Clever Geek Handbook

Can't access open Docker port container from external machine, only from localhost?

I have a Docker container running on my Ubuntu Linux 14.04 machine that opens a port publicly:

docker run --name spacyapi -d -p 127.0.0.1:7091:7091 jgontrum/spacyapi:en

I can connect and execute commands against a server in a container without issue from a local machine. For example:

curl http://localhost:7091/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST

The command is executed correctly. However, if I try to execute the same CURL command from an external machine, I get a connection refused error:

curl http://192.5.169.50:5000/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
curl: (7) Failed to connect to 192.5.169.50 port 7091: Connection refused

Where 192.5.169.50 is the IP address of the block that runs the Docker container.

I don't think I need any iptables rules because I didn't need to install any Node.JS server running on the same box. All other computers on my local network can access the Node.JS server. But not a Docker container acting as a server.

How can I fix this?

+3


source to share


2 answers


You haven't publicly published your port with this flag:

-p 127.0.0.1:7091:7091

This flag indicates that interface (localhost) is published on node 127.0.0.1, port 7091 to container port 7091. The only way to reach this port is to be on the host and connect to the loopback interface.

To publicly publish a port, remove the IP address from this flag:



-p 7091:7091

or explicitly publish to all interfaces with:

-p 0.0.0.0:7091:7091

The latter format is identical to the first unless you have overridden the docker daemon settings with dockerd --ip x.x.x.x

or set a value ip

in / etc / docker / daemon.json.

+4


source


I don't think the container's IP is 192.5.169.50. Try running docker inspect <container-uid> | grep IPAddress

to check what the container IP is. I believe it should be something like 172.17.0.X.

Also you can just do docker run -d --network=host <image>

that which puts the container on top of the main network.



The container is just something on top of the host, the host is the one that actually talks to the outside.

+2


source






More articles:


All Articles