-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect to the Docker Container from the host browser on MacOS #2670
Comments
You cannot access container IPs directly on mac. You need to use localhost with port forwarding In your example you should be able to connect by running http://localhost:8090 See https://docs.docker.com/docker-for-mac/networking/#known-limitations-use-cases-and-workarounds |
Unfortunately, the docker app I am trying to run doesn't let the localhost connect to it's API. And so, I have to find a way to connect to it's API through a specific IP address. I will checkout the link you provided and see if there are any workarounds. Thanks much! |
Thanks for your report. At the moment it's not easy in Docker for Mac to connect to the internal IP addresses used by containers, because they're exposed in a tiny VM rather than on the host. Ideally specific ports should be published with https://download-stage.docker.com/mac/bysha1/52ea5bcc410a8b62f03f09aa04ad4b7ffb9eed0c/Docker.dmg It reports its version as
To enable the proxy first shutdown the app, then enable the experimental SOCKS
Restart the app again and, once it's running, go to Apple System Preferences -> Network -> Advanced -> Proxies and enable "SOCKS Proxy" using "localhost:8888", hit OK and then Apply. If you open safari and try browsing, the traffic should be routed via Docker for Mac. If you start an nginx container:
Query the internal IP:
It should be possible to open Let me know if this is helpful or not! |
Thanks @djs55 , I will test and let you know how it goes! |
@djs55 When is this feature expected to make it into stable releases? Until then, is there something we can follow to stay up to date with the latest releases that have this SOCKS proxy feature? |
BTW, I have tested with the SOCKS proxy feature, and it works well. There is one minor issue; if Docker isn't running, my network doesn't work at all. I've remedied this by using a short
Instead of using the SOCKS proxy setting, I used Automatic Proxy Configuration with a file:/// URL pointing to that file. With this, my network will work whether Docker is running or not. |
@djs55 Thanks for this. I'm more curious than anything, what made you switch to implementing this using a SOCK proxy instead of the method you were originally doing at #155 (comment)? |
Thanks all for your feedback. I need to discuss this internally with my colleagues. @derimagia It's really an experiment but I had 3 motivations:
|
Another workaround is to use |
I tried setup instructions from #2670 (comment) with release 18.06.0-ce-rc3-mac68 (26342), but I couldn't access proxy service from OSX using simple telnet connect. |
@rreinurm thanks for the info. I've got a prototype fix for the bug and I'll keep you informed of progress. |
Thanx @djs55, I was able to enable this experimental feature with release 18.06.0-ce-mac69 (26398) |
@rreinurm thanks for the confirmation (and the reminder!) The experimental SOCKS proxy should be functional again in both the stable and edge channels. Let me know how it goes and if there are any ways it could be improved further. |
I did all steps docker run -d --name nginx nginx
|
@sfragata Try |
thanks @andrewdotn it worked |
A lot of people especially enterprise developers are already using a system proxy. If xhyve came with an ssh server and python, it would be transparent and simple to use sshuttle to route traffic to containers: https://sshuttle.readthedocs.io/en/stable/ |
Before Docker for Mac was released I used Dinghy (https://github.com/codekitchen/dinghy) which provided an http proxy and DNS. When I switched to Docker for Mac I continued using the proxy and DNS with this bash script https://github.com/aj-may/docker-proxy/ |
Thanks for the http solution, is there any workaround to ping my docker container IP? |
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Is there any workaround to ping my docker container IP? |
Something at worked for me was to look at the |
Any way to use the proxy workaround with custom networks? UPD: It does work, I just assumed it wouldn't. |
@djs55 is the socks proxy now built into the official builds? If not, could you provide a current link with it enabled? This sounds like exactly what I am looking for and I'd love to test it |
@jmunson the code is still there but it's still considered experimental. The instructions above are still accurate -- I tested them on a recent build (2.1.0.0 (36346)). Let me know if you get it to work and how useful it is (or not). The more positive feedback I get the easier it is to make a case that this should become a supported feature :) Also if you have other suggestions or ideas for improvement, let me know. |
