none
Unable to connect to service from container host RRS feed

  • Question

  • I am having issues follow through on the basic example:

    https://msdn.microsoft.com/virtualization/windowscontainers/quick_start/manage_docker?f=255&MSPPError=-2147217396

    I am able to create my docker image, run it, get nginx running but I am not able to access nginx from outside of the container.  When I am inside the container, I am able to curl to it as expected:

    > curl http://localhost -UseBasicParsing


    StatusCode        : 200
    StatusDescription : OK
    Content           : <!DOCTYPE html>
                        <html>
                        <head>
                        <title>Welcome to nginx!</title>
                        <style>
                            body {
                                width: 35em;
                                margin: 0 auto;
                                font-family: Tahoma, Verdana, Arial, sans-serif;
                            }
                        </style>
                        <...
    RawContent        : HTTP/1.1 200 OK
                        Connection: keep-alive
                        Accept-Ranges: bytes
                        Content-Length: 612
                        Content-Type: text/html
                        Date: Tue, 25 Aug 2015 00:42:22 GMT
                        ETag: "55dbab92-264"
                        Last-Modified: Mon, 24 Aug 2015 ...
    Forms             :
    Headers           : {[Connection, keep-alive], [Accept-Ranges, bytes], [Content-Length, 612], [Content-Type,
                        text/html]...}
    Images            : {}
    InputFields       : {}
    Links             : {@{outerHTML=<a href="http://nginx.org/">nginx.org</a>; tagName=A; href=http://nginx.org/},
                        @{outerHTML=<a href="http://nginx.com/">nginx.com</a>; tagName=A; href=http://nginx.com/}}
    ParsedHtml        :
    RawContentLength  : 612


    Outside, it acts like the container isn't listening.

    My Dockerfile is here:

    https://github.com/mbentley/docker-windows-containers-examples/blob/master/nginx/Dockerfile

    My CMD script is here:

    https://github.com/mbentley/docker-windows-containers-examples/blob/master/nginx/nginx_start.cmd

    Docker run command:

    docker run -d --name nginx -p 80:80 nginx

    When I am doing a curl from inside the container, I am just doing a `docker exec` to get inside.

    I am able to see that it looks like everything is listening on port 80 of the host as seen by netstat:

    > netstat -a | Select-String 80

      TCP    0.0.0.0:80             WIN-B8HHNEKTG93:0      LISTENING
      TCP    127.0.0.1:80           WIN-B8HHNEKTG93:49617  TIME_WAIT

    Any ideas what might be preventing it from working as expected?


    • Edited by matthewbentley Tuesday, August 25, 2015 12:54 AM added docker run command
    Tuesday, August 25, 2015 12:47 AM

Answers

  • Hi Matthew,

    Ahh - so if you access from the Windows Server Container host itself, please use the container's IP address: http://172.16.0.2

    If you are accessing from a different host than the Container host, you can use the Container host's ip...

    Does that help?

    Thanks,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    Tuesday, August 25, 2015 2:56 AM

All replies

  • Hi Matthew,

    Just checking a few things:

    If you are using NAT: Are you running the container using docker and the -p option to set up the port mapping?

    Did you open the Firewall port 80 for incoming traffic on the host?

    What is your container's IP address?

    Hope this helps,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.


    Tuesday, August 25, 2015 12:53 AM
  • Thanks for the quick response.

    Sorry, I forgot my docker run command.  I just edited it in but it is:

    docker run -d --name nginx -p 80:80 nginx

    Yes, I am using NAT which was setup by https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/windows-server-container-tools/Install-ContainerHost/Install-ContainerHost.ps1

    I am running this in a local VM on VirtualBox.  I'm attempting to access it via http://localhost or http://10.0.2.15 (my Ethernet adapter's primary address) from my Server 2016 VM itself.

    I went ahead and opened the Windows Firewall rule although I'm expecting that shouldn't be necessary to access from the host itself:

    if (!(Get-NetFirewallRule | where {$_.Name -eq "TCP80"})) { New-NetFirewallRule -Name "TCP80" -DisplayName "HTTP on TCP/80" -Protocol tcp -LocalPort 80 -Action Allow -Enabled True }

    In an effort to troubleshoot further, I've also disabled the Windows Firewall to ensure nothing it preventing communication.

    Here is my container's IP address as retrieved using a powershell session using docker exec:

    > ipconfig

    Windows IP Configuration


    Ethernet adapter vEthernet (Virtual Switch-e0d05f0b4677940d34bbb2a62fec2a38a547bd998bac564768982a470409f551-0):

       Connection-specific DNS Suffix  . : casa.mbentley.net
       Link-local IPv6 Address . . . . . : fe80::f5d5:5d9c:82f0:b84f%19
       IPv4 Address. . . . . . . . . . . : 172.16.0.2
       Subnet Mask . . . . . . . . . . . : 255.240.0.0
       Default Gateway . . . . . . . . . : 172.16.0.1


    Host's Get-NetNat output:

    > Get-NetNat


    Name                             : ContainerNAT
    ExternalIPInterfaceAddressPrefix :
    InternalIPInterfaceAddressPrefix : 172.16.0.0/12
    IcmpQueryTimeout                 : 30
    TcpEstablishedConnectionTimeout  : 1800
    TcpTransientConnectionTimeout    : 120
    TcpFilteringBehavior             : AddressDependentFiltering
    UdpFilteringBehavior             : AddressDependentFiltering
    UdpIdleSessionTimeout            : 120
    UdpInboundRefresh                : False
    Store                            : Local
    Active                           : True

    • Edited by matthewbentley Tuesday, August 25, 2015 1:05 AM added get-netnat
    Tuesday, August 25, 2015 12:58 AM
  • Hi Matthew,

    Ahh - so if you access from the Windows Server Container host itself, please use the container's IP address: http://172.16.0.2

    If you are accessing from a different host than the Container host, you can use the Container host's ip...

    Does that help?

    Thanks,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    Tuesday, August 25, 2015 2:56 AM
  • Ah, yes that works!  I was expecting everything to be accessible via NAT, accessible via the host's IP, even from the host itself.  Is that not the case by default?  Thanks!

    Matt

    Tuesday, August 25, 2015 8:58 AM
  • I see the same behavior on my host. That said: I am not a Windows networking expert.

    I'll see if I can find an answer and add it to our documentation...

    Thanks,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    Tuesday, August 25, 2015 8:07 PM
  • Just to confirm: The NAT port forwarding only applies to packages received through an external connection. A packet generated on the host would not be received over the external interface, it would be immediately delivered to the local address.

    Thank you!

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    Wednesday, September 2, 2015 12:41 AM
  • Lars,

    Thanks for confirming that.  While it isn't quite what I am expecting the default behavior to be, it's good to know as I can at least expect it as the default behavior.  Much appreciated on the follow up!

    Matt

    Wednesday, September 2, 2015 12:55 PM