Can't access Docker container on exposed port from anywhere even localhost

﹥>﹥吖頭↗ 提交于 2020-01-24 11:05:11

问题


I have been searching for an answer for this for days and don't know the best place to ask for help, I must be missing something simple.

This problem is common to both my Fedora27 workstation and Ubuntu Server 16.04 LTS

I have installed Docker successfully and have some containers working but others cannot be accessed on 0.0.0.0: or localIP:

I have disabled firewall and flushed iptables, amongst others I am trying to get a minecraft server running on 25565, following this instruction:

To simply use the latest stable version, run

docker run -d -p 25565:25565 --name mc itzg/minecraft-server

where the standard server port, 25565, will be exposed on your host machine.

The container runs OK:

[benjbt@localhost ~]$ sudo docker ps
CONTAINER ID  IMAGE                           COMMAND       CREATED        STATUS                  PORTS                                NAMES
3240121d414e  itzg/minecraft-server:latest    "/start"      2 minutes ago  Up 2 minutes (healthy)  0.0.0.0:25565->25565/tcp, 25575/tcp  mc
8f1cf88207e7  portainer/portainer             "/portainer"  9 minutes ago  Up 9 minutes            0.0.0.0:9000->9000/tcp               eager_northcutt

However, the port is not accessible:

can’t establish a connection to the server at 0.0.0.0:25565

Please help me understand what is blocking my port?

[benjbt@localhost ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp 
dpt:cslistener
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp 
dpt:25565

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere  

TROUBLESHOOTING: Answers from @BMitch comment

  1. The Container seems healthy

    CONTAINER ID        IMAGE                         COMMAND             CREATED             STATUS              PORTS                                                NAMES
    

    6b5822a781c1 rlenferink/minecraft:latest "/start" 38 hours ago Up 38 hours 0.0.0.0:25565->25565/tcp, 0.0.0.0:25565->25565/udp mc 8f592bb99d8e portainer/portainer "/portainer" 8 days ago Up 45 hours 0.0.0.0:9000->9000/tcp practical_goldwasser

