Question

2

Ubuntu 22.04: docker: containers not accessible from outside

rated 0 times [ 2] [ 0] / answers: 1 / hits: 5742 / 3 Years ago, mon, august 23, 2021, 4:32:49

having a fresh off the shelf Ubuntu 22.04 installation and installed docker according the book.

I also spinned up three containers using docker-compose and they show fine using docker ps.

CONTAINER ID   IMAGE                             COMMAND                  CREATED          STATUS                   PORTS                                                                                  NAMES

60cf25f59a92   jc21/nginx-proxy-manager:latest   "/init"                  48 minutes ago   Up 8 minutes             0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   infra_nginx_proxy_1

f8081b137abf   graylog/graylog:4.2               "tini -- /docker-ent…"   55 minutes ago   Up 8 minutes (healthy)   0.0.0.0:1514->1514/tcp, :::1514->1514/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp   infra_graylog_1

d3fef3332752   elasticsearch:7.9.3               "/tini -- /usr/local…"   55 minutes ago   Up 8 minutes             9200/tcp, 9300/tcp                                                                     infra_elasticsearch_1

6b7920e89790   mongo:4.4.9                       "docker-entrypoint.s…"   56 minutes ago   Up 8 minutes             27017/tcp                                                                              infra_mongo_db_1

Now, when trying to curl one of the locally, all fine

root$: curl http://localhost:81



<!doctype html><html lang="en" dir="ltr"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1">...

But the same curl (against the public IP of course) ends in timeout.

Doing tcpdump on the docker host reveals this, traffic is arriving

root$: tcpdump port 81

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

19:53:34.520888 IP 10.0.1.27.51942 > docker-infrastruktur.81: Flags [S], seq 1942358053, win 64240, options [mss 1460,sackOK,TS val 1217328475 ecr 0,nop,wscale 7], length 0

19:53:35.535503 IP 10.0.1.27.51942 > docker-infrastruktur.81: Flags [S], seq 1942358053, win 64240, options [mss 1460,sackOK,TS val 1217329490 ecr 0,nop,wscale 7], length 0

19:53:37.551436 IP 10.0.1.27.51942 > docker-infrastruktur.81: Flags [S], seq 1942358053, win 64240, options [mss 1460,sackOK,TS val 1217331506 ecr 0,nop,wscale 7], length 0

19:53:41.775510 IP 10.0.1.27.51942 > docker-infrastruktur.81: Flags [S], seq 1942358053, win 64240, options [mss 1460,sackOK,TS val 1217335730 ecr 0,nop,wscale 7], length 0

iptables - all docker generated - look like this

sudo iptables --list



Chain INPUT (policy ACCEPT)

target     prot opt source               destination         



Chain FORWARD (policy DROP)

target     prot opt source               destination         

DOCKER-USER  all  --  anywhere             anywhere            

DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

DOCKER     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

DOCKER     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            



Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         



Chain DOCKER (2 references)

target     prot opt source               destination         

ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https

ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:81

ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http

ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:9000

ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:1514



Chain DOCKER-ISOLATION-STAGE-1 (1 references)

target     prot opt source               destination         

DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            

DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            

RETURN     all  --  anywhere             anywhere            



Chain DOCKER-ISOLATION-STAGE-2 (2 references)

target     prot opt source               destination         

DROP       all  --  anywhere             anywhere            

DROP       all  --  anywhere             anywhere            

RETURN     all  --  anywhere             anywhere            



Chain DOCKER-USER (1 references)

target     prot opt source               destination         

RETURN     all  --  anywhere             anywhere

And even nmap shows that all doors are open

root$: sudo nmap localhost



Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-12 19:56 UTC

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000013s latency).

Not shown: 995 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

81/tcp   open  hosts2-ns

443/tcp  open  https

9000/tcp open  cslistener

Interestingly, when spinning up a local webserver, e.g. with python3 -m http.server 81 it spins up (after having shut down the containers) and it is reachable. So an issue with external firewall or even the host operating system I can quite of nail out...

Please help and advice..

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

pilun

Add To Favorites

Follow

Total Points: 270

Total Questions: 100

Total Answers: 94

Location: England

Member since Sat, Feb 13, 2021

3 Years ago

pilun questions

1 How do I mute videos by default in MPV

Thu, Sep 16, 21, 18:43, 3 Years ago

1 How can I update Wine, without uninstalling it?

Wed, Sep 14, 22, 11:04, 2 Years ago

1 The difference between "echo" and "export" an environment variable?

Fri, Oct 15, 21, 21:18, 3 Years ago

1 Intellij Idea not showing up in apps and cannot add it to Favorites

Tue, Dec 13, 22, 11:39, 1 Year ago

1 Installed older kernel in 20.04 but wireless, bluetooth and ethernet adapters are missing

Fri, Apr 15, 22, 05:21, 2 Years ago

View All

answered 3 Years ago lishrag · Accepted Answer

After some more analysing we found out a cause, or contributing factor: While installing the operating system it was chosen to also install docker.

Afterwards we did follow the installation guide (https://docs.docker.com/engine/install/ubuntu/) and removed all "old" versions

sudo apt-get remove docker docker-engine docker.io containerd runc

Then we installed from the docker apt sources.

We did a fresh installation of the OS, this time not installing docker, et voilá: all fine after installing docker.