8

I am running a Debian docker container on a Windows 10 machine which needs to access a particular url on port 9000 (164.16.240.30:9000)

The host machine can access it fine via the browser, however when I log in to the terminal and run wget 172.17.240.30:9000 I get failed: No route to host.

In an attempt to resolve this I added:

ports:
  - 9000:9000

to the docker-compose.yml file, however that doesn't seem to have made any difference.

In case you can't guess I'm new to this so what would you try next?

Entire docker-compose.yml file:

version: '3.4'

services:
  tokengeneratorapi:
    network_mode: host
    image: ${DOCKER_REGISTRY}tokengeneratorapi
    build:
      context: .
      dockerfile: TokenGeneratorApi/Dockerfile
    ports:
      - 5000:80
      - 9000
    environment:
      ASPNETCORE_ENVIRONMENT: local
      SSM_PATH: /ic/env1/tokengeneratorapi/
      AWS_ACCESS_KEY_ID: 
      AWS_SECRET_ACCESS_KEY:

Command I'm running:

docker-compose build --build-arg BRANCH=featuretest --build-arg CHANGE_ID=99 --build-arg CHANGE_TARGET=develop --build-arg SONAR_SERVER=164.16.240.30
m.edmondson
  • 28,523
  • 26
  • 113
  • 191
  • Try to simulate the browser via wget, as https://stackoverflow.com/questions/43182879/using-wget-to-fake-browser It may be a firewall that cuts the connection. Also try to disable ufw(https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29): "sudo service ufw stop" if it is installed and enabled. – Jannes Botis Mar 11 '20 at 14:05
  • 1
    Your container need access to `164.16.240.30:9000`, which is not running on your machine. Your browser has access to this `164.16.240.30:9000` resource, but container doesn't. Am I right? Why you are trying to wget different resource `172.17.240.30:9000` from the terminal and not `164.16.240.30:9000`? – Jan Garaj Mar 11 '20 at 19:56
  • Do check that you don't have any proxy entries in your ~/.wgetrc file. – Gautam Mar 12 '20 at 06:55
  • as far as I understand, tokengeneratorapi proxies requests to some sonar_server. Is this correct ? Are we even sure tokengeneratorapi properly forwards to port 9000 ?. next step may be to log into your container, and target with get or curl the sonar server:9000. And if ok, to target your tokengeneratorapi "application" like 127.0.0.1:9000 and ensure it forwards properly (still __within__ the container) – grodzi Mar 14 '20 at 07:40
  • Still not clear on your issue, are you saying that' from container you are not able to access 164.16.240.30:9000 ? When you say `I log in to the terminal and run` are you inside container ? and why you are using different IP 172.17.240.30 vs 164.16.240.30 – Vikrant Pawar Mar 15 '20 at 06:19
  • Could you enter to your container and perform a wget to localhost:9000? Maybe it is an error of container itself! – JRichardsz Mar 15 '20 at 16:59

4 Answers4

1

It seems it's the container having connectivity issues so your proposed solution is likely to not work, as that is only mapping a host port to a container port (considering your target URL is not the actual host).

Check out https://docs.docker.com/compose/compose-file/#network_mode and try setting it to host.

agermain
  • 82
  • 9
  • Tried this to no avail, please see the updated question – m.edmondson Mar 08 '20 at 14:28
  • To add to this it looks as though 'host' doesn't work on a non-linux host https://docs.docker.com/network/network-tutorial-host/ – m.edmondson Mar 08 '20 at 18:17
  • Good catch, my apologies for that! Could you verify that it is not a firewall issue? The firewall needs to allow connections from the docker containers through the host. – agermain Mar 08 '20 at 18:18
  • I'm not sure how I would do that since the host is windows 10. In addition internet connections work for example `wget www.google.co.uk` returns 200. Maybe this is a linux thing, iptables perhaps? – m.edmondson Mar 08 '20 at 18:23
  • Are you behind a company proxy? Try `docker network prune`. Also, what is the image based in? – agermain Mar 08 '20 at 18:32
  • I am yes, however since my host browser can access and the container has basic internet access I would imagine it should work? `docker network prune` just killed all my networks but doesn't seem to have helped – m.edmondson Mar 08 '20 at 18:35
  • My initial FROM is the `mcr.microsoft.com/dotnet/core/aspnet:2.2` – m.edmondson Mar 08 '20 at 18:48
  • It could be worth setting the same DNS in use by the host: https://docs.docker.com/compose/compose-file/#/dns. When using Docker for Windows, at the end of the day you are using a VM as the actual host so you need to make sure that the VM has proper DNS resolution (and restart the containers afterwards if there's any changes). – agermain Mar 08 '20 at 18:51
  • Please show all listening ports on host. See: https://stackoverflow.com/a/48199/5372462 – ofirule Mar 10 '20 at 08:54
1

Your browser has access to 164.16.240.30:9000, because it is going through proxy (typical enteprise environment), so the proxy has network connectivity to 164.16.240.30. It doesn't mean that also your host has the same network connectivity. Actually, it looks like your host doesn't have that one. That is the reason why direct wget from the container or from terminal has error No route to host.

Everything must go through the proxy. Try to configure proxy properly - linux apps use environment variables http_proxy,https_proxy usually, but apps may have own option to configure proxy, eventualy you may configure it on the source code level. It depends on used app/code.

Jan Garaj
  • 15,566
  • 1
  • 19
  • 40
1

I think the issue is that you use host mode in your docker compose config file and do you have IPTABLES firewall allowed for the ports in the debian machine? How about windows?

network_mode: host

which actually bypasses the docker bridge completely so the ports section you specify is not applied. All the ports will be opened on the host system. You can check with 

nestat -tunlp | grep 5000

And you will see that the port 5000 is not open and mapped to the 80 of the docker as you would expect. However ports 80 and 9000 should be open on the debian network but not binded to any docker bridge only to the debian ip.

From here: https://docs.docker.com/network/host/

WARNING: Published ports are discarded when using host network mode

As a solution could be to remove the network_mode line and it will work as expected.

Jinxmcg
  • 954
  • 9
  • 18
0

Your code doesn't allow your container access to 164.16.240.30:9000. You should wget 164.16.240.30:9000 from the terminal instead of 172.17.240.30:9000.

boi yeet
  • 82
  • 10