New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows Container with Docker: Cannot reach httpd in container from host (Win2016 TP5) #253
Comments
I also tried different things to be sure that my setup isn't broken. I also can't use the port mapping described in https://msdn.microsoft.com/virtualization/windowscontainers/management/container_networking in TP5 and this docker:
I can access the web server with the container's IP address and the port used inside the container. A Is this still a work in progress? |
@StefanScherer Good to know that I'm not the only one with this issue. So, your case is even more extreme, because you cannot access via host hostname and mapped port at all, while for me, it's working from outside/any other PC on the network, just not from the container host (or the container respectively) itself. |
@mathiasconradt, @StefanScherer - This is a known limitation in our Windows NAT implementation (WinNAT) that you cannot access the external port in a static port mapping directly from the container (NAT) host. |
@JMesser81 Oh, thank you. I have never tried to curl from outside of my TP5 VM to the host port. And yes, it works. |
@JMesser81 Ok,thanks for the info. Good to know. |
add sync working branches: live-sync-work/master-sync-work in branch filters to avoid publishing
Is there a workaround? |
@mgansler-intland Are you on the TP5 Server 2016 OS? This post is from a year ago. If you are having the same problem but on a different OS, there's a solid chance it's a different underlying cause. If you can provide some more info about your setup (ideally repro steps) I'm happy to help. |
@mylesbkeating1993 thanks for responding. I know this post is a year old but I'm facing the same issue. We are evaluating the option to move to using Windows Containers for our CI chain. I've started with creating a Jenkins Image and running it on the (virtualized) Windows 2016 1607 (build 14393.1198) Host. From this Host I cannot access the Jenkins instance but I can from another client in the same network. in the meantime: tl;dr |
@mgansler-intland Sorry for delay, been traveling. OK so @kallie-b will know more than me, but here's what I have after a brief search. I haven't had time to try this stuff out, so take it with a grain of salt).
Is there anything else that's relevant about your network (e.g., do you use a proxy for internet access)? |
@mgansler-intland You can access the Jenkins master from the host by the container IP address. Let's say you have started your Jenkins with something like
If you really need access from local host, add a port forwarding rule ( |
And to connect some dots there are some further links in StefanScherer/dockerfiles-windows#145 to other projects starting to use Jenkins with Windows containers. What I have seen it's all a work in progress, there also are some pull requests in jenkins repos to fix some plugins to work inside containers better. Hard topics are eg. working within a volume mount and using Git/Unix tools based on MSYS2 which does not fully work right now due to TTY issues. |
@StefanScherer Can you update https://hub.docker.com/r/stefanscherer/registry-windows/ - it says that single machine docker container doesnt work right still. |
I initially posted this on stackoverflow:
I have a Windows Server 2016 TP5 machine that I use as a container host.
I have a Windows Container running that I manage with Docker. Inside this container I have an Apache httpd running on port 88.
The port mapping when I start the container is: 0.0.0.0:80->88/tcp, so I map port 80 of my container host to port 88 of the container. This is the output from docker inspect: http://pastebin.com/AVem1eGV
I can now reach the Apache http start page from any other computer in the network through the DNS or IP.
In my case:
But the same does not work when I try to call the same from the host system itself or from inside the container. So, on the host system, I try to access the same URL via browser or wget, and getting:
wget : Unable to connect to the remote server
in both cases.
But I can ping the host from both the host itself as well as the container.
From the host:
From the container:
What does work though is to call the Apache default page via the container hostname (which is win-de6u4068naf) and its running port directly (not through the port mapping), both from the host as well as inside the container:
http://win-de6u4068naf:88/
Just going the route through the container host hostname and mapped port from the host or container itself does not work properly!
Firewall rules allow everything on port 80 from any remote address or to port 80 (=inbound and outbound rules are both set to "allow" for "any").
I know that Microsoft/Docker changed the networking code base of the container/docker support from Windows Server 2016 TP4 to TP5. Not sure if that's related, or whether this is a bug or I'm having something not configured correctly yet.
I made a test and left Docker/Container out of the picture above and installed a plain Apache httpd itself on the container host system on port 80 (and no Docker running at all) just to check whether such setup works or not, in order to be sure that it is actually somehow Docker/Container related and not a problem with my network/host configuration in general. And this works fine, I can reach the Apache from outside as well as from the host itself, thus it must be a Docker/Container related problem.
Environment:
The text was updated successfully, but these errors were encountered: