Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker for windows is not mapping ports to localhost #204

Closed
panmanphil opened this issue Nov 4, 2016 · 81 comments
Closed

Docker for windows is not mapping ports to localhost #204

panmanphil opened this issue Nov 4, 2016 · 81 comments

Comments

@panmanphil
Copy link

@panmanphil panmanphil commented Nov 4, 2016

Expected behavior

Using a simple example of the FROM microsoft/iis and EXPOSE 8000 as shown in the samples, this type of command runs, and I can access the port on the ip address shown from docker inspect. However when I use port mapping like so:

docker run -d -p 8080:8000 --rm iissite

I expect to be able to access the site from http:/localhost:8080, instead only the nat ip and EXPOSE port are reachable.

Actual behavior

unable to connect

Information

  • Diagnostic ID from "Diagnose & Feedback" in the menu.
  • a reproducible case if this is a bug, Dockerfiles FTW
  • page URL if this is a docs issue or the name of a man page
  • host distribution and version (Windows version, build number, etc)
    Client:
    Version: 1.12.0
    API version: 1.24
    Go version: go1.6.3
    Git commit: 8eab29e
    Built: Thu Jul 28 23:54:00 2016
    OS/Arch: linux/amd64

Server:
Version: 1.12.2-cs2-ws-beta
API version: 1.25
Go version: go1.7.1
Git commit: 050b611
Built: Tue Oct 11 02:35:40 2016
OS/Arch: windows/amd64

windows version 1607 build 14393.351

Dockerfile
FROM microsoft/iis
RUN mkdir C:\site
RUN powershell -NoProfile -Command
Import-module IISAdministration;
New-IISSite -Name "Site" -PhysicalPath C:\site -BindingInformation "*:8001:"
EXPOSE 8001
ADD . /site

Steps to reproduce the behavior

docker run -d --name site iissite
(from powershell)
docker inspect --format='{{.NetworkSettings.Networks.nat.IPAddress}}' site
wget "http://:8001" -UseBasicParsing
You see StatusCode 200

docker stop site
docker rm site
docker run -d -p 8080:8001 --name site iissite
wget "http://localhost:8080" -UseBasicParsing

get "unable to connect to the remote server"
also try trying the ip of ethernet0 from ip config

with linux containers and previous version of docker for windows, this works and works well

@panmanphil
Copy link
Author

@panmanphil panmanphil commented Nov 5, 2016

Running the same type of -p option on Windows 2016 also does not work. On the Windows 2016 I tried all of the available ip addresses but only the address shown from docker inspect and the original port from the EXPOSE statement worked. I could swear this worked before, and have been doing this for all of this year with the linux/mac versions of docker.

@rn
Copy link
Contributor

@rn rn commented Nov 5, 2016

@panmanphil thanks for the report. Probably confusing, but networking for Windows containers is done differently to the way we run Linux containers on Windows (and the Mac). For Linux containers we use a component, called VPNKit, which watches containers with exposed ports being created and exposes them on the localhost. For Windows containers this component is not used and containers and their ports are only accessible via the NATed IP address.

This is expected behaviour and I'm closing this issue. We should probably add this to our documentation (/cc @londoncalling).

@rn rn closed this Nov 5, 2016
@panmanphil
Copy link
Author

@panmanphil panmanphil commented Nov 6, 2016

This isn't just the loopback connector that isn't working. I tried all the ip addresses on the box listed from ipconfig, and none of them could be used to connect. Only the nated container ip address and port worked. What is the purpose of having -p then if not to put the port on one of the host's ip addresses?

Yes please do update the documentation, I can't be the first to spend a bunch of time on this.

@friism
Copy link

@friism friism commented Nov 6, 2016

@panmanphil the containers are currently only available on the container IP:

 docker inspect --format '{{ .NetworkSettings.Networks.nat.IPAddress }}' <container>  

Details here: https://blog.sixeyed.com/published-ports-on-windows-containers-dont-do-loopback/

@Rusk85
Copy link

@Rusk85 Rusk85 commented Apr 30, 2017

Is this still an issue. Because I tried it with the lastest version of Docker on Win10Pro and netstat -ap | grep PORT gave me nothing.

