Docker Community Forums

Share and learn in the Docker community.

Problem to get through to a container port

Hi everybody,

I have a problem with one of my Docker containers. It provides two web application services, RStudio Server and R Shiny Server. It is started with

docker run -d -p 127.0.0.1:3840:3838 -p 127.0.0.1:8790:8787 -v /var/www/shiny-server/:/srv/shiny-server/ --name rservers --restart always rservers

and a docker ps gives

# docker ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                                                NAMES
1326f5f9eac7        rservers                     "/install/start-serv…"   16 hours ago        Up 16 hours         127.0.0.1:3840->3838/tcp, 127.0.0.1:8790->8787/tcp   rservers
136ea0f63229        chockemeyer/rservers:3.5.1   "/install/start-serv…"   19 months ago       Up 2 weeks          127.0.0.1:3839->3838/tcp, 127.0.0.1:8788->8787/tcp   rservers-3.5.1

Now I can reach port 3840 without problems but not port 8790. If I telnett to it I receive

# telnet localhost 8790
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

This means the porrt is listened but not (correctly) connected to the service. If I do the same telnet call (to port 8787) within the container, everything works fine.
As you can see from the above docker ps output, I have a second, parallel container running (with just a different R version) where everything works fine.
Host system and container are both Ubuntu 18.04, Docker version 19.03.8, build afacb8b7f0.

I woud be grateful for any ideas as I have run out of them…

Hey Cord, did you ever figure this out? I’m running in to this exact problem now in a container that I’ve been running successfully for the last year. Problem just started occurring out of nowhere.

Nope - other containers with (more or less) the same configuration work fine but not that one.

Thanks for the reply Cord.

Just to add to the conversation if anyone finds this thread: when I telnet to port 30003 from inside my container, I can connect just fine. When I telnet from the container host using the mapped port, it fails with “connection closed by foreign host”

The craziest part of this is that after some number of minutes up to a few hours, it starts connecting!

Looking inside the container, it’s clearly listening, and the port is mapped properly.

root@fdf8393cea8e:/var/opt/fed2# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:30003           0.0.0.0:*               LISTEN      6/fed2d

Well, after trying every configuration possible, there is a solution to this problem.

If you can, simply set the flag ‘–net=host’ and it’ll fix your issues. This will only work on linux hosts (since it’s not available on mac or windows) and it has a bunch of other implications (such as your containers can not now map ports, or run apps on the same port).

Rick

yes :). if you bind mount the docker client and /var/run/docker.sock into your container, you can inspect yourself. This is an insecure approximation of introspection, which is being worked on (for eg #4332 )

the long term plan is to provide a safe way to do this - am I’m presuming that includes only allowing containers to look up their own info, without the writeable risks.