"network_mode: host" does not use the network of host machine

[leialexisjiang]

Hi, actually I want to deploy all my applications in one machine and I use "network_mode: host" for sharing the same network of host machine inside docker container.

But I find that I can't access my application with "localhost" in the host machine.

example :
Inside docker container, this command works well, but not work in the host machine
curl -H "Content-Type: application/json" http://localhost:8761/eureka/apps

ifconfig in the container (IP is 192.168.65.2) :

root@moby:/edge-service# ifconfig
br-11d1260a7759 Link encap:Ethernet  HWaddr 02:42:8c:42:40:f1
          inet addr:172.20.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-812e2bf1341c Link encap:Ethernet  HWaddr 02:42:5e:fc:f0:00
          inet addr:172.19.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-8ddc0704ebaa Link encap:Ethernet  HWaddr 02:42:d0:5a:52:52
          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

docker0   Link encap:Ethernet  HWaddr 02:42:01:ce:32:86
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr c0:ff:ee:c0:ff:ee
          inet addr:192.168.65.2  Bcast:192.168.65.7  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7431 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4343 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10443531 (9.9 MiB)  TX bytes:245727 (239.9 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3199 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3199 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:363061 (354.5 KiB)  TX bytes:363061 (354.5 KiB)

ifconfig in the host machine (IP is 192.168.1.99) :

mobilecenter:~ $ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128
    inet 127.0.0.1 netmask 0xff000000
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 60:f8:1d:bb:54:66
    inet6 fe80::62f8:1dff:febb:5466%en0 prefixlen 64 scopeid 0x4
    inet 192.168.1.99 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:fe:3f:a0
    media: autoselect <full-duplex>
    status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:fe:3f:a1
    media: autoselect <full-duplex>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 02:f8:1d:bb:54:66
    media: autoselect
    status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
    ether 5a:15:f9:99:be:bf
    inet6 fe80::5815:f9ff:fe99:bebf%awdl0 prefixlen 64 scopeid 0x8
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 62:f8:1d:bb:23:00
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 5 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 6 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive

I'm a little confused, IP inside container and host machine should not be the same in network_mode: host ?

Between the docker containers, they can share network (the two containers of my docker-compose.yml can communicate well between them with localhost) , but not with the host machine.

I think maybe I misunderstand the network_mode host.

The docker-compose.yml looks like :

version:` '2'

services:
  edge-service:
    restart: restart
    image: registry.raimtec.com/edge-service
    volumes:
      - edge_service_log:/edge-service/logs
    ports:
      - 9080:9080
    container_name: edge-service
    depends_on:
      - discovery-service
    network_mode: host
    environment:
      - HOST_NAME=localhost
      - SERVER_PORT=9080
      - LEASE_RENEWAL_INTERVAL_SECS=30
      - DISCOVERY_HOST=http://localhost:8761
      - HYSTRIX_ISOL_TIMEOUT=60000
      - RIBBON_CONNECT_TIMEOUT=3000
      - RIBBON_READ_TIMOUT=60000
      - RESTART_ENABLED=true
      - SHUTDOWN_ENABLED=true
      - HEALTH_ENABLED=false
      - NEBULA_REF_SERVICE_ROUTE=/nebula/v1/**
  discovery-service:
    restart: restart
    image: registry.raimtec.com/discovery-service
    volumes:
      - discovery_service_log:/discovery-service/logs
    ports:
      - 8761:8761
    container_name: discovery-service
    network_mode: host
    environment:
      - HOST_NAME=localhost
      - SERVER_PORT=8761
      - LEASE_RENEWAL_INTERVAL_SECS=30
      - REGISTER_WITH_EUREKA=true
      - FETCH_REGISTRY=false
      - WAIT_TIME_MS_WHEN_SYNC_EMPTY=0
      - ENABLE_SELF_PRESERVATION=true
      - RESTART_ENABLED=true
      - SHUTDOWN_ENABLED=true
      - HEALTH_ENABLED=true
volumes:
  edge_service_log: {}
  discovery_service_log: {}

Docker inspect (network part) :

        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "9a7eb00e08cbf5f1dbd3fe87d1643f8a5fa31414a6bd7fa7e04081949284d363",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/default",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "host": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "d3a065edac656a838506f1975c755a9732cc5d458de7ef30c2a8c128ce1249da",
                    "EndpointID": "a8b37dac419e8fdd1cbfc5f80bfd7e117359274f56c1fe0ea752d739f713f936",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }
            }
        }

Docker/Docker compose version:

mobilecenter:~ $ docker version
Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      linux/amd64

mobilecenter:~ $ docker-compose version
docker-compose version 1.8.0, build f3628c7
docker-py version: 1.9.0
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.2h  3 May 2016

Thanks in advance

[aanand]

Are you using Docker for Mac or Docker Toolbox? I don't think network_mode: host will work as expected with either. @dgageot, @nathanleclaire: can you confirm?

[leialexisjiang]

I use Docker for Mac
Version 1.12.0 (build: 10871)

[nathanleclaire]

@raycursif Thanks for the issue. --net host does not work in Docker for Mac at the time of writing. (see also: https://forums.docker.com/t/should-docker-run-net-host-work/14215/17) At least not how you're intending it to.