Hi. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I appear to have worked through my initial problems and I think this feature should be promoted in the UI! Thank you for adding it to Docker for mac. For anyone else having trouble following this thread. With a recent version of Docker of Mac, add You can use this proxy in your web browser as it will forward "non-docker" traffic (say to google.com) to the internet. However if docker is not running (e.g. to save battery) your browser will no have internet access. You can mitigate this with a proxy manager (e.g. FoxyProxy) or (more technical) with proxy.pac file. |
@djs55 I followed your instructions to enable the socks proxy in 2.1.0.0 (36874) stable and it works perfectly to enable me to connect to a port without needing to publish it on the host system. The use case I have is running multiple google cloudsql proxies to connect to different databases in google cloud. If there was a mechanism to route requests to the containers without needing to setup the proxy, that is the only improvement I can come up with |
@JBodkin-LH thanks for the feedback. Out of interest did you try the I'll make an internal enhancement request ticket and discuss the possibility of making this a first-class feature. My initial worry with it was about the failure mode when the proxy setting is enabled but the app is shutdown-- I think the |
@djs55 I didn't need to setup PAC file as I was able to configure the socks proxy at the application level rather than the OS level. However from previous experience, using the PAC file would solve the issue when docker is stopped if using OS level configuration |
I'm also not using it as an OS setting, but rather in specific apps. In FF I'm using FoxyProxy to only select this proxy for 10.0.0.0/8 which is where my k8s stuff is. I have a question, does the proxy support DNS names too from the k8s DNS server? |
@ThorbenJ the SOCK proxy endpoint is in a raw container in the VM, not in a k8s pod so it's not using the k8s DNS. It's possible the proxy could be moved. What sort of names are you hoping to resolve? |
To be open: I am very new to docker and k8s, that is why I am trying to get hands-on time with both on my laptop, with docker for mac. I would just like to access services via a name (e.g. the one below) instead of via the IP.
I noted this in the same list:
.. and thought it could perhaps be used to get names. Its only an optical issue, not a critical one. |
This is a great approach, @djs55! The only thing I wish it allowed for was DNS resolution as some of our applications use hostnames for internal communication. Only being able to access IP addresses in this way ends up limiting our use of this because, while I can access the initial application via IP, as soon as it redirects me to a different part of the application (i.e. via hostname), it comes up short. Tried to hack something wherein I'd edit the /etc/hosts of the VM, but that's locked down. Any other approaches that might work that come to mind? |
I think this article is very useful for everyone having related problems: https://pythonspeed.com/articles/docker-connection-refused/ |
Hi Steve, I tried using the proxy.pac file but I can't make it work. Is 172.17.0.0 your container's IP? Can you give me more details please on how to configure it please? |
@stevecoug I forgot to tag you in my previous comment. Can you help me with the proxy.pac file? It's painful to keep on changing proxy settings each time I use docker. Thanks in advance! |
@lucascroxatto I believe that 172.17.0.0 is the default Docker network. I don't actually use this anymore; I'm developing on Linux now, and it just works. Even on Mac, I had stopped using this hack because it was not working correctly with some browsers. It was easier just to figure out a way to do what we needed with port forwarding. |
me too. How connect to docker instance of Docker for Mac v19.03.5 on MacOS 10.15.4 ? The docker instance ip is 172.17.0.2 , but I don't found docker0 netcard. -- this question is solve ,ok. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Able to connect to the docker container using the container's IP address
Actual behavior
Receiving connection timed out error while trying to connect to the already running Container
Information
I am not able to connect to the Container that is being hosted at 172.0.0.2:8090 from the host browser on Mac (OS X El Capitan)
Steps to reproduce the behavior
Is this is a known issue in Mac for Docker containers? Am I missing any configuration or settings to allow the traffic from the host browser to the Docker containers?
Any suggestions will be much appreciated.
Thanks.
The text was updated successfully, but these errors were encountered: