Expose multiple container hosted on a single host to internet

ezspam · February 16, 2018, 5:14pm

Hi,
I’m just learning docker and playing around by hosting ghost on containers. Initially, I managed to get ghost up and running and was able to access successfully from a custom domain. Then i spun up another container for the same ghost application and bound it to a different port. I did this to try two different ghost themes . But I seem to have broken the system. I’m unable to access from an external domain. It works when i acess from the local host

Container 1 : ghost application - theme1 , IP Add : 192.x.x.20: 2500
Container 2: ghost application-theme 2 , IP Add: 192.x.x.20:3500

external ip 217.x.x.x

I presume something need to be done with networking but not sure how to proceed. Any help is appreciated.

sdetweil · February 16, 2018, 7:18pm

what kind of docker host?

what are those ip addresses? the containers, the host? what is the ‘external’ address?

ezspam · February 16, 2018, 8:20pm

Here’s the output from docker info
pi@ud-kube-master:~ $ docker -D info Containers: 2
Running: 1
Paused: 0 Stopped: 1
Images: 2 Server Version: 18.02.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs Supports d_type: true
Native Overlay Diff: true Logging Driver: json-file
Cgroup Driver: cgroupfs Plugins:
Volume: local Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive
Runtimes: runc
Default Runtime: runc Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.59-v7+
Operating System: Raspbian GNU/Linux 9 (stretch)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 875.8MiB
Name: ud-kube-master
ID: SIU5:XDOA:5NX2:2ZAR:BOFO:UZIL:KT6V:VF7B:HB27:5COJ:O6FO:PAGN
Docker Root Dir: /var/lib/docker
Debug Mode (client): true
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support

sdetweil · February 16, 2018, 8:31pm

thanks… 1 container isn’t running…

ip addr on the host

docket inspect id for the 2 containers to get their ip addresses…

ezspam · February 16, 2018, 8:41pm

Thanks for your help. Here’s the output

pi@ud-kube-master:~ $ docker inspect -f ‘{{.NetworkSettings.IPAddress}}’ udblog-ghost-new
172.17.0.2

ezspam · February 16, 2018, 8:44pm

I have removed the other container. Right now I am only running one container. I also found that I can’t access the ghost application . When I curl I get an error
I found that am getting this error after I restarted my container
pi@ud-kube-master:~ $ curl http://localhost:3500 curl: (56) Recv failure: Connection reset by peer
pi@ud-kube-master:~ $

ezspam · February 16, 2018, 8:46pm

Btw…I tried to remove to troubleshoot where I was going.now after the restart I can’t access the ghost application landing page. I could access the application if I remove and run again. I get the curl error whenever I restart the container

sdetweil · February 16, 2018, 11:25pm

i think the entrypoint command gets rerun on restart, so it might take some different parms,

ezspam · February 17, 2018, 10:19am

Here’s the link to the docker file

github.com

docker-library/ghost/blob/6a3fa7ee0002aeef94616ef79055aa88e9d8bff4/1/debian/Dockerfile

# https://docs.ghost.org/supported-node-versions/
# https://github.com/nodejs/LTS
FROM node:6-slim

# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.10
RUN set -x \
	&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
	&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
	&& export GNUPGHOME="$(mktemp -d)" \
	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
	&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
	&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
	&& chmod +x /usr/local/bin/gosu \
	&& gosu nobody true

ENV NODE_ENV production

ENV GHOST_CLI_VERSION 1.5.2
RUN npm install -g "ghost-cli@$GHOST_CLI_VERSION"

This file has been truncated. show original

The entry point is a script .not sure how to troubleshoot
ENTRYPOINT [“docker-entrypoint.sh”]

ezspam · February 21, 2018, 4:15pm

I managed to isolate the issue but not able to resolve it.
It works when i run either of the commands

docker exec -it curl http:localhost:3500

it also works when i use the ip of the container and port number

curl http://172.17.02:3500

But i doesn’t work when curl using localhost:3500 . I found a similar issue outlined here

ezspam · February 21, 2018, 4:17pm

Also, this is entry point script that’s being run

#!/bin/bash
set -e

# allow the container to be started with `--user`
if [[ "$*" == node*current/index.js* ]] && [ "$(id -u)" = '0' ]; then
	chown -R node "$GHOST_CONTENT"
	exec gosu node "$BASH_SOURCE" "$@"
fi

