Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker for Windows Container are not reachable outside host anymore #4391

Open
zhujik opened this issue Aug 2, 2019 · 17 comments

Comments

@zhujik
Copy link

commented Aug 2, 2019

  • I have tried with the latest version of my channel (Stable or Edge)
  • I have uploaded Diagnostics
  • Diagnostics ID:
    58CFA20E-7891-4FB1-B79E-17F960480329/20190802141658

Expected behavior

Docker Containers are from other machines reachable via computername:port from the network

Actual behavior

Docker containers are not reachable from other machines anymore

Information

  • Windows Version: 10
  • Docker Desktop Version: 2.1

Steps to reproduce the behavior

  1. Run a container on a specific port, e.g. docker run --name mynginx1 -p 8080:80 -d nginx
  2. From another machine in the network. type the following in the browser: http://computername:8080/
  3. Expect to see nginx welcome page, instead timeout. Same happens for IP
  4. From the host itself the container is reachable as normal (via localhost and computername and ip)
  5. Issue is there since version 2.1 upgrade, it works on machines that still run the old docker desktop version
@mikeparker

This comment has been minimized.

Copy link
Contributor

commented Aug 2, 2019

I can't see anything special from your logs other than the fact you have multiple DNS servers. Can you check your DNS settings haven't been reset and look correct from the settings page?

Also I assume you haven't switched between linux and windows container mode?

@zhujik

This comment has been minimized.

Copy link
Author

commented Aug 2, 2019

Hi mikeparker, thank you for your answer.

The DNS settings look normal to me. DNS server is set to automatic and has ever been. I didn't switch between container modes, it's linux for all hosts that we tested this on. So far for all computers that we updated in our department (4), this issue materialized.

Which information could I provide to you to help debug this issue?

@sjdvda

This comment has been minimized.

Copy link

commented Aug 2, 2019

I am having the exact same issue (Windows 10, Docker 2.1 Edge and Stable). What I have tried so far:

  • Reinstalling Docker
  • Disabling Hyper-V and enabling it again
  • Resetting all network interfaces

Nothing has worked so far. I can only access my containers from the local machine. Other (non-Docker) programs can be accessed from the LAN so it's definitely a Docker issue.

@erickhchan

This comment has been minimized.

Copy link

commented Aug 2, 2019

Having the same issue with Windows 10, Version 2.1.0.0 (36874) after updating just a few hours ago.

My docker containers aren't able to resolve internal hostname. When using the resolved ip address everything works as expected. I've double-checked my dns settings and used both "automatic" and manually specifying the dns server.

@kjlhgfds

This comment has been minimized.

Copy link

commented Aug 4, 2019

I downgraded windows docker and the issue is gone, so definitly an upgrade related issue.

@sjdvda

This comment has been minimized.

Copy link

commented Aug 6, 2019

I downgraded windows docker and the issue is gone, so definitly an upgrade related issue.

Did you have to uninstall docker to be able to downgrade? And did you lose your containers when uninstalling?

When I try to run the 2.0.0.3 installer I get the "Existing installation is up to date" message. I'm thinking uninstalling is probably the only way to resolve this issue but I don't want to go through the trouble of setting up 25+ containers again.

@frankyifei

This comment has been minimized.

Copy link

commented Aug 6, 2019

I have the same problem. Is there a way to manually set the internal dns?

@kjlhgfds

This comment has been minimized.

Copy link

commented Aug 6, 2019

Did you have to uninstall docker to be able to downgrade? And did you lose your containers when uninstalling?

Yes I did because I have less than 10 containers.
If someone has a way to save volumes outside dockers so we can bakcup them and put them again in the new docker installation, I'd be glade to hear you !

@djs55

This comment has been minimized.

Copy link

commented Aug 6, 2019

@zhujik In the diagnostics I see the container starting and opening a port forward as expected

[16:08:02.627][GoBackendProcess  ][Info   ] Adding tcp forward from 0.0.0.0:80 to 172.17.0.2:80

and the port forwarder has the following:

{"proto":"tcp","out_ip":"0.0.0.0","out_port":80,"out_path":"","in_ip":"172.17.0.2","in_port":80,"in_path":"","annotation":""}

Given that it works on the local machine but not on remote machines I think it must be some kind of firewall issue. Could you try disabling your firewall and trying again?

I attempted to reproduce the problem locally but it works as expected for me (unfortunately).

@sjdvda

This comment has been minimized.

Copy link

commented Aug 6, 2019

I have disabled my firewall but unfortunately the issue still persists.

Diagnostic ID: 3AF31CA1-733A-4D1C-972E-46213C91A1AA/20190806175545

@frankyifei

This comment has been minimized.

Copy link

commented Aug 7, 2019

same here
AD945C75-43E0-4F00-8D23-FE2061E742D0/20190807082423

@bigtongue5566

This comment has been minimized.

Copy link

commented Aug 8, 2019

same problem.
I disabled windows firewall for public network and it works for me.

@zhujik

This comment has been minimized.

Copy link
Author

commented Aug 8, 2019

@djs55 thank you for your answer.
When the domain firewall is disabled, the issue is resolved. However, since turning off the domain firewall imposes a security issue, this is not a permanent workaround. What do I need to configure in this firewall to resolve this issue?

Still, I don't know why the domain firewall blocks containers that run with docker desktop 2.1 and not for older versions?!

@sjdvda

This comment has been minimized.

Copy link

commented Aug 8, 2019

Disabling Windows Firewall for both Private networks and Public networks made containers reachable again for me as well. But as @zhujik said, this is not a permanent workaround.

@sjdvda

This comment has been minimized.

Copy link

commented Aug 8, 2019

I noticed that the program name changed from "Docker for Windows" to "Docker Desktop" between 2.0 and 2.1 and so did the executable. I checked the Advanced Windows Firewall rules and I noticed that there was an entry to allow all inbound and outbound connections for "C:\Program Files\Docker\Docker\Docker for Windows.exe" (a file that no longer exists) but no such rule for "C:\Program Files\Docker\Docker\Docker Desktop.exe".

Unfortunately, creating new inbound and outbound "Allow all" rules in Windows Firewall for "Docker Desktop.exe" does not make a difference for me. My containers are still only reachable from the host machine.

@sjdvda

This comment has been minimized.

Copy link

commented Aug 12, 2019

After a lot of trial and error, I believe I have solved the issue:

In Windows Defender Firewall with Advanced Security, the following rule needs to be created:

Type: Inbound
Program: C:\Program Files\Docker\Docker\resources\com.docker.backend.exe
Allow all connections

Other machines on the local network can now reach my containers. My nginx reverse proxy is also working again and I can access my exposed containers from the internet.

Hopefully this fix will work for others in this thread.

@simonfagerholm

This comment has been minimized.

Copy link

commented Aug 13, 2019

Had the same issue, and solved it the same way as @sjdvda (unfortunately I didn't find this issue until after).
I used netstat -nab to figure out which application was using the ports that where configured for the docker containers. In the issue above it would be 8080. In case this happens again, the same steps should usable to resolse the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.