ManageIQ web application inside docker container can't connect to Hawkular outside container

gladiator67 · March 10, 2017, 11:52am

I use monitoring application “ManageIQ” inside docker container with the ssl port to check the application “hawkular” which is located outside the docker container. Belows are the docker commands,

docker pull manageiq/manageiq:euwe-2
docker run --privileged -d -p 8443:443 manageiq/manageiq:euwe-2

And I configure the ssl setting inside the “ManageIQ” docker container

docker exec -ti “container-id” bash –l

[root@17a6a6bd8743 vmdb]# vi /etc/httpd/conf.d/ssl.conf
ServerName localhost:8443
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile /opt/manageiq/manageiq-ui-service/node_modules/browser-sync/lib/server/certs/server.crt
SSLCertificateKeyFile /opt/manageiq/manageiq-ui-service/node_modules/browser-sync/lib/server/certs/server.key
[root@17a6a6bd8743 vmdb]# systemctl restart httpd
[root@17a6a6bd8743 vmdb]# yum install firewalld -y
[root@17a6a6bd8743 vmdb]# systemctl start firewalld
[root@17a6a6bd8743 vmdb]# systemctl enable firewalld
[root@17a6a6bd8743 vmdb]# firewall-cmd --add-service=https --permanent
success
[root@17a6a6bd8743 vmdb]# firewall-cmd --reload
success

The ManageIQ web application https://localhost:8443 works succesfully. But can’t connect to hawkular whose url is http://localhost:8080 located outside the docker container. These 2 applications have each different “localhost” However I have no idea how to handle this problem. Do I miss any process to solve this issue? Your advice will be deeply appreciated. Best regards.

dmaze · March 10, 2017, 2:07pm

Right. “localhost” (and its 127.0.0.1 IPv4 address) is always the current container. I’d recommend reading through the Docker networking documentation in detail.

I think this is likely to change the host system’s firewall, and in turn, is likely to break Docker’s networking.

As a general rule, you should never run containers --privileged unless you really really need to and are comfortable with the idea of them changing host-global parameters. There might be more specific --cap-add options to do very specific things.

Also as a general rule, you shouldn’t use docker exec to install software inside containers and change their config files: you’ll have to make these same changes again, by hand, every time you restart the container, which can be a pretty regular thing. You should also read up on how the Dockerfile/docker build system works, and if you need to do something like tweak configuration files, either build a custom image with those changes or inject them at runtime using docker run -v.