if [[ "$*" == node*current/index.js* ]]; then
	baseDir="$GHOST_INSTALL/content.orig"
	for src in "$baseDir"/*/ "$baseDir"/themes/*; do
		src="${src%/}"
		target="$GHOST_CONTENT/${src#$baseDir/}"
		mkdir -p "$(dirname "$target")"
		if [ ! -e "$target" ]; then
			tar -cC "$(dirname "$src")" "$(basename "$src")" | tar -xC "$(dirname "$target")"
		fi
	done

	knex-migrator-migrate --init --mgpath "$GHOST_INSTALL/current"
fi

exec "$@

sdetweil · February 21, 2018, 4:59pm

but that is executing curl INSIDE the container… not on the docker host.
localhost INSIDE the container is INSIDE the container… (ie 172.17.0.2)… NOT the docker host IP address

ezspam · February 21, 2018, 5:00pm

Yes…thats right. Its working inside the container and not on the docker host.

sdetweil · February 21, 2018, 5:05pm

but the BOUND port is on the HOST

-p 3500:80
means 3500 port on HOST will send traffic to container port 80

this is how you can have multiple instances of the identical container running on the same host…
the same container port number is mapped to a different host port for each container instance

the code in the container DOES NOT KNOW the port is mapped.

ezspam · February 21, 2018, 5:12pm

I get that. But I am still lost on how to resolve this. This happens only when I restart the container

sdetweil · February 21, 2018, 5:14pm

try not using localhost… but the containers internal IP address… but then you would use the container applications listening port (usually 80 for web applications), not the host port number

sdetweil · February 21, 2018, 5:23pm

i am not sure we are talking about the same thing…

docker run -d -name fred -p 2500:80 foo
docker run -d -name mark -p 3500:80 foo

the from the docker host, you can access the application in fred with
localhost:2500 OR hosts-ip_address:2500, OR (container_ip address:80, 172.17.0.2 usually)
you can ALSO connect to container fred from another machine on a network accessible to the docker HOST with
docker_host_ip_address:2500
but NEVER with the containers IP address…

same applies to container mary, only using host port 3500

INSIDE the container you can access the application using localhost:80, or the containers IP address:80, 172.17.0.2:80
but NOT the port number of the mapping to the host

ezspam · February 21, 2018, 5:24pm

hmm…if I use the container ip I wil not be able to access it from the internet. Sorry, I’m still a novice user here. I was able to access the site using the localhost:3500 when I spin up the container. It stops working only after I restart the container . During restart some parameter is changing thats creating this issue but not sure what it is. From the stackoverflow link I see a similar issue but looks like something has to be done with nodejs .

ezspam · February 21, 2018, 5:32pm

Sorry, it was my bad. I didn’t explain clearly.

I created a container using the following command
docker run -d -p 3500:2368 --restart unless-stopped -v /var/lib/ghost/content --name blog-ghost --volumes-from ghost-data arm32v7/ghost:latest

Once the container is up and running , I could access the container from the host as you had pointed out
docker_host_ip_address:3500

Until this step everything works fine. If I restart , then am unable to use the docker_host_ip_address:portnumber to access the blog. I am getting an error.

Here’s the log output and error

INFO [2018-02-21 11:56:59] “GET /” 200 1094ms
INFO [2018-02-21 11:59:25] “GET /” 200 313ms
INFO [2018-02-21 12:12:43] “GET /” 200 319ms
INFO [2018-02-21 12:56:19] “GET /” 200 254ms
INFO [2018-02-21 14:44:20] “GET /” 200 242ms
[2018-02-21 14:46:02] WARN Ghost has shut down
[2018-02-21 14:46:02] WARN Your blog is now offline
[2018-02-21 14:46:10] INFO Finished database migration!
[2018-02-21 14:46:21] INFO Ghost is running in production…
[2018-02-21 14:46:21] INFO Your blog is now available on http://localhost:3500/
[2018-02-21 14:46:21] INFO Ctrl+C to shut down
[2018-02-21 14:46:21] INFO Ghost boot 10.607s
INFO [2018-02-21 15:48:58] “GET /” 200 1113ms
INFO [2018-02-21 15:51:01] “GET /” 200 347ms
INFO [2018-02-21 15:52:23] “GET /” 200 286ms
INFO [2018-02-21 15:58:06] “GET /” 200 245ms
INFO [2018-02-21 17:10:41] “GET /” 200 259ms
pi@kube-master:~ $ curl http://localhost:3500
curl: (56) Recv failure: Connection reset by peer

I