In Docker for Mac you have a little managed VM that runs Linux. This is where Docker actually runs. D4M does "magic" to map exposed ports to your Mac's localhost if you expose them using -p etc. on the default bridge network.

--net host will instruct the container to use the host's network namespace (the Linux VM -- not the Mac) but the D4M magic does not know how to forward ports in this case because they are not "registered" with Docker. They are simply exposed in the native network namespace of the host. Think about it, this container is just a process that could be listening on any number of ports but D4M has no way to query what they are. Usually this is easily parse-able via docker inspect or equivalent if they were set with --publish. So D4M can't forward them to your Mac localhost.

You can see it with your own two eyes:

(on Mac)

$ docker run -d --net host nginx
7596dfd95ebddd0ffcfd6cdc4542df22a78b1d987e02993de7697007b2c50855

$ curl localhost
curl: (7) Failed to connect to localhost port 80: Connection refused

$ docker run --net host alpine wget -qO- localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Why do you want to use --net host at all? If you are not 100% positive that you need this, usually best is to not use it. A vastly superior option is to create your own docker network and throw the containers that need to talk to each other on it. You can still expose ports on the bridge using -p or ports: to contact on the Mac's localhost.

[leialexisjiang]

Thx for quick response and it‘s very clear !

The raison to use --net host is simply to test my whole system in one local machine with least modifications in configs. As you said, I think I will try to create docker network in this case that seems a better solution.

regards

[montrealist]

@raycursif were you able to figure it out? Having a similar issue.

[leialexisjiang]

@montrealist
No, now I use the real IP address instead of 'localhost' to avoid using '--net host'.

Btw, I tried '--net host' in Debian linux, it works.

[jnovack]

With Docker-CE, is this still the case?

[nathanleclaire]

With Docker-CE, is this still the case?

AFAIK, yes

[sarkistlt]

network_mode: host still doesn't work on mac

[arbhoj]

I am facing the same issue

[jnovack]

Replying "me 2" like some AOLer isn't helping the discussion, in fact, it's a great way to get the conversation locked.

If you are just here to say "pl0x fix kthx1" All you have to do is click the "Subscribe" button in the right-hand column and click the "Thumbs Up" icon on the first post or the "Sad Face" emoji three posts above.

[synaestheory]

One particular scenario that I'm trying to utilize this for (maybe there's another solution?) is to debug a node application with chrome devtools by passing in the --inspect flag.

Debugging via devtools is still considered an experimental feature in both node and chrome devtools so it's possible a bug exists in one of those places. However, when running the service locally (outside of the docker container) the debugger can connect just fine. Inside the docker container, chrome devtools never connects to the node websocket. If I tell the node process to bind to port 0.0.0.0 it appears to connect but no information is actually shared (no source code, console logs, or breakpoints). By default node inspect + chrome-devtools attempts to use 127.0.0.1 and my guess is that the issue is due to the way networking is set up between docker4mac and the host machine. Would love to see this working as I assume it would cause my use case to "just work".

[tikiatua]

Hi there,

"host" network mode should work on docker for mac if you disable the dns_search method by adding the command dns_search=. to the docker-compose specification.

The explanation: By default, the container will try to resolve ip-addresses depending on the dns configuration of the host. Usually the host will have a google dns server specified to resolve addresses. The google dns server will however not be able to resolve internal localhost addresses. If you disable the external dns server with the dns_search setting, the internal addresses should be resolved correctly.

[inancgumus]

@tikiatua it's still not working on me. I added following to docker-compose.yml:

dns_search:
  - .

or

dns_search: .

Did you mean something else?

[shin-]

This is outside of Compose's purview. People interested in a resolution to this issue should follow docker/for-mac#1031 instead.

[RicoToothless]

Same issue too.
very helpful, thanks

[neilpalima]

Does this work on Windows?

[asmaier]

If you just want to reach a service on the host from within a docker container on Mac OS X you cannot use localhost or 127.0.0.1 . Instead you have to use

host.docker.internal

see https://docs.docker.com/docker-for-mac/networking/ .

[loynoir]

Same issue, solved by below, not sure if buggy or not.
For me it works, need host dns server. Env: linux.

services:
  foobar:
    build:
      context: .
      dockerfile: Dockerfile
      network: host
version: '3.8'

[wymaricd]

Docker seems to like to change their docker-compose.yml schema. Make sure you are using the correct parameters for your version. For example, @loynoir 's highly downvoted answer worked great for me. I suspect the downvoters are on a different version.

[TranKimHieu]

Same issue, solved by below:
use extra_hosts instend of network_mode: host
env: Macos

services:
  mongo1:
    container_name: mongo1
    hostname: mongo1
    image: mongo
    restart: always
    ports:
      - 27017:27017
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - "mongo1_data:/data/db"
      - "mongo1_config:/data/configdb"
    command: ["--replSet", "rs0", "--bind_ip_all", "--port", "27017"]

[sigmarion1]

Same issue too.

in MacOS 14.5
Docker version 24.0.7