@jonstelly
Copy link

@jonstelly jonstelly commented May 13, 2017

This is still an issue but if/when it will be resolved seems murky. For anyone else that might be frustrated, I've put together an admittedly sub-optimal work-around for this limitation, DockerProxy. It's a dotnet core console app that proxies from localhost:{port} -> docker-container:{port}. It monitors docker and will start/stop listening on ports as containers come up or down.

@szydan
Copy link

@szydan szydan commented May 23, 2017

For me NATing the port in VirtualBox worked
Go to VirtualBox -> Your BOX -> Settings -> Network ->
Choose NAT
Open Advanced
Click Port Forwarding
Add new rule to map whatever port you need from host to guest
Click OK, OK
Then stop, start the BOX

@vguna
Copy link

@vguna vguna commented Jul 16, 2017

@jonstelly : thanks for the docker proxy. But it doesn't seem to work for me. I just start it on my Windows 7 Home like this:

D:\Coding\DockerProxy>dockerproxy
Hosting environment: Production
Content root path: D:\Coding\DockerProxy
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.

Starting stopping docker image via docker on cmd line doesn't have any effect. I'm missing something here? I also don't understand why it is listening on 5000. Can it be remote controlled or something?

@vguna
Copy link

@vguna vguna commented Jul 18, 2017

Ok, I digged deeper into the rabbit hole and debugged/compiled my own version to see what's the problem here. Forget about the listening stuff I wrote :).

First of all, I have to run the docker tools (docker-machine) on my Windows 7. I think this is the main reason, that DockerProxy is not working out of the box. I did two things to make it work:

In Proxy.cs there something like var nat = Container.NetworkSettings.Networks["nat"];. This silently fails, because in my json there's only a "bridge". After changing that, it starts to bind to 172.17.0.2 - which doesn't work because with the docker-machine, the IP of the VM has to be used - 192.168.99.100 in my case. So for testing I just hardcoded the ip to it, and now it seems to work.

I think it should be possible to get that IP via docker-machine ip. Are there any plans to add docker-tools support to docker proxy?

@TouDick
Copy link

@TouDick TouDick commented Sep 19, 2017

This is ridiculous...
I spent hours looking why my ports are not forwarded as in getting started guide and then I find this....

This should work out of the box! And this is still not mentioned in documentation or am I missing something?!

Moreover default machine created like in getting started guide is not NAT-ted so doing anything like docker inspect --format '{{ .NetworkSettings.Networks.nat.IPAddress }}' returns only

This issue should be reopened and fixed properly. Instead of avoiding the proper solution. This is at end what docker should just do without excuses. Why do anyone need docker container with no possibility to connect to it anyway?

Edit:
PS. docker-machine ip is best suited to get an IP of machine created with default options

@vguna
Copy link

@vguna vguna commented Sep 19, 2017

In the end I switched to Windows 10 Professional since this solution wasn't reliable :(. I wanted to avoid that at all costs. But docker and Win7 is a pain. With the native docker it works quite well now!

@joshijimit
Copy link

@joshijimit joshijimit commented Dec 16, 2017

The only way we can access exposed port in windows is through

> http://<docker-machine ip>:<exposed port>

. I have tried every ip address listed in my ipconfig -all list. At last I found the correct ip from command docker-machine ip. Worked for me in windows 10 pro.

@nickweavers
Copy link

@nickweavers nickweavers commented Dec 16, 2017

So, I have installed the http docker image

$docker run -d --name MyWebServer httpd
7d4f8eb312d1463fd67c7d9169c5bad17581c0d1f5b0319de8c9bfa32df06150

It's running

$docker ps -all
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS               NAMES
df3a451e696f        httpd               "httpd-foreground"   20 minutes ago      Up 20 minutes       80/tcp              MyWebServer

The dockerfile for this image exposes port 80:

EXPOSE 80
CMD ["httpd-foreground"]

When I look at the settings in my Window Docker I see:
image
But when I browse to 10.0.75.0
image

@nickweavers
Copy link

@nickweavers nickweavers commented Dec 16, 2017

I found this very good blog article where it explains how to get around this.

