How to troubleshoot port mapping issue in beta

Hi folks,

I’m running Version 1.12.0-rc2-beta17 (build: 9779)

I have an image of Centos + JBoss EAP 6.4. It is running fine in the container and I can prove that I have the System Admin listening on 9990 (through telnet while ssh’ed to the container).

The JBoss log in the container has
13:30:31,937 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://127.0.0.1:9990/management

I also have an
EXPORT 9990

line in the original Dockerfile plus I am invoking run with -p 9990:9990. The docker ps -a command returns

brereton/jboss “/bin/sh -c '$JBOSS_H” 38 seconds ago Up 37 seconds 0.0.0.0:9080->9080/tcp, 9443/tcp, 0.0.0.0:9990->9990/tcp, 9999/tcp jboss

So, all seems as if it should be well. But it isn’t. From my host, I can’t telnet localhost 9990 (fails to connect) and I can’t see the jboss admin if I point a browser to http://localhost:9990/management.

The twist here is that if I run the basic nginx thing, it works fine, I can see the nginx server on localhost port 80 from my host.

What else should I look at to attempt to diagnose this problem?

If you run a service in a container only listening on 127.0.0.1 (or localhost), it will only accept connections that originate from within the container. You need to reconfigure this to listen on all addresses (maybe explicitly specify 0.0.0.0 as a bind address), and then use docker run -p 127.0.0.1:9990:9990 or something similar to re-limit what’s allowed to connect.

Isn’t this output from docker ps -a (from my note above) telling me that I’m already mapping to 0.0.0.0?

brereton/jboss “/bin/sh -c '$JBOSS_H” 38 seconds ago Up 37 seconds 0.0.0.0:9080->9080/tcp, 9443/tcp, 0.0.0.0:9990->9990/tcp, 9999/tcp jboss

The management service, at a very very low level, is bind(2)'d only to localhost. The thing this means, though, is that you connect to port 9990 on the host; Docker forwards this connection the service, which sees it coming from something like 172.17.0.1; and that’s not 127.0.0.1, so the management service never sees it.

The docker ps output (which looks correct) says “anything I get, I’m forwarding on”, but it doesn’t guarantee anything inside the container is listening.

Ah, okay, now I y see the problem.

For anyone who may be looking at this thread. What I needed to do was
change the interfaces in my standalone-full.xml (or whichever configuration
file you are using…) such that they use <any-address/> rather than
inet-address. See this StackOverflow note for detail ->

Thank you for the tip!