无法连接到Docker容器：拒绝连接

Question

I have a war file deployed as Docker container on linux ec2 . But when I try to hit the http://ec2-elastic-ip:8080/AppName , I don't get any response.

I have all the security group inbound rules set up for both http and https . So that's not a problem.

Debugging

I tried debugging by ssh-ing the linux instance. Tried command curl localhost:8080 , this is the response:

curl: (7) Failed to connect to localhost port 8080: Connection refused

Tried with 127.0.0.1:8080 but the same response.

Next thing I did was to list the Docker container: docker ps . I get:

CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS   PORTS   NAMES
<ID>        <ecr>.amazonaws.com/<my>-registry:2019-05-16.12-17-02   "catalina.sh run"   24 minutes ago      Up 24 minutes       0.0.0.0:32772->8080/tcp   ecs-app-24-name

Now, I connected to this container using docker exec -it <name> /bin/bash and tried checking tomcat logs which clearly shows that my application war is there and tomcat has started.

I ever tried checking the docker-machine ip default but this gave me error:

Docker machine "default" does not exist. Use "docker-machine ls" to list machines. Use "docker-machine create" to add a new one.

Now am stuck. Not able to debug further. The result am expecting is to access the app through the url above.

What to do? Is it something am doing wrong?

Also, to mention, the entire infrastructure is managed through terraform . I first create the base image,copy the war to webapps using DockerFile , push the registry image and finally do a terraform apply to apply any changes.

Answer 1

Currently your app is working on a random host port ie 32772 , see the docker ps output .You must be able to access you app on http://ec2-ip:32772 once you allow port 32772 in security groups.

In order to make it work on host port 8080, you need to bind/expose the host port during docker run -

$ docker run -p 8080:8080 ......

If you are on ECS, ideally you should use an ALB & TG with your service.

However, if you are not using ALB etc then you can try giving a static hostPort in TD "hostPort": 8080 (I haven't tried this). If it works fine, you will need to make sure to change the deployment strategy as "minimum healthy percentage = 0" else you might face port conflict issues.

Answer 2

Make sure that apache is listening on all IP addresses inside the docker container, not just localhost. The IP should be like 0.0.0.0.

If any service is running inside docker and is listening to only localhost, it can only be accessed inside that container, not from the host.

You can also try to start apache with port 8080 and bind docker 8080 port with host 8080 port

docker run apache -p 8080:8080

Answer 3

If the application needs a network port you must EXPOSE it in the docker file.

EXPOSE <port> [<port>/<protocol>...]

In case you need that port to be mapped to a specific port on the network, you must define that when you spin up the new container.

docker run -p 8080:8080/tcp  my_app

If you use run each image separately you must bind the port every time. If you don't want to do this every time you can use docker-compose and add the ports directive in it.

ports:
 - "8080:8080/tcp"

Supposing you added expose in the dockerfile, he full docker-compose.yml would look like this:

version: '1'
services:
  web:
    build:
    ports:
    - "8080:8080"
    my_app:
    image: my_app