$docker run -d --name MyWebServer -P httpd
f552aa1667f351d63f1cf7e3dae7ab336837ca49c38838dc53c7f3c038dc5c88

Using the -P flag apparently assigns a randomised port number to expose. Reassuringly I saw a Windows Security Alert:
image

$docker port MyWebServer
80/tcp -> 0.0.0.0:32768

but, dissapointingly... http://10.0.75.0:32769 still gives me
image

@nickweavers
Copy link

@nickweavers nickweavers commented Dec 16, 2017

Thanks @joshijimit, I eventually tried your tip of trying all of the addresses given by ifconfig -a and one of them worked

wifi0     Link encap:UNSPEC  HWaddr 74-E5-43-A7-A0-A1-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.0.13  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::d96a:8316:a0d:20b3/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

image
I don't understand why the Docker settings panel tells my it's using 10.0.75.0 but the web server can only be reached on http://10.0.0.13:32769/

@joshijimit
Copy link

@joshijimit joshijimit commented Dec 16, 2017

Glad to hear it helps you @nickweavers. And yes I am also not sure why there is a conflict in IP address in Windows with docker.

@kallie-b
Copy link

@kallie-b kallie-b commented Dec 19, 2017

Hi all,

We now have support for using localhost/loopback to access your container's published ports on Windows 10! Here's the announcement for this support, which is available starting with Windows 10 Insider build 17025.

Have any of you been able to try this already? If so, we'd love to hear your feedback. Let us know whether or not this support is meeting your needs. Feel free to reply here with comments or email our team at sdn_feedback@microsoft.com.

--Kallie Bracken
PM, Windows Core/Container Networking at Microsoft

@joshijimit
Copy link

@joshijimit joshijimit commented Dec 20, 2017

Cool I will give it a try.. Thanks for update.

@nickweavers
Copy link

@nickweavers nickweavers commented Dec 22, 2017

nickw@DESKTOP-OREBB4V:~
$docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
f49cf87b52c1: Pull complete
02ca099fb6cd: Pull complete
de7acb18da57: Pull complete
770c8edb393d: Pull complete
0e252730aeae: Pull complete
6e6ca341873f: Pull complete
2daffd0a6144: Pull complete
Digest: sha256:b5f21641a9d7bbb59dc94fb6a663c43fbf3f56270ce7c7d51801ac74d2e70046
Status: Downloaded newer image for httpd:latest
nickw@DESKTOP-OREBB4V:~
$docker run -d --name MyWebServer httpd
9b100d3a54980d91745697e99f5771eb035d5b7d52d268a8dd044a00d77fbbdf
nickw@DESKTOP-OREBB4V:~
$curl localhost
curl: (7) Failed to connect to localhost port 80: Connection refused

Sadly not working
Lets try mapping dockerfile exposed port on the docker run command
First we need to cleanup

nickw@DESKTOP-OREBB4V:~
$docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED              STATUS              PORTS               NAMES
9b100d3a5498        httpd               "httpd-foreground"   About a minute ago   Up About a minute   80/tcp              MyWebServer
nickw@DESKTOP-OREBB4V:~
$docker stop 9b100d3a5498
9b100d3a5498
nickw@DESKTOP-OREBB4V:~
$docker rm 9b100d3a5498
9b100d3a5498

Now we can try again

nickw@DESKTOP-OREBB4V:~
$docker run -d --name MyWebServer -p 80:80 httpd
5162d436d3deea1ff5638ec3065787e479df668425c038c6262e246447cf7af1
nickw@DESKTOP-OREBB4V:~
$docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS                NAMES
5162d436d3de        httpd               "httpd-foreground"   7 seconds ago       Up 5 seconds        0.0.0.0:80->80/tcp   MyWebServer
nickw@DESKTOP-OREBB4V:~
$curl localhost
<html><body><h1>It works!</h1></body></html>

This time we're good, but is this what you meant by

We now have support for using localhost/loopback to access your container's published ports on Windows 10!

since there was no mention of having to use the -p flag?

