-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document how to connect to Docker host from container #1143
Comments
when you look inside network.go you find that docker probes for internal networks that are not routed. first 172.16.42.1 is guessed as a bridge address then others. So documenting this wont help much. Its a dynamic scheme you can not rely on. I think what you require is more a way to define the addresses used for bridge and client. |
I think the requirement is clear from the issue title. There needs to be an easy and well-documented way to talk to the host from the container, however it's implemented. |
+1 It would be really nice to have a good way to connect to the host system |
+1, the 1.0 branch will define an introspection API so that each container can interact with the host in a scoped and controlled way. On Thu, Aug 8, 2013 at 1:10 PM, E.J. Bensing notifications@github.com
|
So how can I connect to the docker host from within a container? I am trying to connect to a docker container via the host port rather than the container's private IP. |
@gerhard: an introspection API is planned for 0.8. Meanwhile, if you want to access the Docker API from the containers, you can setup Docker to listen on the IP address of the Docker bridge. To do that, you would:
Now you can access the Docker API from your containers. |
Currently (version 0.7) docker does not reliably support granting unlimited access to its own control socket to one of its containers. The workarounds explained in this thread are hacks which are not guaranteed to work, and if they do might break at any time - please don't use them in production or expect us to support them. Since there is no official feature to document, this doc issue can't be fixed. To discuss hacks and workarounds for missing features, I recommend either the docker-user mailing list, or the #docker irc channel on Freenode. Happy hacking |
@shykes Is there another issue that tracks the creation of such a feature, in that case? |
By the way, to give motivation for such a feature: this is useful when locally testing a server (where I would've used vagrant in the past) and I want to connect a server in the container to a database or other server running on my dev machine (the docker host). |
I am already sold on the value of this feature :) On Mon, Dec 2, 2013 at 9:09 AM, Caleb Spare notifications@github.com
|
I am on Fedora 20 with docker 0.7.2, setting up Docker UI. I had to open the port on which docker daemon listens so the firewall does not block it:
After that docker-ui was able to connect to the docker daemon control socket. HTH |
I'm sorry, if I'm keeping a die hard thread alive. The title of this issues says: "How to connect to host from docker container". I think the issue by bkad is finding the host IP from within the container. Granted I'm not networking wizard, but isn't is fairly safe to assume that the ip gateway (from inside the container) maps to the host. Using the gateway for A alternative would be to pass my hosts public ip to the container using environment variables, but the public IP may not be static. And whilst hostname might work better in production, they are hard to use locally. I still would prefer a way to call from docker container to host through the loopback and appear as For those looking to find the gateway ip from container The Motivation, for this feature includes various meta-data services. Exposing things from ec2 meta-data service would be nice. Distribution of credentials and more complex structured data that doesn't fit into environment variables. |
@jonasfj: there is actually an easier way, now that Docker supports bind-mounting files from host to container. You can bind-mount the Docker control socket, i.e. : |
I am not sure how the docker socket helps. I still think the issue should be reopened, there is no documentation for the following scenario:
@jpetazzo How does setting the docker.sock come in to play to solve the above problem? |
@vrvolle, exposing For example, if you wanted to expose mysql from the host you would expose the mysql socket: Or if you like me have a metadata API through which containers should be able to query the host for various useful things, you create your own unix domain socket and expose it to the container. HTTP over unix domain sockets should work very well. Also you don't have all the network configuration issues and security issues. |
just had to read up upon 'unix domain sockets'. http://stackoverflow.com/questions/14771172/http-over-af-unix-http-connection-to-unix-socket claims there is no URL and therefore no usual client can use that mechanism out of the box. On the other hand: http://stackoverflow.com/questions/14771172/http-over-af-unix-http-connection-to-unix-socket shows that it is somehow possible to use such a socket. But still I would like to simple be able to have an IP adress and port, which a program inside a docker could simply use. I will -- for now -- use
Should I create a new issue or can someone reopen this one. |
@vrvolle It would be nice to document how to do that. But it seems that it's not necessarily a feature docker needs to active support. |
There are multiple ways to address that, depending on what exactly you want to achieve. If you want to connect to a service running on the host (any kind of service, e.g. some API or database that would be running straight on the host), you have to figure out the IP address of the host. One way is to rely on the fact that the Docker host is reachable through the address of the Docker bridge, which happens to be the default gateway for the container. In other words, a clever parsing of Another way is to use the Docker API to retrieve that information. Then, the problem becomes "how do I connect to the Docker API from a container?", and a potential solution (used by many, many containers out there!) is to bind-mount In the long term, Docker will expose a better introspection API, allowing to access that information without giving away too much privilege to the containers. TL,DR: short term, check the default route of the container. Long term, there will be an awesome introspection API. |
