and I would really like to keep using Portainer to manage my docker host.
But since I'm running a private container registry its only set up with http, and I need to configure the container client do allow http.
I've tried opening console on Portainer on the running Portainer container but It only "refreshes" the window.
I've puttyied in and tried to attach to the container but this only crashes the container.
Any clue on how to access the /etc/docker/daemon.json resource in the portainer instance?
Portainer interacts with the host's docker daemon, so edit (or create) the /etc/docker/daemon.json file on the host
I set up a default image GCE VM on GCP - works perfectly on one project (UAT), but when trying to replicate in other project (Prod); I'm unable to connect.
I can see from the serial port output that port 22 is open with sshd listening, but I cannot even telnet to the server, let alone ssh - any help would be much appreciated!
I built a mysql docker container. It seems to work fine, however when I try to connect to it from a computer it wont connect to mysql. The computer is in the same lan and can connect via ssh so it's not a networking issue. I'm pretty sure it has something to do with the ports not being published or binded correctly. Any suggestions? Thank you!
The most likely suspects for your issue are:
Your host firewall is set to not allow connections to MySQL (port 3306). It may be published by docker but you aren't permitting connections from outside the host.
Your docker isn't publishing as part of the same network but rather as a sub-network (not likely since you can connect to ssh from the other computer)
Your mysql instance is not set up to listen to remote connections. Check your my.cnf to ensure that it is isn't listening to localhost:3306.
I am using Bluemix container service and am unable to do cf ic login from behind a firewall, even though I have configured proxies.
When I do
cf ic -v login
I get the error message:
Authenticating with the IBM Containers registry host
registry.ng.bluemix.net... FAILED The attempt to authenticate with the
IBM Containers registry host registry.ng.bluemix.net was unsuccessful.
****Warning: '-e' is deprecated, it will be removed soon. See usage. Error response from daemon: Get
https://registry.ng.bluemix.net/v1/users/: dial tcp
198.23.117.106:443: i/o timeout
To test that my proxy is configured, I do this:
wget https://registry.ng.bluemix.net/v1/users/
--2016-10-25 11:25:23-- https://registry.ng.bluemix.net/v1/users/ Resolving proxy-chain.intel.com (proxy-chain.intel.com)... 10.19.8.225
Connecting to proxy-chain.intel.com
(proxy-chain.intel.com)|10.19.8.225|:912... connected. Proxy request
sent, awaiting response... 404 Not Found 2016-10-25 11:25:24 ERROR
404: Not Found.
If I disconnect VPN so I no longer have a firewall and need a proxy, and unset my proxies, it works.
These are the proxies I have set:
printenv | grep -i proxy
http_proxy=http://proxy-chain.intel.com:911
ftp_proxy=http://proxy-chain.intel.com:911
socks_proxy=http://proxy-chain.intel.com:1080
https_proxy=http://proxy-chain.intel.com:912
no_proxy=intel.com,.intel.com,10.0.0.0/8,192.168.0.0/16,localhost,127.0.0.0/8,134.134.0.0/16
>
More experiments:
When I set the proxy to something bogus, it fails immediately:
> export https_proxy=http://foobarsfsdf.com
> cf ic login
FAILED
auth request failed: Error performing request: Post https://login.ng.bluemix.net/UAALoginServerWAR/oauth/token: http: error connecting to proxy http://foobarsfsdf.com: dial tcp: lookup foobarsfsdf.com on 10.0.2.3:53: no such host
>
When I set the proxy correctly, it fails later:
> cf ic login
Deleting old configuration file...
Retrieving client certificates for IBM Containers...
Storing client certificates in /home/rscohn1/.ice/certs/...
Storing client certificates in /home/rscohn1/.ice/certs/containers-api.ng.bluemix.net/80cc2e8c-4df0-4700-bd04-77f2e8777f80...
OK
The client certificates were retrieved.
Checking local Docker configuration...
OK
Authenticating with the IBM Containers registry host registry.ng.bluemix.net...
FAILED
The attempt to authenticate with the IBM Containers registry host registry.ng.bluemix.net was unsuccessful.
****Warning: '-e' is deprecated, it will be removed soon. See usage.
Error response from daemon: Get https://registry.ng.bluemix.net/v1/users/: dial tcp 198.23.117.106:443: i/o timeout
When you are not connected to the IBM Containers registry host, you can run only a limited number of IBM Containers commands. Check the spelling of the host URL and try again. If the host URL is correct, open a new command line or terminal window before retrying.
It looks like some parts of the ic plugin uses proxies, and some parts do not.
You need to add the proxy on to your Docker daemon configuration. Also note that as Alex says, you should make sure to configure a HTTPS proxy.
See here for some information on how to do that with Systemd on Linux (Ubuntu 16.04+): https://docs.docker.com/engine/admin/systemd/#http-proxy
For older Linux distributions, such as Ubuntu versions before 16.04, Docker uses Upstart. You'll find the Upstart configuration file at /etc/default/docker, with a sample of how to set the proxy up in comments inside that file.
If you're using the Docker for Mac or Docker for Windows apps, you'll find the proxy configuration options in Preferences -> Advanced.
Make sure to restart Docker after changing the configuration, so that your changes take effect. On Linux: sudo service docker restart. On Mac or Windows, right-click the Docker icon and click restart.
hi I have a mysql container running as a service, and for other services connect it with a jdbc url, with a ip:port.
and for sometimes the server needs to reboot. and the ip addr of mysql container will change, for every service needs to connect to mysql, the jdbc url needs to be modified.
is there a way to 'docker start' a container with a fixed ip address?
I've tried --ip but it's not working
docker version 1.11.2
You can preset an IP to a container, but this must be done when you create the container (in the docker run).
https://docs.docker.com/engine/reference/run/
To preset an IP to a container you ahve to add the switch --ip="desired_ip_here" in the docker run
Also you can use tools like supervisord to manage you processes and restart services without stopping the container.