Connection refused when you try to connect to a service port started on host

eabay · May 9, 2016, 7:22am

Expected behavior

Started container can connect to a service port started on host.

Actual behavior

Connection attempts are refused inside the container although service is up and running and can be connected successfully.

Information

The output of pinata diagnose

$ pinata diagnose -u
OS X: version 10.11.4 (build: 15E65)
Docker.app: version v1.11.1-beta10
Running diagnostic tests:
[OK]      docker-cli
[OK]      Moby booted
[OK]      driver.amd64-linux
[OK]      vmnetd
[OK]      osxfs
[OK]      db
[OK]      slirp
[OK]      menubar
[OK]      environment
[OK]      Docker
[OK]      VT-x
Docker logs are being collected into /tmp/20160509-092534.tar.gz
Most specific failure is: No error was detected
Your unique id is: 7C58AF0A-9BCF-4CBF-8901-F1AA2EF546F9
Please quote this in all correspondence.

OS Version
OSX 10.11.4

Steps to reproduce the behavior

Start a service on the host

`$ sudo apachectl start`

Start a container

`$ docker run --rm -ti alpine sh`

Get host ip

/ # hostip=$(netstat -nr | grep '^0\.0\.0\.0' | awk '{ print $2 }'); echo $hostip
172.17.0.1
Try to telnet port 80

`/ # telnet $hostip 80`
`telnet: can't connect to remote host (172.17.0.1): Connection refused`

But ping works

`/ # ping $hostip`
`PING 172.17.0.1 (172.17.0.1): 56 data bytes`
`64 bytes from 172.17.0.1: seq=0 ttl=64 time=0.096 ms`
`64 bytes from 172.17.0.1: seq=1 ttl=64 time=0.089 ms`
`^C`
`--- 172.17.0.1 ping statistics ---`
`2 packets transmitted, 2 packets received, 0% packet loss`
`round-trip min/avg/max = 0.089/0.092/0.096 ms`

If you apply these steps on a linux host, you can telnet to the port. The strange case is that connection is OK if you start another container with a port binding and try to connect to that port.

On host:

$ docker run --rm -p 8080:80 httpd

On container:

/ # telnet $hostip 8080
GET /
<html><body><h1>It works!</h1></body></html>
Connection closed by foreign host

eabay · May 16, 2016, 10:05pm

This issue didn’t get much attention and still exists in Version 1.11.1-beta11 (build: 6974).

jmbrunskill · May 19, 2016, 11:16pm

I have a similar problem. I don’t know how to communicate with a service running on my host OS.
My current docker setup is to have a MYSQL server running on my host OSX, and connect to it from my docker containers. This was possible by connecting to my gateway IP when using docker machine.

jmbrunskill · May 19, 2016, 11:19pm

FYI - I can connect to my host using it’s external IP Address eg. 192.168..
I’m still lacking a programatic way to get this IP through, if I could connect to gateway it would be a lot easy !

pablasso · May 20, 2016, 12:44am

Same thing for me, cannot access anything in the gateway IP. I was used to connect to postgress on the host from my containers.

dobly · January 11, 2018, 1:30am

Jan 2017 and this issue still exists. I have only just started to learn docker for a few days now. I created a simple .NET Core web api console app.

I’ve tried it on Win10 64 bit and with a Ubuntu 16.04 install. In both cases I can see the IP address and port, but I cannot connect to app.

I too specified port 8080.

I got the IP address with

> docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myappname

This returned

172.17.0.2

So, i tried

> 172.17.0.2/api/people

This should return a list of people in JSON format.

This app works without docker.

But I get this error.

curl: (7) Failed to connect to 172.17.0.1 port 8080: Connection refused

lmajano · March 19, 2018, 2:05pm

Did you figure this out?

djslonik1 · May 16, 2018, 5:34am

Any news on this? We had the same issue on ~100 services in production. We are running around 10 Docker services per server on 80 servers and problem appeared randomly for different types of services, different types of ports.

jinairu · July 5, 2018, 8:59am

There’s no working solution right now, or?

mvilain · September 13, 2018, 9:37pm

The problem is that services expecting to connect to “localhost” break when you containerize them if you have the service running outside the container. You have to pass the service the IP address of the host machine in order for the containerized service to connect to it. localhost inside the container doesn’t leave the container.

At some point, my hope is that Docker will create an environment variable that’s available inside the container that maps automatically to local machine running the container. I think they did this for MacOS docker, but apparently, not for linux.

My own problem is being able to use mailx inside a container to connect to postfix outside. I have to do some tricky stuff with /etc/mail.rc to get it to work since mailx doesn’t use an environment variable for the IP:port to connect to.

rajathslr · August 29, 2019, 6:31pm

I had a similar problem while creating a windows socket in .netcore SDK and connecting to a Server. I was getting “connection refused” if I used the same IP as that of linux VM in which the SDK is installed. The solution which worked for me is to assign a different IP for my application, but on the server side you assign the IP of the VM.
CLient App: 192.168.56.102
VM (Client App resides in this): 192.168.56.101
Server App: 192.168.56.101
PS: Not a total pro in Socket programming and networking, but it just might help few people.