Can't bind container port to host port

General
1

Hello,

I have been trying to run docker on a SBC but i came by some problems.
I installed docker, and run it on rootless mode. It’s working as expected.

I want to run containers for some services (portainer for exemple), but i encountered a problem with the ports.
I can’t seem to bind container’s port to host port (host port not opened) so i can access it outside my server.
Here is the docker command i used to run the container :

docker run -d -p 9443:9443 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:2.20.3

Before that, i created a volume for it as said by portainer docs :

docker volume create portainer_data

It’s running. Here is the output for docker ps :

CONTAINER ID   IMAGE                           COMMAND        CREATED       STATUS             PORTS
                    NAMES
31311d5900c6   portainer/portainer-ce:2.20.3   "/portainer"   8 hours ago   Up About an hour   8000/tcp, 9000/tcp, 0.0.0.0:9443->9443/tcp   portainer

The problem i have is that the port “9443” is not opened. When i run netstat or ss -tupln, there is no listening on port 9443.

I already created a firewall rule on ufw (using docker-ufw) :

Status: active

To                         Action      From
--                         ------      ----
9443/tcp                   ALLOW FWD   192.168.1.0/24

I have been looking and trying alot of solutions found on the internet for about 3 days now, and i still can’t manage this port problem.

P.S : running curl command doesn’t work either, tried on 127.0.0.1, my host’s ip, container’s ip and docker’s ip.

I have tried with other images, same problem.

Docker version :

Client: Docker Engine - Community
 Version:           27.0.3
 API version:       1.46
 Go version:        go1.21.11
 Git commit:        7d4bcd8
 Built:             Sat Jun 29 00:03:24 2024
 OS/Arch:           linux/arm64
 Context:           rootless

Server: Docker Engine - Community
 Engine:
  Version:          27.0.3
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       662f78c
  Built:            Sat Jun 29 00:03:24 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.7.18
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.0.2
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       slirp4netns
  StateDir:         /run/user/1000/dockerd-rootless
 slirp4netns:
  Version:          1.0.1
  GitCommit:        6a7b16babc95b6a3056b33fb45b74a6f62262dd4

If you need any more information, i can provide it.

Thank you in advance for your time.

2

And what is the utput or error message when you try curl? Is there a timeout or saying the server is unreachable? Have you checked the container logs?

3

The outputs to curl commands :

Container's ip : curl https://172.17.0.2:9443
curl: (7) Failed to connect to 172.17.0.2 port 9443 after 3067 ms: No route to host
Docker's ip : curl https://172.17.0.1:9443
curl: (7) Failed to connect to 172.17.0.1 port 9443 after 0 ms: Connection refused
On 127.0.0.1 : curl https://127.0.0.1:9443
curl: (7) Failed to connect to 127.0.0.1 port 9443 after 0 ms: Connection refused
On host's ip : curl https://192.168.1.56:9443
curl: (7) Failed to connect to 192.168.1.56 port 9443 after 0 ms: Connection refused

As for container logs, i have already checked :

2024/07/15 05:43PM INF github.com/portainer/portainer/api/cmd/portainer/main.go:370 > encryption key file not present | filename=portainer
2024/07/15 05:43PM INF github.com/portainer/portainer/api/cmd/portainer/main.go:393 > proceeding without encryption key |
2024/07/15 05:43PM INF github.com/portainer/portainer/api/database/boltdb/db.go:125 > loading PortainerDB | filename=portainer.db
2024/07/15 05:43PM INF github.com/portainer/portainer/api/chisel/service.go:203 > Found Chisel private key file on disk | private-key=/data/chisel/private-key.pem
2024/07/15 17:43:54 server: Reverse tunnelling enabled
2024/07/15 17:43:54 server: Fingerprint 1HjdpctqrwRxdUqRE6ffG1wvGp8bsldPBghTm/rv1yY=
2024/07/15 17:43:54 server: Listening on http://0.0.0.0:8000
2024/07/15 05:43PM INF github.com/portainer/portainer/api/cmd/portainer/main.go:655 > starting Portainer | build_number=70 go_version=go1.21.9 image_tag=linux-arm64-2.20.3 nodejs_version=18.20.2 version=2.20.3 webpack_version=5.88.2 yarn_version=1.22.22
2024/07/15 05:43PM INF github.com/portainer/portainer/api/http/server.go:369 > starting HTTPS server | bind_address=:9443
2024/07/15 05:43PM INF github.com/portainer/portainer/api/http/server.go:353 > starting HTTP server | bind_address=:9000
2024/07/15 05:48PM INF github.com/portainer/portainer/api/adminmonitor/admin_monitor.go:62 > the Portainer instance timed out for security purposes, to re-enable your Portainer instance, you will need to restart Portainer |

As for the last message in the logs, i have already tried restarting the portainer instance, didn’t solve the problem (used start/stop and restart). It’s a time-out happening after 5 minutes.