linux - Docker swarm, listening in container but not outside -


we have number docker images running in swarm-mode , having trouble getting 1 of them listen externally.

if exec container can curl url on 0.0.0.0:8080.

when @ networking on host see 1 packet being stuck in recv-q listening port (but not others working correctly.

looking @ nat rules can curl 172.19.0.2:8084 on docker host (docker_gwbridge) not on actual docker-host ip (172.31.105.59).

i've tried number of different points (7080, 8084, 8085) , stopped docker, did rm -rf /var/lib/docker, , tried running container no luck. ideas on why wouldn't working 1 container image 5 others work fine?

docker service

docker service create --with-registry-auth --replicas 1 --network myoverlay \   --publish 8084:8080 \   --name containerimage \   docker.repo.net/containerimage

ss -ltn

state       recv-q send-q                                              local address:port                                                               peer address:port  listen      0      128                                                 172.31.105.59:7946                                                                          *:* listen      0      128                                                             *:ssh                                                                           *:* listen      0      128                                                     127.0.0.1:smux                                                                          *:* listen      0      128                                                 172.31.105.59:2377                                                                          *:* listen      0      128                                                            :::webcache                                                                     :::* listen      0      128                                                            :::tproxy                                                                       :::* listen      0      128                                                            :::us-cli                                                                       :::* listen      0      128                                                            :::us-srv                                                                       :::* listen      0      128                                                            :::4243                                                                         :::* listen      1      128                                                            :::8084                                                                         :::* listen      0      128                                                            :::ssh                                                                          :::* listen      0      128                                                            :::cslistener                                                                   :::*

iptables -n -l -t nat

chain prerouting (policy accept) target     prot opt source               destination docker-ingress   --  0.0.0.0/0            0.0.0.0/0            addrtype match dst-type local docker      --  0.0.0.0/0            0.0.0.0/0            addrtype match dst-type local  chain input (policy accept) target     prot opt source               destination  chain output (policy accept) target     prot opt source               destination docker-ingress   --  0.0.0.0/0            0.0.0.0/0            addrtype match dst-type local docker      --  0.0.0.0/0           !127.0.0.0/8          addrtype match dst-type local  chain postrouting (policy accept) target     prot opt source               destination masquerade   --  172.19.0.0/16        0.0.0.0/0 masquerade   --  0.0.0.0/0            0.0.0.0/0            addrtype match src-type local masquerade   --  172.17.0.0/16        0.0.0.0/0 masquerade   --  172.18.0.0/16        0.0.0.0/0  chain docker (2 references) target     prot opt source               destination return      --  0.0.0.0/0            0.0.0.0/0 return      --  0.0.0.0/0            0.0.0.0/0  chain docker-ingress (2 references) target     prot opt source               destination dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8084 to:172.19.0.2:8084 dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9000 to:172.19.0.2:9000 dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8083 to:172.19.0.2:8083 dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.19.0.2:8080 dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:172.19.0.2:8081 dnat       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8082 to:172.19.0.2:8082 return      --  0.0.0.0/0            0.0.0.0/0

ip | grep 172.19

inet 172.19.0.1/16 scope global docker_gwbridge

ip a 

1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state unknown     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <broadcast,multicast,up,lower_up> mtu 9001 qdisc pfifo_fast state qlen 1000     link/ether 12:d1:da:a7:1d:1a brd ff:ff:ff:ff:ff:ff     inet 172.31.105.59/24 brd 172.31.105.255 scope global dynamic eth0        valid_lft 3088sec preferred_lft 3088sec     inet6 fe80::10d1:daff:fea7:1d1a/64 scope link        valid_lft forever preferred_lft forever 3: docker0: <no-carrier,broadcast,multicast,up> mtu 1500 qdisc noqueue state down     link/ether 02:42:55:ae:ff:f5 brd ff:ff:ff:ff:ff:ff     inet 172.17.0.1/16 scope global docker0        valid_lft forever preferred_lft forever 4: docker_gwbridge: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state     link/ether 02:42:ce:b5:27:49 brd ff:ff:ff:ff:ff:ff     inet 172.19.0.1/16 scope global docker_gwbridge        valid_lft forever preferred_lft forever     inet6 fe80::42:ceff:feb5:2749/64 scope link        valid_lft forever preferred_lft forever 23: vethe2712d7@if22: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether 92:58:81:03:25:20 brd ff:ff:ff:ff:ff:ff link-netnsid 1     inet6 fe80::9058:81ff:fe03:2520/64 scope link        valid_lft forever preferred_lft forever 34: vethc446bc2@if33: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether e2:a7:0f:d4:aa:1d brd ff:ff:ff:ff:ff:ff link-netnsid 4     inet6 fe80::e0a7:fff:fed4:aa1d/64 scope link        valid_lft forever preferred_lft forever 40: vethf1238ff@if39: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether e6:1a:87:a4:18:2a brd ff:ff:ff:ff:ff:ff link-netnsid 5     inet6 fe80::e41a:87ff:fea4:182a/64 scope link        valid_lft forever preferred_lft forever 46: vethe334e2d@if45: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether a2:5f:2c:98:10:42 brd ff:ff:ff:ff:ff:ff link-netnsid 6     inet6 fe80::a05f:2cff:fe98:1042/64 scope link        valid_lft forever preferred_lft forever 58: vethda32f8d@if57: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether ea:40:a2:68:d3:89 brd ff:ff:ff:ff:ff:ff link-netnsid 7     inet6 fe80::e840:a2ff:fe68:d389/64 scope link        valid_lft forever preferred_lft forever 41596: veth9eddb38@if41595: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether fa:99:eb:48:be:b0 brd ff:ff:ff:ff:ff:ff link-netnsid 9     inet6 fe80::f899:ebff:fe48:beb0/64 scope link        valid_lft forever preferred_lft forever 41612: veth161a89a@if41611: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue master docker_gwbridge state     link/ether b6:33:62:08:da:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 3     inet6 fe80::b433:62ff:fe08:dac4/64 scope link        valid_lft forever preferred_lft forever

ok that's normal behavior of container, port mapping usable host ip. if use container ip have reach port 8080 (the real port of application).

because of --publish used, port 8080 of container mapped port 8084 on host ip


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more