Mac host doesn't like Docker container port forwarding

Question

I am experimenting with Docker for the first time, and am trying to get a Spring Boot web app to run inside a Docker container. I am building the app (which packages up into a self-contained jar) and then adding it to the Docker image (which is what I want).

You can find my SSCCE at this Bootup repo on GitHub , whose README has all the instructions to reproduce what I'm seeing. But basically:

• I build the web app into a jar
• Run docker build -t bootup . which succeeds
• Run docker run -it -p 9200:9200 -d --name bootup bootup and then container seems to start up just fine, as is evidence by the docker ps output below
• However, when I point a browser to http://localhost:9200 , I get nothing

docker ps output:

CONTAINER ID        IMAGE               COMMAND                  CREATED
a8c4ee64a1bc        bootup              "/bin/sh -c 'java -ja"   2 days ago

STATUS              PORTS                    NAMES
Up 12 seconds       0.0.0.0:9200->9200/tcp   bootup

The web app is configured to run on port 9200 , not the Java default of 8080. You can see this for yourself by running the app outside of docker (so, just locally on you host machine) by running ./gradlew clean build && java -jar build/libs/bootup.jar .

To my knowledge, there is no Firewall running on my host that would be blocking ports (I am on Mac 10.11.5 and verified that System Preferences >> Security & Privacy >> Firewall is turned off).

Can anyone spot where I'm going awry?

---

Updates:

I ran a curl , netstat and lsof on the host:

HOST:
curl http://localhost:9200
curl: (52) Empty reply from server

netstat -an | grep 9200
tcp6       0      0  ::1.9200               *.*                    LISTEN     
tcp4       0      0  *.9200                 *.*                    LISTEN 

lsof -n -i4TCP:9200 | grep LISTEN
com.docke 2578 myuser   19u  IPv4 <someHexNumber>      0t0  TCP *:wap-wsp (LISTEN)

And then docker exec 'd into the container and ran another netstat :

CONTAINER:
netstat -an | grep 9200
bash: netstat: command not found

---

Update w/ photos:

Picture of my browser (Chrome) pointed to http://localhost:9200 :

Picture of the source code at http://localhost:9200 :

Picture of Chrome Developer Tools inspecting the page at http://localhost:9200 :

Picture of the Network tab in Chrome Developer Tools:

What the heck is going on here?!?!? According to the source, the browser should be rendering my Well hello there, from Dockerland! message just fine. According to the actual browser page, it looks like there is a networking error. And according to Chrome Developer Tools, my app is returning all sorts of HTML/CSS/JS content that is not even remotely apart of my app (check out the source code, see for yourself)!!!

Answer 1

The Dockerfile doesn't expose 9200 to the daemon. Add

EXPOSE 9200

to the Dockerfile before ENTRYPOINT

Answer 2

Assuming you are using Docker Toolbox and not the beta ...

There is a 3 step process for exposing a port properly:

• use EXPOSE 8080 where 8080 is just a port number in the Dockerfile
• use -p 8080:8080 in your docker run command
• Make sure that you setup port forwarding in Oracle Virtual Box so that the boot2docker machine is able to receive requests from port 8080.

This applies to both Windows and OSX where Docker Toolbox is being used. Linux doesn't use Oracle VirtualBox to run docker so those hosts do not need to do the third point

Answer 3

I ran your repo as-is on Docker 1.12 on OSX.

If you look carefully at your container startup:

2016-08-29 20:52:31.028  INFO 5 --- [           main] o.eclipse.jetty.server.ServerConnector   : Started ServerConnector@47949d1a{HTTP/1.1}{0.0.0.0:8080}
2016-08-29 20:52:31.033  INFO 5 --- [           main] .s.b.c.e.j.JettyEmbeddedServletContainer : Jetty started on port(s) 8080 (http/1.1)

Although application.yml and Dockerfile both contain 9200 , the application is starting on 8080

Answer 4

Going to add another answer here because I saw something related to the Github Repo that you posted:

So the repo is a spring boot repo with an application.yml file.

Your Dockerfile looks like this:

FROM openjdk:8

RUN mkdir /opt/bootup

ADD build/libs/bootup.jar /opt/bootup
WORKDIR /opt/bootup
EXPOSE 9200
ENTRYPOINT java -jar bootup.jar

Which is adding the built jar to the image. If my understanding is correct, the jar does not include application.yml because:

• It is not part of the build (gradle would package the src/main only). It is sitting on the project root folder
• It is not explicitly added to Docker

So therefore one can assume that your app is actually running on 8080 (the default) at the moment?

A couple of options that one could try:

• Try exposing 8080 instead of 9200 (or expose both) and see if that makes a difference?
• The entrypoint command can append the port --server.port=9200
• The application.yml file should be added to the image (you might need to add an argument to reference it properly) [ ADD application.yml /opt/bootup , after first ADD command]
• Include the application.yml file in src/main/resources so that spring boot can pick it up automatically.

References

Spring Boot reference documentation on the order of loading for external configuration

Answer 5

Good News! (for MacOSx 10.15.7)

I found the same issue as you, and I was able to solve it by directly opening VirutalBox connection

Go here first:

changed to bridged then logged into the virtual machine within VirtualBox

And found the actual machine's adapter labeled:

eth0

after I noted the setting it was originally NAT so I changed to bridged and then

I was able to use its address vs. localhost.

After I used the public address I used:

curl -i [bridged_ip_address_here]:9200

it then worked flawlessly.

However I also noticed some firewalls and accessibility options that needed permission as well.

I pray this helps you.