@kimtso
Copy link

@kimtso kimtso commented Dec 27, 2017

Hi, I am new on this stuff, could I know is the "exposed" work properly in microsof/iis?
Even I used ip of below, still cannot use the exposed port function.

docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" amazing_wiles
172.21.111.251

ed2248e00f74 microsoft/iis "C:\ServiceMonitor..." 12 minutes ago Up 12 minutes 0.0.0.0:12345->80/tcp amazing_wiles

@londoncalling
Copy link

@londoncalling londoncalling commented Dec 27, 2017

@joshijimit
Copy link

@joshijimit joshijimit commented Dec 27, 2017

@kimtso , As per the comment from @kallie-b and @nickweavers it seems you should be able to access iis through localhost:80 (i.e just localhost) if you are using the latest build. If you can't, try to run "docker-machine ip" command in your docker terminal and use that ip to access your IIS.

image

@nickweavers
Copy link

@nickweavers nickweavers commented Dec 27, 2017

@joshijimit, where does the docker-machine command come from? It doesn't appear to be part of the docker client. My docker clients is

17.09.1-ce, build 19e2cf6

Am I missing something?

nickw@DESKTOP-OREBB4V:~
$docker --version
Docker version 17.09.1-ce, build 19e2cf6
nickw@DESKTOP-OREBB4V:~
$docker-machine ip
docker-machine: command not found
nickw@DESKTOP-OREBB4V:~
$
@Sieabah
Copy link

@Sieabah Sieabah commented Jun 2, 2019

So is the issue where docker doesn't map the ports to localhost a regression we're all going to ignore?

I've been using docker-for-win and it has been happily mapping the ports up until a couple months ago and again recently.

It maps the local ports for mac and linux, why would it not for windows?

No amount of restart/reinstall of docker has fixed this issue. It just loses all port mapping while the containers are running.

@hadaev8
Copy link

@hadaev8 hadaev8 commented Jul 10, 2019

Why this issue closed?

And how to solve it?
My server is 8765 and http://10.0.75.1:8765/ doesn't help to me.

@Sieabah
Copy link

@Sieabah Sieabah commented Jul 10, 2019

@hadaev8 Apparently we just have to deal with the issue as it's not going to be fixed. Just restart your computer and reinstall docker everytime or buy a mac/install linux if you want a better experience.

@Daniel15
Copy link

@Daniel15 Daniel15 commented Jul 11, 2019

My guess is that Docker on WSL2 will improve this experience... Hopefully.

@chandra-goka
Copy link

@chandra-goka chandra-goka commented Aug 8, 2019

Still getting the same issue, tried all options discussed above. I am not understanding why this issue marked as closed.

@SamOrozco
Copy link

@SamOrozco SamOrozco commented Aug 21, 2019

I am still having this problem. What is the recommended work around?

@Sieabah
Copy link

@Sieabah Sieabah commented Aug 22, 2019

I just stopped using it for a month and it started working.

@venkyraghav
Copy link

@venkyraghav venkyraghav commented Sep 19, 2019

I had the same issue. To get the actual ip, use "docker-machine config". Use this ip instead of localhost.

@Sieabah
Copy link

@Sieabah Sieabah commented Sep 21, 2019

That's a non-solution for any development that deals with OAuth integration and is unique to windows only. Works perfectly fine on Mac and Linux on localhost and Windows should be the same.

@KrisPetkov
Copy link

@KrisPetkov KrisPetkov commented Sep 25, 2019

Hello guys, I think I found a solution for .net core applications. It seems that this is a configuration problem but not a Docker problem (at least at the present, maybe it was a Docker problem in the past). So the solution that worked for me:

In your Program.cs add .UseUrls("http://+:<your_port>") and try. This is in case that you are hosting your web application in the default .net core's web server Kestrel. By using the UseUrls method you are telling where the Kestrel web server should listen. Anything from the launchSettings.json file does not matter.

@aslze
Copy link

@aslze aslze commented Sep 28, 2019

Someone proposes as a workaround to access <docker-machine ip>:<exposed port> instead of localhost:<exposed port>. Yes, that works but is not a solution.

If I have a server in a Docker container, the docs say it can be accessed like localhost:80, but I have to first find the machine IP and go like `192.168.99.100:80'. That means it is in the (virtual) network interface between the host and the container. So it cannot be accessed by other physical machines.

How useful is a server that can only be accessed from the host machine? Or is there a way to expose it "publicly"?

