Ability to access local network resource (API) from the docker-openluup container

[nodecentral]

Hi @vwout

I’m trying to write a plugin to run on my Docker instance, that looks to pull content from a local API resource, however no matter what I try it timesout..

I’ve accessed the docker command line for the openluup container and can do a ping test which confirms it can reach the target , and the code below works, when run it on my Vera, but if I try to run it from the Lua Code test window in ALtUI or from within my plugin itself, it always times out.. ?

Any ideas ?

local http = require "socket.http"
local ltn12 = require "ltn12"
local json = require "dkjson"
local mime = require "mime"
http.TIMEOUT = 5

local username = "username"
local password = "password"
local response_body = {}

local ok, statusCode, headers, statusText = http.request{
    url =       "http://192.168.10.134:8777/api/correspondents/",
    method =    "GET",
    headers =   {
                ["Authorization"] = "Basic " .. (mime.b64(username ..":" .. password)),
                },
    sink =      ltn12.sink.table(response_body)
}

print(lul_device, ok, statusCode, headers, statusText)

[vwout]

Hi @nodecentral, two questions:

• are you using the Debian or Alpine image?
• have you tried using curl from the command line (curl -u "username:password" http://192.168.10.134:8777/api/correspondents/)?

[nodecentral]

Hi @vwout

I’m using the Alpine image, and when I send the curl command, it’ll just sits there freeze/timeout. Below are the steps I took.

[1] i access the command line via

[~] # docker exec -it openluup /bin/sh

[2] Which returns the following prompt..

/etc/cmh-ludl #

[3] I then enter the Curl command (more accurate sample this time) adding a timeout otherwise it will hang for ages..

/etc/cmh-ludl # curl -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" --connect-timeout 5 http://192.168.102.134:8777/api/document_types/

[4] But all I get back is the time out message.

curl: (28) Connection timed out after 5000 milliseconds

If i ping the IP address, it shows success

/etc/cmh-ludl # ping 192.168.102.134
PING 192.168.102.134 (192.168.102.134) 56(84) bytes of data.
64 bytes from 192.168.102.134: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 192.168.102.134: icmp_seq=2 ttl=64 time=0.122 ms
64 bytes from 192.168.102.134: icmp_seq=3 ttl=64 time=0.124 ms
64 bytes from 192.168.102.134: icmp_seq=4 ttl=64 time=0.106 ms
64 bytes from 192.168.102.134: icmp_seq=5 ttl=64 time=0.120 ms
^C
--- 192.168.102.134 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4113ms
rtt min/avg/max/mdev = 0.098/0.114/0.124/0.010 ms

If I run the same curl command from the host machine command line, not the containers the Curl command it successful ?

[vwout]

Ok, clear; at least that means its not a Lua issue.

Could it be that your Vera is in the same subnet as 192.168.102.134? The Docker image does not specifically filter or block anything. The server hosting the API might only accept requests from its own subnet. Could that be the reason for this not to work (depending on your Docker container network configuration)? You could try running the container in Host network mode.

ps. I changed the auth header in your comment ;)

[nodecentral]

Thanks @vwout - that's the thing - I'm already running it in host mode so everything is all on the same subnet and I can reach the IP from the command line of the host but not the container itself? Can you reach local resources from within you OpenLuup Docker set up ?

[nodecentral]

Hi @vwout - please could you let me know if you can ping anything on the same subnet are your container is on ? I tried a basic command line 'ping 192.168.102.134' from within openLuup and it will site there returning nothing indefinitely - suggesting it can't see anything ?

[vwout]

I can. I'm using OpenLuup in a Docker container (not running in Host mode) to for example access an MQTT server running in another container and Vera hardware in a different subnet (using a router, obviously).

[nodecentral]

Thanks @vwout, that helps and it makes sense it would work if you're not running it under the host.

Interestingly, it seems I have no issue reaching internet based services via the openLuup UI/plugin, it's just local network, which perhaps confirms there is no path available from the container network?

[nodecentral]

Hi @vwout

I've been unable to create an Docker instance of openluup that sits on the same LAN as all my other devices ? I assumed I would just specify bridge as the network option but that doesn't work ? I also tried adding a network element but that didn't work either ? Any ideas based on the following compose ?

version: '2.3'
services:
    openluup:
        image: vwout/openluup:alpine
        container_name: openluup
        networks:
           default:
               ipv4_address: 192.168.10.216
        environment:
            - PUID=1005
            - PGID=1000
            - TZ=Europe/London
        volumes:
            - /share/Container/openluup/cmh-ludl:/etc/cmh-ludl/
            - /share/Container/openluup/cmh-ludl/logs:/etc/cmh-ludl/logs/
            - /share/Container/openluup/cmh-ludl/backup:/etc/cmh-ludl/backup/
        ports:
            - "3480:3480" 

[nodecentral]

Hi @vwout,

Just wondering if you had any thoughts on how I can get the container to see my local area network ?

I’ve been reading up and it seems to suggest I can expore/set the network for a container (host/Bridget etc.)

If I do docker network ls it’ll shows me a list of items, and I can inspect the openluup one, via docker network inspect openluup_default which shows the follow (see extract)

Name": "openluup_default",
        "Id": "faa6e6e41cee26df0c742e292cd1d0df5efd4f1dad4dd62b0c4fc738e8894e",
        "Created": "2022-12-08T12:53:13.471402432Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.29.8.0/22",
                    "Gateway": "172.29.8.1"
                }
            ]

I’m wondering if I can specify the network in the docker_compose e.g.?

networks:
  openluup:
    driver: bridge
    enable_ipv6: false
    ipam:
      config:
        - subnet: 192.168.112.0/20

I’ve not been able to get it to work, hence I’m curious of your set up ?

[vwout]

Your attempts seem ligit. What I don't understand is why ping works, but curl doesn't. My specific instance was created using the Synology web UI. It runs the network in bridge mode, just like the docker-compose example in this repo. Something weird seems to be going on in your network, that I can't explain.

[nodecentral]

Thanks @vwout, interestingly, I’m running mine on my QNAP.

i do wonder if it’s a port thing, do you know if a docker network only have certain ports opens?

[vwout]

Depends on the direction. A standard bridge network uses NAT. This means outbound (leaving the container) all traffic is possible, inbound requires a port mapping to accept traffic on the host on a certain port that is forwarded into the container.