Hi,

I’m rather new to Docker, and am using the stable release of Docker for Mac on my laptop (mid-2012 MBPr, latest OSX 10.11.6).

I’m wondering if it’s possible to access the services provided by a dockerized app, via the IP address of the container?

For example, I can pull and run the nginx image no problem. I can run with the -p 80:80 settings and access http://localhost just fine, and i will see the nginx homepage.

But I don’t want port forwarding.

So I just do docker run -d --name nginx-test nginx to create my container.

Now, using docker inspect <name>, I can see that my nginx container is running on the bridged network, at 172.17.0.2

I want to access http://172.17.0.2 from my host machine (my Mac).

But every time I try to curl that IP or hit it via a web browser, I get nothing - no connection, no response, nothing.

I’ve spent days searching google, asking on twitter and various slack channels. Everyone keeps assuming i’m just trying to use port mapping with the -p option, and it’s really frustrating me. I don’t want port mapping / forwarding. I want to access the containerized app’s services by it’s IP address.

So, is it possible to use the 172.* IP address of a docker container from my host machine? If so, what am I doing wrong / missing?

Thanks!

• Derck

No. This is a well-known limitation of Docker for Mac.

(It’s not really good practice on Docker for Linux either. I like to think of my containers as packaged processes, not lightweight VMs. So if you start nginx on your host, what’s the IP address of that process?)

wow - that’s a HUGE bummer

what’s the point in packaging an app in a container, if i can’t access that app?

I have a rather large system (8+ running apps) that involve multiple web sites. i really wanted to get away from using port 3333, 3334, 3335, 3336, etc, as this causes problems with certain types of clients (podcast players, for example) that don’t support port numbers.

but i guess i’m stuck with using strange port numbers with other workarounds, for now (current workaround: nginx reverse proxy w/ host headers. ugh. too much configuration to deal with).

i hope this is fixed soon!

I’m so confused… possibly.

When you say “access the services provided by a dockerized app”, are you referring to a web service? Something hosted behind Express or Apache? If so, then how would this differ from using an actual physical machine?

With hosting multiple web services on a single physical server (which is basically what is happening here), only one web service would be able to sit at the default HTTP/HTTPS ports. Everything else would need to be via a specific port OR using header redirection.

When deploying a web server or site in a farm there will usually be a need to use some type of redirection technology (Big IP, F5, Cisco Redirector, etc.) to move incoming requests to one of the servers / nodes in the farm. That being said, using something like NGINX in Docker would be playing the same role… redirecting to machines based on headers.

Sorry if I just clouded the issue. Just not sure what I’m missing.

yes.

each docker container gets it’s own IP address. there is no conflict of port 80 or 443 or anything else, because App1 is on IP 172.17.0.2 and App2 is on 172.17.0.3 … so why shouldn’t I be able to access the web service via that IP address? (other than this being a limitation in Docker for Mac)

Aaaand, here’s where the confusion sets in.

On these containers, if you open port 80 and 443 (EXPOSE 80, -p 80:80, etc.), and if Express is listening on port 80, then you cannot get to the web app?

So, Fred and I chatted for a while via other means. And it turns out my expectations of Docker were very, very wrong. Still trying to wrap my head around this being a virtualized (“containerized”) application… not a virtual machine like VMWare or Parallels.

I think I get it, now.

is this not possible only in docker for mac? or there is no such facility in any of the docker versions(ubuntu and windows)?

I also tried the same thing “try to access docker container through container ip”. With docker Docker version 17.05.0-ce, build 89658be and linux host linux 4.10.0-32-generic #36~16.04.1-Ubuntu SMP, I did get success. Here is the output: https://paste.ofcode.org/BMj7eeaPSjzEuEEide7DHy. Then I tried on windows and but can’t get it working. Then I read this thread and realized that it’s not the “docker way”. So I went back to port mapping

I would like to be able to do something like this myself. I am running a set of three services using docker-compose for development testing. Each service has a status page with links to the status pages of the other services. Except that these links are all constructed using the hostname/IP address of the service within Docker’s own network, so the browser of course can’t follow them and I have to type them in by hand.

Do check java path is set or not. Set the java home path and try again

I had the same issue plenty of times with the nginx tutorial.
Running win10, docker desktop.
Go to settings on the docker desktop
Network tab
Find the subnet address.
Mine was 10.0.75.0
Chrome:10.0.75.1
This brought up the nginx page. hope it helps somehow. I need to learn the port forwarding and IP configuration side but that shouldn’t be too difficult.

I hope this points you in the right direction.

This would be super powerful, and seems oh-so nearly doable. If it did work, you could virtualise a network, and have multiple containers all running the same image with their own server. You could create test environments with IP cameras, MODBUS TCP devices, etc.

FWIW, when I’ve done this previously I’ve just barely scrapped by with port forwarding, or by using an aggregation server. RTSP is a good example - if your video services can stream to an RTSP server, then you can run one in a service too, point all the sources to it, and then just port forward the single RTSP server. To the containers themselves, the docker network works just like a real LAN.

But recently port forwarding would not do - I have a proprietary bit of software that expects to be able to scan a LAN and find all the IP cameras on it with a single port number.

There’s a lot of confusing and confused advice out there (the 281 people that clicked on the OP’s container IP address is a wonderful demonstration ), so I’m happy to report I had success. The various dedicated network simulation tools were no good, but I had success with:

Docker for Windows running Windows Containers, with Hyper-V enabled!

By some quirk, this combination makes the docker subnet entirely routable from the host. Hyper-V and networks in general are a nightmare to get going, with a lot of weird behaviour. But now I’m up and running, it’s rock solid. So now I remote into a dedicated Windows box (from my mac), run Docker for Windows, re-write my test apps in C# .NET, run them on nanoserver images and voila, a virtual network. I’ve also been able to install Docker for Linux inside WSL and have native Linux Containers running on the same machine.

So I think the restriction on macos is not inherent. Hopefully we’ll see routable containers on Mac soon.

This topic was automatically closed after 13 days. New replies are no longer allowed.