(BTW, this is Docker Toolbox on Windows 10 Home)

@Abhijeetdutt
Copy link

@Abhijeetdutt Abhijeetdutt commented Nov 10, 2019

For Windows, try this -

Go to cmd, run ipconfig

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : xvxvxvxvxvxvxvxvxvx
IPv4 Address. . . . . . . . . . . : 000000000 ------------> Use this as IP
Subnet Mask . . . . . . . . . . . : vxvxvxvxvxvx
Default Gateway . . . . . . . . . : vxvxvxvxvxvxv

docker run -d --name webs -P httpd
df18b38c638819e348ab90d219482f910ba

docker ps
df18b38c6388 httpd "httpd-foreground" 5 seconds ago Up 4 seconds 0.0.0.0:32768->80/tcp webs

then, use ${000000000}:32768

0xced added a commit to 0xced/DbContextValidation that referenced this issue Nov 26, 2019
Because on Windows < 10, docker doesn't map ports on localhost, see docker/for-win#204
@tobystic
Copy link

@tobystic tobystic commented Jan 11, 2020

This worked for me. Routed all machine Port 80 host requests to Docker machine IP on Port 80:

docker run -d -p 80:80 'containerImagename'

obtained docker machine IP : docker-machine ip 'machine name'

machineIP:80 on browser

@fazalWahid56
Copy link

@fazalWahid56 fazalWahid56 commented Jan 14, 2020

Issue still exist for me on windows 10 Pro, Build 18363.
tried everything mentioned above. In my case docker-machine ls returns empty so docker-machine ip is not working for me.

@raymondwclark
Copy link

@raymondwclark raymondwclark commented Jan 28, 2020

Got it to work using a combination of @szydan comment:

For me NATing the port in VirtualBox worked
Go to VirtualBox -> Your BOX -> Settings -> Network ->
Choose NAT
Open Advanced
Click Port Forwarding
Add new rule to map whatever port you need from host to guest
Click OK, OK
Then stop, start the BOX

along with @joshijimit comment:

The only way we can access exposed port in windows is through

> http://<docker-machine ip>:<exposed port>

. I have tried every ip address listed in my ipconfig -all list. At last I found the correct ip from command docker-machine ip. Worked for me in windows 10 pro.

@fenchu
Copy link

@fenchu fenchu commented Feb 17, 2020

A simpler way is to just use docker inspect to get the ipadress

docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                              NAMES
26203073615b        fido1:0001          "powershell.exe"    13 minutes ago      Up 13 minutes       0.0.0.0:8315->8315/tcp, 0.0.0.0:61904->61904/tcp   xenodochial_heyrovsky

docker inspect 26203073615b | findstr.exe IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "172.29.97.214",
@dhruvbitid
Copy link

@dhruvbitid dhruvbitid commented Mar 3, 2020

thanks @joshijimit , its really helpful,

@devilvole
Copy link

@devilvole devilvole commented Mar 4, 2020

So disappointing to see this issue is still around after more than three years. And yes - I've wasted hours too trying to fix it before I stumbled on this thread.
I'm trying to automate (well duh!) as much of this as possible so rather than extracting the container IP I've been specifying it. Simple enough but you need to create a network with subnet and use that to run the image.

docker network create --subnet 172.18.01.0/24 --driver nat sql_net

docker run -itd --network sql_net --ip 172.18.01.12 -v e::e: humphriesj/windowssql:2019

In this case the SQL server image is then available at 172.18.01.12:1433 always.

@Haley-Zhu
Copy link

@Haley-Zhu Haley-Zhu commented Mar 17, 2020

<http://docker-machine ip:exposed port> works for me, I can see the view in the browser.
BUT, I have another problem.
When I change the code and save it, the view in the browser CANNOT refresh. The view of <http://docker-machine ip:exposed port> still remain showing the view before code change.
Does anyone knows how to refresh the performance in the browser <http://docker-machine ip:exposed port>?
I tried docker-compose down then docker-compose up again, but it doesn't work.

@jesselawson
Copy link

@jesselawson jesselawson commented Mar 26, 2020

@kimtso , As per the comment from @kallie-b and @nickweavers it seems you should be able to access iis through localhost:80 (i.e just localhost) if you are using the latest build. If you can't, try to run "docker-machine ip" command in your docker terminal and use that ip to access your IIS.

image

For folks not able to use Docker on Windows because we don't have Pro, Enterprise, or Education edition, this was the correct way to get this all working. Thank you!

@docker-desktop-robot
Copy link
Collaborator

@docker-desktop-robot docker-desktop-robot commented Jun 18, 2020

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators Jun 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet