没有到 docker 容器内主机的路由

Question

I am running a Debian docker container on a Windows 10 machine which needs to access a particular url on port 9000 ( 164.16.240.30:9000 )

The host machine can access it fine via the browser, however when I log in to the terminal and run wget 172.17.240.30:9000 I get failed: No route to host .

In an attempt to resolve this I added:

ports:
  - 9000:9000

to the docker-compose.yml file, however that doesn't seem to have made any difference.

In case you can't guess I'm new to this so what would you try next?

Entire docker-compose.yml file:

version: '3.4'

services:
  tokengeneratorapi:
    network_mode: host
    image: ${DOCKER_REGISTRY}tokengeneratorapi
    build:
      context: .
      dockerfile: TokenGeneratorApi/Dockerfile
    ports:
      - 5000:80
      - 9000
    environment:
      ASPNETCORE_ENVIRONMENT: local
      SSM_PATH: /ic/env1/tokengeneratorapi/
      AWS_ACCESS_KEY_ID: 
      AWS_SECRET_ACCESS_KEY: 

Command I'm running:

docker-compose build --build-arg BRANCH=featuretest --build-arg CHANGE_ID=99 --build-arg CHANGE_TARGET=develop --build-arg SONAR_SERVER=164.16.240.30

Answer 1

It seems it's the container having connectivity issues so your proposed solution is likely to not work, as that is only mapping a host port to a container port (considering your target URL is not the actual host).

Check out https://docs.docker.com/compose/compose-file/#network_mode and try setting it to host.

Answer 2

Your browser has access to 164.16.240.30:9000 , because it is going through proxy (typical enteprise environment), so the proxy has network connectivity to 164.16.240.30 . It doesn't mean that also your host has the same network connectivity. Actually, it looks like your host doesn't have that one. That is the reason why direct wget from the container or from terminal has error No route to host .

Everything must go through the proxy. Try to configure proxy properly - linux apps use environment variables http_proxy,https_proxy usually, but apps may have own option to configure proxy, eventualy you may configure it on the source code level. It depends on used app/code.

Answer 3

I think the issue is that you use host mode in your docker compose config file and do you have IPTABLES firewall allowed for the ports in the debian machine? How about windows?

network_mode: host 

which actually bypasses the docker bridge completely so the ports section you specify is not applied. All the ports will be opened on the host system. You can check with

nestat -tunlp | grep 5000

And you will see that the port 5000 is not open and mapped to the 80 of the docker as you would expect. However ports 80 and 9000 should be open on the debian network but not binded to any docker bridge only to the debian ip.

From here: https://docs.docker.com/network/host/

WARNING: Published ports are discarded when using host network mode

As a solution could be to remove the network_mode line and it will work as expected.

Answer 4

Your code doesn't allow your container access to 164.16.240.30:9000 . You should wget 164.16.240.30:9000 from the terminal instead of 172.17.240.30:9000 .