i have also problem due to upstart. i can't find anything in /var/run/docker.sock. and used command "-v /etc/run/docker.sock:/etc/run/docker.sock" but nothing happened. |
use -v /var/run/docker.sock - not /etc (which is normally reserved for conf files). |
any update about this in the new 1.0.0 release? |
There is nsenter - but I think the encouraged way is to run sshd at this On Friday, June 13, 2014, Camilo Aguilar notifications@github.com wrote:
Michael D Neale |
vrvolle, thanks for that. A lot of people like us are looking for a little tidbit like this
|
Docker auto updating |
+1 for |
+1 for dockerhost in /etc/hosts, sounds like a good idea |
Editing a file in an image should never be done UNLESS specifically give an argument or flag to do so. Also, it isn't mandatory that 100% of images will follow the LSB, so there might not even be an
|
@nooperpudd if you are using #!/bin/bash
export DOCKERHOST=$(ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1)
# You should use DOCKERHOST env variable in your `docker-compose.yml`
# and put it everywhere you want to connect to `localhost` of the host machine
docker-compose $@ Only problem with this approach is if your IP changes after running your containers you should run them again and they cannot find your new IP. |
A remarkable observation for me is that the command, which is executed when starting docker containers, cannot connect to the container via its host IP address. However when that command does not perform such connection attempts and finishes executing successfully , the container is then able to reach itself via its host IP address. I made this observation when trying to expose the endpoints of NoSql database cluster instances to clients outside the swarm cluster. After all, these endpoints need to be configured with private or public IP addresses of the VM in order for the external client to reach them. Cassandra is however designed in such a way that when it starts it tries to immediately connect with the host IP address (set as Below you see a detailed account of this observation for cassandra (I create these with docker swarm but the same problem appears in
fails with the message that it cannot connect to the listen address:
starts correctly and at the same time I can connect to the host ip address on any port that is exposed in the Dockerfile of the cassandra:2.0 image:
Similarly, the same can be observed during the creation of a second cassandra node
the container fails with the runtime exception that it cannot gossip with the seed:
Specifically for Cassandra, you solve this problem by turning auto bootstrapping of cassandra nodes off. You do that by setting
and then manually start cassandra nodes by executing |
I could use this feature in development, well ... |
@jpetazzo We develop PHP solutions in teams on a mix of platforms. Our debugger (xdebug) needs to connect back to the IDE on the host. On Windows and Linux this works 'out of the box' but on mac our developers have to change the xdebug.ini file to specifically mention their local IP. But the Dockerfile is under source control... queue constant conflicts and swearing as developers clash over editing this file. Yes there are scriptable workarounds but why does docker for windows and mac have docker.for.win.localhost and docker.for.mac.localhost? It's partially helpful but we still need scripts to detect which platform we're on to set this up right. It just seems so much more complicated that it should be. Please reconsider this feature. Docker can be a steep learning curve but issues like this leave your users searching in disbelief on google for hours on end. |
Checking the https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds page helped, using |
For better or worse, |
@rskuipers can you explain what exactly did you do with Currently what I did, is I added this to my
The IP is the host IP from within my container, which I can get by using |
@jzavrl All I did was use |
That's exactly what I'm interested in. What sort of changes specifically you had to make? |
@jzavrl None :P it just worked. |
I don't get it, what did you do with |
@jzavrl I used that instead of the IP to connect to. So docker.for.mac.localhost:8888 |
Ahhhhhh, now that's starting to make sense now. Will try this then. Cheers @rskuipers. |
just use the "en0" 's ip on your computer.for example
|
@acuthbert, thanks for your the suggestion. |
there is little technical reason why this cannot be done and satisfy the 90% of the people on this thread, the corner cases and situations where it doesn't really work, the people who are developing in that situaton could be satisfied with a simple set of "use-cases" which explain what scenarios its likely to not work. This is mostly just political trash and not actual technical reasoning here. I'm hoping one of the other container engines picks up and I can swap kubernetes to using that instead. Then I won't have to deal with this rubbish anymore. |
@NdubisiOnuora, what type of your application? web-application? I have 2 console apps (tcp-server in host and tcp-client in container). For example, Which |
Just resolve the domain to an IP address? |
@orf, |
In case anyone missed it I believe the solution as of 18.03 is EDIT: Didn't see that comments were collapsed by Github... 🤦♂️ |
Works for me: |
@lukasmrtvy That works for a shell, but how about for |
I've created a container to solve this problem in a generic way working an all platforms https://github.com/qoomon/docker-host |
This fails due to a combination of different unrelated issues with docker and envoy. See: docker/for-mac#2965 envoyproxy/envoy#6897 moby/moby#1143
I had some trouble figuring out how to connect the docker host from the container. Couldn't find documentation, but did find irc logs saying something about using
172.16.42.1
, which works.It'd be nice if this behavior and how it's related to
docker0
was documented.The text was updated successfully, but these errors were encountered: