Docker Community Forums

Share and learn in the Docker community.

Connection refused when you try to connect to a service port started on host


(Eabay) #1

Expected behavior

Started container can connect to a service port started on host.

Actual behavior

Connection attempts are refused inside the container although service is up and running and can be connected successfully.

Information

The output of pinata diagnose

$ pinata diagnose -u
OS X: version 10.11.4 (build: 15E65)
Docker.app: version v1.11.1-beta10
Running diagnostic tests:
[OK]      docker-cli
[OK]      Moby booted
[OK]      driver.amd64-linux
[OK]      vmnetd
[OK]      osxfs
[OK]      db
[OK]      slirp
[OK]      menubar
[OK]      environment
[OK]      Docker
[OK]      VT-x
Docker logs are being collected into /tmp/20160509-092534.tar.gz
Most specific failure is: No error was detected
Your unique id is: 7C58AF0A-9BCF-4CBF-8901-F1AA2EF546F9
Please quote this in all correspondence.

OS Version
OSX 10.11.4

Steps to reproduce the behavior

  1. Start a service on the host
`$ sudo apachectl start`
  1. Start a container
`$ docker run --rm -ti alpine sh`
  1. Get host ip

    / # hostip=$(netstat -nr | grep '^0\.0\.0\.0' | awk '{ print $2 }'); echo $hostip
    172.17.0.1

  2. Try to telnet port 80

`/ # telnet $hostip 80`
`telnet: can't connect to remote host (172.17.0.1): Connection refused`
  1. But ping works
`/ # ping $hostip`
`PING 172.17.0.1 (172.17.0.1): 56 data bytes`
`64 bytes from 172.17.0.1: seq=0 ttl=64 time=0.096 ms`
`64 bytes from 172.17.0.1: seq=1 ttl=64 time=0.089 ms`
`^C`
`--- 172.17.0.1 ping statistics ---`
`2 packets transmitted, 2 packets received, 0% packet loss`
`round-trip min/avg/max = 0.089/0.092/0.096 ms`

If you apply these steps on a linux host, you can telnet to the port. The strange case is that connection is OK if you start another container with a port binding and try to connect to that port.

On host:

$ docker run --rm -p 8080:80 httpd

On container:

/ # telnet $hostip 8080
GET /
<html><body><h1>It works!</h1></body></html>
Connection closed by foreign host

(Eabay) #2

This issue didn’t get much attention and still exists in Version 1.11.1-beta11 (build: 6974).


(Jmbrunskill) #3

I have a similar problem. I don’t know how to communicate with a service running on my host OS.
My current docker setup is to have a MYSQL server running on my host OSX, and connect to it from my docker containers. This was possible by connecting to my gateway IP when using docker machine.


(Jmbrunskill) #4

FYI - I can connect to my host using it’s external IP Address eg. 192.168..
I’m still lacking a programatic way to get this IP through, if I could connect to gateway it would be a lot easy !


(Juan Pablo Ortiz) #5

Same thing for me, cannot access anything in the gateway IP. I was used to connect to postgress on the host from my containers.


(Dobly) #6

Jan 2017 and this issue still exists. I have only just started to learn docker for a few days now. I created a simple .NET Core web api console app.

I’ve tried it on Win10 64 bit and with a Ubuntu 16.04 install. In both cases I can see the IP address and port, but I cannot connect to app.

I too specified port 8080.

I got the IP address with

> docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myappname

This returned

172.17.0.2

So, i tried

> 172.17.0.2/api/people

This should return a list of people in JSON format.

This app works without docker.

But I get this error.

curl: (7) Failed to connect to 172.17.0.1 port 8080: Connection refused


(Luis Majano) #7

Did you figure this out?


(Tomas Maconko) #8

Any news on this? We had the same issue on ~100 services in production. We are running around 10 Docker services per server on 80 servers and problem appeared randomly for different types of services, different types of ports.


(Jinairu) #9

There’s no working solution right now, or?


(Mvilain) #10

The problem is that services expecting to connect to “localhost” break when you containerize them if you have the service running outside the container. You have to pass the service the IP address of the host machine in order for the containerized service to connect to it. localhost inside the container doesn’t leave the container.

At some point, my hope is that Docker will create an environment variable that’s available inside the container that maps automatically to local machine running the container. I think they did this for MacOS docker, but apparently, not for linux.

My own problem is being able to use mailx inside a container to connect to postfix outside. I have to do some tricky stuff with /etc/mail.rc to get it to work since mailx doesn’t use an environment variable for the IP:port to connect to.