search

qoomon / docker-host

A docker sidecar container to forward all traffic to local docker host or any other host
MIT License
1.1k stars 88 forks source link

setup correctly connection from container to Docker API #38

Closed pisarevaa closed 4 years ago

pisarevaa commented 4 years ago

Could you please explain how to setup correctly connection from container to Docker API or host port 2375 in Linux machine.

  1. I have opened port 2375 to connect to Docker API in /lib/systemd/system/docker.service: ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://127.0.0.1:2375
  2. My docker-compose.yml is: 
    
version: '3.7'
services:
web:
image: some_image
restart: unless-stopped
command: python manage.py runserver 0.0.0.0:80
volumes:
  - ./:/usr/src/app/
ports:
  - 80:80
depends_on:
  - docker-host
networks:
  - app-network
env_file:
  - ./.env
docker-host:
image: qoomon/docker-host
cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
restart: on-failure
networks:
  - app-network

networks: app-network: driver: bridge


3. After that I connect to container via `sudo docker exec -it web_1 bash`
4. Run command inside container `curl -X GET host.docker.internal:2375/containers/json` and get an error `curl: (6) Could not resolve host: host.docker.internal`

Where am I wrong?
pisarevaa commented 4 years ago

I ended up with the following steps:

  1. Added unix socket to Docker API in /lib/systemd/system/docker.service: ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock
  2. Add volume /var/run/docker.sock to docker-compose.yml is: 
    
version: '3.7'
services:
web:
image: some_image
restart: unless-stopped
command: python manage.py runserver 0.0.0.0:80
volumes:
  - ./:/usr/src/app/
  - /var/run/docker.sock:/var/run/docker.sock
ports:
  - 80:80
depends_on:
  - docker-host
networks:
  - app-network
env_file:
  - ./.env
docker-host:
image: qoomon/docker-host
cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
restart: on-failure
networks:
  - app-network

networks: app-network: driver: bridge


3. Run command succesfully` curl -XGET --unix-socket /var/run/docker.sock localhost:2375/containers/json`
qoomon commented 4 years ago

Hi glad to hear you found a solution. However it will work if you connect to the right host curl -X GET <DOCKER_HOST_CONTAINER_NAME>:2375/containers/json in you example it would be curl -X GET docker-host:2375/containers/json

qoomon commented 4 years ago

I highly recommend not binding "docker.sock" into you application container cause you can gain root access to you docker host system from within your web application container.

pisarevaa commented 4 years ago

Hi, I have tried curl -X GET docker-host:2375/containers/json but got an error Failed to connect to docker-host port 2375: Connection timed out

qoomon commented 4 years ago

what OS do you use?

On Linux systems

You have to bind your host applications to bridge network gateway in addition to localhost(127.0.0.1).

Use following docker command to get the bridge network gateway IP address docker network inspect bridge --format='{{( index .IPAM.Config 0).Gateway}}'

You might need to configure your firewall of the host system to allow the docker-host container to communicate with the host on your relevant port, see #21.

qoomon commented 4 years ago

maybe its because auf the bridge network configuration in your docker.compose file, can you give it a try without that network?