- Docker version 20.10.23, build 7155243
- OS: Ubuntu Ubuntu 22.04.1 LTS or CENTOS7
Hello… I was hoping someone could explain this to me.
The following happens not only on my personal ubuntu host, but also when using a freshly installed centos7 host (using vagrant), with a fresh installation of Docker CE, (suggesting anyone should be able to re-produce this?)
Let’s say my host ip address is 192.168.1.111
If I run the following:
$ docker run --name mynginx1 -p 80:80 -d nginx
As expected, I am able to test connect to the container using nc (netcat) both via the localhost IP and the host’s actual IP:
$ nc -zv localhost 80
Connection to localhost (127.0.0.1) 80 port [tcp/http] succeeded!
$ nc -zv 192.168.1.111 80
Connection to 192.168.1.111 80 port [tcp/http] succeeded!
However if I run the following:
$ docker run --name mynginx1 -p 443:443 -d nginx
This happens:
$ nc -zv localhost 443
Connection to localhost (127.0.0.1) 443 port [tcp/https] succeeded!
$ nc -zv 192.168.1.111 443
nc: connect to 192.168.1.111 port 443 (tcp) failed: Connection refused
Why do port 80 connection attempts to my hosts’s actual IP address work fine but connection attempts to my host’s actual IP on port 443 do not? (and yet localhost on port 443 DOES work?)
Just in regards to troubleshooting, I’ve confirmed my host firewall is down. I can also 100% prove it’s NOT the host firewall as I can do this:
-
stop docker service
-
in one terminal session, run the command “nc -l 443” so that I have something non-docker related listening on port 443
-
in another terminal session, I am then able to successfully perform “nc -zv 192.168.1.111 443”
This proves it is possible to connect to port 443 via my host IP address so long as I’m not using docker.
Also just to confirm, when Docker is up… I can see ports are listening as expected:
$ sudo netstat -tulpen |grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 5845471 517353/docker-proxy
tcp6 0 0 :::443 :::* LISTEN 0 5880943 517372/docker-proxy
And here is the docker process:
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26035275fc27 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp mynginx1
Finally, as mentioned above, I can re-produce this situation with a completely vanilla setup using cento7 and docker CE via vagrant. For that setup, these are my high-level steps, (and I’m suggesting anyone else would presumably get the same results as me?)
-
boot up fresh centos7 instance using vargant
-
install Docker CE via yum repo as per this: Install Docker Engine on CentOS | Docker Documentation
-
ensure firewall is down:
systemctl stop firewalld ; systemctl disable firewalld
-
disable selinux for the current session:
setenforce 0
-
run nginx as per above on port 443 - get exactly the same issue
- netcat test to port 443 on localhost works
- netcat test to port 443 on VM’s IP (eg: 10.0.2.15) fails
- run nginx as per above on port 80 - everything works
- netcat test to port 80 on localhost works
- netcat test to port 80 on VM’s IP (eg: 10.0.2.15) works!!
Clearly I’m not understanding something… so apologies if this is a dumb question… any help would be greatly appreciated