Docker Community Forums

Share and learn in the Docker community.

Access server ressource from the container (again)

Hi I know many people has requested that, but none of the solutions I found, could be applied on my case.

I guess there is a solution, but I cannot really find it! Basically I need to access a specific service running on my host machine from a docker container (dmz). I have a pool of docker containers and an " orchestrator" service that runs on the real machine (host). This guy is a python rest service running at port 5001 of the host and is responsible, for example, to save the execution logs of the running docker machines.

 ===============================================================
 |1-  HOST  -> 5002:5002   dmz(dockerContainer):5002/service1  |
 |2 - dmz     <--> 9200:9200 elasticsearch:9200
 |3-  HOST:5002/service2  <- 5001:5001   dmz(dockerContainer)  |     
 ===============================================================

The connections 1 and 2 work. They are rest services and I get even the answer of the rest request. The 3 is what I need to do now, and I don’ t mange to! I don’ t know what happened, but I swear to god, three weeks ago from the containers I could access the host by its real IP address, and now I cannot anymore! I have no idea what has changed but just before I could and now I cannot anymore.

What I have tried up to now:

  1. 1- Instead of using the real IP use the docker0 172.17.0.1 (https://nickjanetakis.com/blog/docker-tip-65-get-your-docker-hosts-ip-address-from-in-a-container)
    • Does not work I get a connection timeout

Traceback (most recent call last):
File “/usr/local/lib/python3.6/site-packages/urllib3/connection.py”, line 157, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File “/usr/local/lib/python3.6/site-packages/urllib3/util/connection.py”, line 84, in create_connection
raise err
File “/usr/local/lib/python3.6/site-packages/urllib3/util/connection.py”, line 74, in create_connection
sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

  1. 2 - Add extra_hosts on the dockerComposer.yml
extra_hosts:
- "host:172.17.0.1"
  • The same result from above!
  1. 3 - Add a external network (https://stackoverflow.com/questions/35960452/docker-compose-running-containers-in-nethost)
hostnet:
    external: true
    name: host
  • Apparently you cannot mix user defined and predefined networks, and I need both. The docker need to talk directly to other dockers via an internal virtual network.

ERROR: for testbed_dmz network-scoped alias is supported only for containers in user defined networks

ERROR: for dmz network-scoped alias is supported only for containers in user defined networks
ERROR: Encountered errors while bringing up the project.

  1. 4 - Port forwarding ( the thing I would prefer, but I guess I am too stupid to see a way to use)
    Add a port for the host machine to the docker
ports:
    # 2 - DMZ ports 
  - "127.0.0.1:5001:5001"       
  - "5002:5002"
  • Not a surprise that I can access the service on the docker (port 5002) from the host, but not the service on 5001 of the host from the docker. Well in fact I cannot even start the service. If I start the service, the docker network does not start, port in use, and vice versa if I put the docker before, I cannot start the service on the same port! YES, I know it is reasonable, but you cannot blame me for hopping to be able to do it ;). The thing is I don’ t know how to do it. How I could have a service that listens on the port of the host. I guess the port forwarding are mostly for communications on the sense HOST->Container, not in the other sens!

And now I am without options!!! Any Ideas, please :frowning:

  • OS Version/build : Ubuntu 16.04
  • Docker version : 19.03.2, build 6a30dfc
  • Docker-compose version : 1.24.0, build 0aa59064

The original configurations, that could represent an interest dockerfile of the DMZ

#############################################################
# dockerfile
# DMZ dockerfile - Definition fo the DMZ server for the
# testbed. The DMZ is the machine that guarantees
# all the communication between the servers and the outside
# world are controlled. 
#############################################################
FROM python:3.6
COPY . /app
WORKDIR /app
ENV PYTHONPATH "${PYTHONPATH}:.:.."
RUN pip install -r requirements.txt
ENTRYPOINT ["python3"]
CMD ["platform/testbed/restDMZServer.py"]

Composer file.

version: '3.5'

services:
  dmz:
    container_name: testbed_dmz
    # 1 - DMZ image name  
    image: testbed_dmz:latest
    ports:
        # 2 - DMZ ports 
      - "5002:5002"
    networks:
      data_network:
        # 3 - DMZ ip address  
        ipv4_address: 192.168.7.2
 
elasticsearch:
    container_name: data_server
    # 4 - Elasticsearch image name  
    image: docker.elastic.co/elasticsearch/elasticsearch:7.0.0
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - "9200:9200"
    networks:
      data_network:
        # 5 elasticsearch ip address
        ipv4_address: 192.168.7.3 
kibana:
    container_name: testbed_kibana
    # 6 kibana image name
    image: docker.elastic.co/kibana/kibana:7.0.0
    environment:
        # 7 again the elasticsearch ip address
      - SERVER_NAME=192.168.7.3
    ports:
      - "5601:5601"
networks:
      data_network:
        # 8 kibana ip address
        ipv4_address: 192.168.7.4
 
networks:
    data_network:
        # 9 the name of the network
        name: DMZ_DATA_NET
        driver: bridge
        ipam:
            driver: default
            config:
                # 10 the network address
                - subnet: 192.12.7.0/29

I am having the same problem. I want to run gunicorn behind nginx as a reverse-proxy server. nginx forwards requests to gunicorn using the docker “bridge” network but publishes a port to the outside world. This is a common use-case with lots of examples. But in my case gunicorn is running a web app that needs to access Mongo and Mysql databases on the localhost.

On a Linux server running CentOS and docker 10.03, I can do:

 $ telnet localhost 27017. # MongoDB port
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

But if I try:

$ docker run -it --rm --add-host host.docker.internal:xxx.xxx.xxx.xxx busybox telnet host.docker.internal 27017.  

it times out.
(“xxx…” is the real host IP address obtained from “ip addr show”)

I just figured out that the problem is that the host iptables drops requests to almost anything but port 22 (ssh), so my last example works if I change 27107 to 22.

I could probably overcome this with a simple rule

-A INPUT -i docker0 -j ACCEPT

but I don’t want to do this until I talk to my system admin.

Hope this helps you or someone else.