    root@server:~# docker logs mc [08:55:19] [Server thread/INFO]: Starting minecraft server version 1.12.2 [08:55:19] [Server thread/INFO]: Loading properties [08:55:19] [Server thread/INFO]: Default game type: SURVIVAL [08:55:19] [Server thread/INFO]: Generating keypair [08:55:19] [Server thread/INFO]: Starting Minecraft server on *:25565 [08:55:19] [Server thread/INFO]: Using epoll channel type [08:55:19] [Server thread/INFO]: Preparing level "world" [08:55:20] [Server thread/INFO]: Loaded 488 advancements [08:55:20] [Server thread/INFO]: Preparing start region for level 0 [08:55:21] [Server thread/INFO]: Preparing spawn area: 2% [08:55:22] [Server thread/INFO]: Preparing spawn area: 18% [08:55:23] [Server thread/INFO]: Preparing spawn area: 74% [08:55:23] [Server thread/INFO]: Done (3.947s)! For help, type "help" or "?" root@server:~# docker container inspect mc [ { "Id": "6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027", "Created": "2018-05-13T08:55:08.363756829Z", "Path": "/start", "Args": [], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 15719, "ExitCode": 0, "Error": "", "StartedAt": "2018-05-13T08:55:10.734864313Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:648452c4d7be732fc87d5bcb393e94cacd8a22fc7fbb3f98bfb655aaa9f0d400", "ResolvConfPath": "/var/lib/docker/containers/6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027/resolv.conf", "HostnamePath": "/var/lib/docker/containers/6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027/hostname", "HostsPath": "/var/lib/docker/containers/6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027/hosts", "LogPath": "/var/lib/docker/containers/6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027/6b5822a781c147012e1aa279320ce1cb235193a11da2e8a640848ce252c56027-json.log", "Name": "/mc", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "docker-default", "ExecIDs": null, "HostConfig": { "Binds": [ "/mnt/minecraft:/data" ], "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "bridge", "PortBindings": { "25565/tcp": [ { "HostIp": "", "HostPort": "25565" } ], "25565/udp": [ { "HostIp": "", "HostPort": "25565" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/4f5f630442b65a59c7f174a8aad1dc356cb6f565e76b2ca4afa49132afbaf30d-init/diff:/var/lib/docker/overlay2/a93b9c08d02aa86d8a53f5a32f166c8b40932f1430d4f9e3fd4e9c9e96af6557/diff:/var/lib/docker/overlay2/21b66b86842fd4c456df6ea2493edbabcd0df49f468100c9c2d7d2ef55711501/diff:/var/lib/docker/overlay2/e10484efe17398912f63644cff926875cd10fa8169d1ef2f1164d1000ccd7b06/diff:/var/lib/docker/overlay2/9b110a14a5fd9640fd95161c1fa35ec8cb98b4fb55a7caf70231b1b8ba238559/diff:/var/lib/docker/overlay2/a1cb33255806e73a1d7f9efd49c2bfcbb6edf190ed1976889cb10d3f81682c9f/diff:/var/lib/docker/overlay2/67286cfad81daababf3bac63ff9684c9567cd877e1e2ce4888d59257da4a06ca/diff:/var/lib/docker/overlay2/6904d0950327c52355e8b34b16d822b4eddf817de272f965f6fc6ad31089227d/diff:/var/lib/docker/overlay2/f6b782d3f37da3bf2c36ed70f6302d282ca4c80d39b3de3933b14902d149cfec/diff:/var/lib/docker/overlay2/e4eac39fc7fade8117216f45e9fe85bb42537714c19c02c70aab4ed62fad474e/diff:/var/lib/docker/overlay2/227df1848d1a3038188689c1f343ad42758bc6be9872ca8dda843a13b0bbf93e/diff", "MergedDir": "/var/lib/docker/overlay2/4f5f630442b65a59c7f174a8aad1dc356cb6f565e76b2ca4afa49132afbaf30d/merged", "UpperDir": "/var/lib/docker/overlay2/4f5f630442b65a59c7f174a8aad1dc356cb6f565e76b2ca4afa49132afbaf30d/diff", "WorkDir": "/var/lib/docker/overlay2/4f5f630442b65a59c7f174a8aad1dc356cb6f565e76b2ca4afa49132afbaf30d/work" }, "Name": "overlay2" }, "Mounts": [ { "Type": "bind", "Source": "/mnt/minecraft", "Destination": "/data", "Mode": "", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "34cb1418fb23", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "25565/tcp": {}, "25565/udp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "DEBIAN_FRONTEND=noninteractive" ], "Cmd": [ "/start" ], "Image": "rlenferink/minecraft:latest", "Volumes": { "/data": {} }, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": {} }, "NetworkSettings": { "Bridge": "", "SandboxID": "e2c693daed0be5a204a83d408262a0fe01b66bdd99ddbb3a53229f5a58d5202c", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "25565/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "25565" } ], "25565/udp": [ { "HostIp": "0.0.0.0", "HostPort": "25565" } ] }, "SandboxKey": "/var/run/docker/netns/e2c693daed0b", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "819a8255b8ed4d79366a6d6ff4442a441f61d89bdfacc0c193ed2f9340024696", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:03", "Networks": { "bridge": { "IPAMConfig": {}, "Links": null, "Aliases": null, "NetworkID": "e2ff1284a59794e19dd4dc39b17713ad11e0db3e698735014579405355f516ec", "EndpointID": "819a8255b8ed4d79366a6d6ff4442a441f61d89bdfacc0c193ed2f9340024696", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } } } } ]

  2. Netshoot

    Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 :::25565 :::* LISTEN

  3. root@server:~# echo $DOCKER_HOST
    

    root@server:~#

  4. On local machine

    $ curl http://127.0.0.1:25565 curl: (52) Empty reply from server

  5. Local machine on firefox

    Problem loading page on... 0.0.0.0:25565 127.0.0.1:25565 localhost:25565 192.168.15.22:25565


回答1:


Several things to check:

  1. Make sure your application is healthy. Check docker logs mc for any error messages and docker container inspect mc for the last exit/restart time of the container.

  2. Check that the application is listening on the desired port. For this, I like netshoot:

    docker run -it --rm --net container:mc nicolaka/netshoot netstat -lnt

    This should show output with your port, listening on 0.0.0.0:25565.

  3. Check if you are running your docker commands locally or against a remote instance or VM. echo $DOCKER_HOST and if that has a value, connect to that IP address instead of 127.0.0.1.

  4. If you are logged into a remote machine to run docker commands (e.g. ssh), test locally on that machine first (e.g. curl http://127.0.0.1:25565) before trying to access it remotely where firewalls may block the connectivity.

  5. Lastly, as mentioned in the comments, don't connect to 0.0.0.0 from the client. This is effectively a wildcard IP address that tells the server application to listen on all network interfaces. You don't connect to that from your client/web browser. Instead, use the actual IP or DNS name of the host.



来源:https://stackoverflow.com/questions/50305116/cant-access-docker-container-on-exposed-port-from-anywhere-even-localhost

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!