[Solved] Unclear behaviour of a MySQL container running with Docker for Mac 1.12.0-a

I’ve already read a couple of forum entries that address the network limitations of Docker for Mac. Even the docs state that Docker for Mac is unable to route traffic to containers, and from containers back to the host. But what does that means exactly and what is the reason behind? I’m not interested in workarounds. I’ve already read that I can go “backward” to Docker Toolbox or run docker in docker. My aim is to understand the behaviour.

I have set up a docker image running Apache and MySQL based on Ubuntu. When I start the container with docker run, I set the -P option to expose the Apache port (80) and MySQL port (3306) to the host. docker ps shows that “port forwardings” are established (using some “random” ports > 32767 on the host). Below I assume that 80 is bound to 32777 and port 3306 is bound to 32778.

Afterwards I can successful run curl localhost:32777. This gives me the start page (index.html) of a fresh Apache 2.4 installation.

I’ve installed MySQL Workbench on my Mac. When I try to establish a TCP connection to localhost 32778, I get an error message “Lost connection to MySQL server at ‘reading initial communication packet’, system error: 0”. I did a debugging session with wireshark to see what’s going on on the network layer (using the loopback interface). I can see a successful start of a TCP communication (SYN → SYN ACK → ACK). But why is it not possible to connect to the MySQL server process running in the Docker container.

I’ve checked that MySQL is properly configured. Running a MySQL client inside the docker container that uses TCP to access the MySQL server (and does not use a socket) works as expected.

To exclude any influences of MySQL Workbench, I’ve tried telnet localhost 32778 which does not work as well. telnet localhost 32777 works as expected.

Can anybody explain why a HTTP connection to the Apache process works, but the TCP communication with the MySQL server does not work. Furthermore, what does the limitation “Docker for Mac is unable to route traffic to containers, and from containers back to the host” means in this context. I’m not sure how to explain the behaviour.

Thanks in advance!

Best,
Sascha

To come up with this problem, you have to edit /etc/mysql/my.cnf and set

bind-address = 0.0.0.0

Also make sure that the user user with password pass has sufficient access rights. In my case I run the following SQL statement in the container:

echo "GRANT ALL ON *.* TO user@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION; FLUSH PRIVILEGES" | mysql -u root -p

Change user and pass, respectively.

Also make sure to restart mysqld after changing my.cnf.