Curl connection refused between docker containers in the same network

Docker Engine Compose
,
1

Hi,

I really need a help. I am not able to communicate between two docker containers in the same network. I have one Web App and one Web API, both developed in net core. When I open each container individually, it’s all fine, however when I open it using docker-compose, my problems start, the Web App cannot reach the Web API, another interesting point my Web API is not accessible from the browsers, I tested also via curl connected in the Web App container to see if I could reach the Web API, in all of them the connection is refused.

The curl commands are below, from the Web App Document_Manager I tried to reach the API via Docker DNS name or Network IP.

curl -l -v https://DemandUploader/api/v1/jobs
curl -l -v https://172.21.0.3/api/v1/jobs

[Updated] it worked with the following address host.docker.internal:44335. But I believe an error with SSL.

# curl -l -v https://host.docker.internal:44335/api/v1/jobs
* Expire in 4 ms for 1 (transfer 0x559aecfc4fb0)
*   Trying 192.168.65.2...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x559aecfc4fb0)
* Connected to host.docker.internal (192.168.65.2) port 44335 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to host.docker.internal:44335
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to host.docker.internal:44335

I can access via the browser the Web App, but I can’t reach the Web API.

https://localhost:51113/ - Web App opens ok - but I don't know who exposed this port (probably Visual Studio)
https://localhost:44349/ - Web App opens ok, port correctly exposed
https://localhost:44335/api/v1/jobs - Web API doesn't work. This site can't be reach, no clue why.

My docker compose file is

version: '3.5'

services:
  documentuploader:
    image: ${DOCKER_REGISTRY-}documentuploader
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://localhost;http://localhost
      - ASPNETCORE_HTTPS_PORT=44335
      # Do not create development certificate in an environment that will be distributed.
      #- DOTNET_GENERATE_ASPNET_CERTIFICATE=false
    networks:
      - doc_manager
    ports:
      - "51217:80"
      - "44335:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
      - ${APPDATA}/ASP.NET/Https/:/root/.aspnet/https/
    build:
      context: .
      dockerfile: DocumentUploader/Dockerfile

documentmanager:
    image: ${DOCKER_REGISTRY-}documentmanager
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://localhost;http://localhost
      - ASPNETCORE_HTTPS_PORT=44349   
      # Do not create development certificate in an environment that will be distributed.
      #- DOTNET_GENERATE_ASPNET_CERTIFICATE=false
    networks:
      - doc_manager
    ports:
      - "51218:80"
      - "44349:443"
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets
      - ${APPDATA}/ASP.NET/Https/:/root/.aspnet/https/
    build:
      context: .
      dockerfile: Document Manager/Dockerfile

networks:
  doc_manager:
    name: doc_manager
    driver: bridge

My Web App Docker file

#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.

FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /src
COPY ["Document Manager/Document Manager.csproj", "Document Manager/"]
COPY ["StorageLibrary/StorageLibrary.csproj", "StorageLibrary/"]
COPY ["ConfigurationLibrary/ConfigurationLibrary.csproj", "ConfigurationLibrary/"]
RUN dotnet restore "Document Manager/Document Manager.csproj"
COPY . .
WORKDIR "/src/Document Manager"
RUN dotnet build "Document Manager.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "Document Manager.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Document Manager.dll"]

My Web API docker file

#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.

FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /src
COPY ["DocumentUploader/DocumentUploader.csproj", "DocumentUploader/"]
COPY ["StorageLibrary/StorageLibrary.csproj", "StorageLibrary/"]
COPY ["ConfigurationLibrary/ConfigurationLibrary.csproj", "ConfigurationLibrary/"]
RUN dotnet restore "DocumentUploader/DocumentUploader.csproj"
COPY . .
WORKDIR "/src/DocumentUploader"
RUN dotnet build "DocumentUploader.csproj" -c Release -o /app/build 

FROM build AS publish
RUN dotnet publish "DocumentUploader.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "DocumentUploader.dll", "--add-host host.docker.internal:host-gateway"]

My docker ps result

CONTAINER ID   IMAGE          COMMAND               CREATED         STATUS         PORTS                                                                                NAMES
85e3c839800b   153fcddf6be2   "tail -f /dev/null"   4 minutes ago   Up 4 minutes   0.0.0.0:51218->80/tcp, :::51218->80/tcp, 0.0.0.0:44349->443/tcp                      Document_Manager
7c13697396ff   35a417564d5a   "tail -f /dev/null"   4 minutes ago   Up 4 minutes   0.0.0.0:51217->80/tcp, :::51217->80/tcp, 0.0.0.0:44335->443/tcp, :::44335->443/tcp   DocumentUploader

My docker network inspect doc_manager :

[
    {
        "Name": "doc_manager",
        "Id": "10bf638deffa7ebf60c09e44930724a09c6e2b3e26a818e1e1ba6077466fc91e",
        "Created": "2021-09-14T10:10:47.2165323Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.21.0.0/16",
                    "Gateway": "172.21.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "7c13697396ffcba2c41b99ccdb877bb3a328bb3db161b0beda65c5fe79c92af7": {
                "Name": "DocumentUploader",
                "EndpointID": "f5e4810c43e3082801cd3bba388060ec5cb868c6fc0e7801537736133c9f662d",
                "MacAddress": "02:42:ac:15:00:03",
                "IPv4Address": "172.21.0.3/16",
                "IPv6Address": ""
            },
            "85e3c839800be1fa6b2ea654545fc54ef82341eb944ab3c958ed5976489f1462": {
                "Name": "Document_Manager",
                "EndpointID": "a2a46723f4b4a8f2a8e58764c518ef0fad2e122a64a39ff68101bf9d1288f968",
                "MacAddress": "02:42:ac:15:00:02",
                "IPv4Address": "172.21.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "doc_manager",
            "com.docker.compose.project": "dockercompose2539187112001429162",
            "com.docker.compose.version": "2.0.0"
        }
    }
]

Any suggestion? What can I do to trouble-shoot the connection refused? I am wondering if the Web API was really launched in the container.

2

Hi, This article put some light in my problem “Connection Refused? Docker networking and how it impacts your image”,therefore I changed the environment variable ASPNETCORE_URLS in the API DocumentUploader Service of the docker-compose file
Changed ASPNETCORE_URLS=https://localhost;http://localhost to ASPNETCORE_URLS=https://0.0.0.0;http://0.0.0.0

Now, Kerstel in the Web API DocumentUploader container is able to listening all interfaces, this includes the Bridge Network Interface of the containers. Now when Docker forwards the request, the web server will be able to listen it.

My next step is to configure the Kerstel Web Service to listen only the Container’s IP.

The only thing not clear to me is that the Web App Document_Manager continues with the same configuration ASPNETCORE_URLS=https://localhost;http://localhost, and It was always working fine. Don’t know why the problem was only with the requests to the Web API.