Shulou(Shulou.com)06/02 Report--

This article is about how to solve the problem that the docker container cannot access the host through IP. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The origin of the problem

In the process of using docker, I unfortunately need to access port 80 of the host in the docker container, which is mapped out of port 8080 of another container. When I accessed the host through the docker bridge 172.17.0.1 in the container, I found:

Curl: (7) Failed to connect to 172.17.0.1 port 80: No route to host

Find the cause of the problem

What is certain is that there is a network connection between the container and the host, because it can connect to the host through 172.17.0.1 Ping inside the container:

Root@930d07576eef:/# ping 172.17.0.1PING 172.17.0.1 (172.17.0.1) 56 (84) bytes of data.64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.130 ms

You can also access other intranets and extranets inside the container.

The iptables display also allows docker containers to access:

# iptables-- list | grep DOCKERDOCKER-ISOLATION all-- anywhere anywhere DOCKER all-- anywhere anywhere Chain DOCKER (1 references) Chain DOCKER-ISOLATION (1 references)

After looking for some information, we found this problem: NO ROUTE TO HOST network request from container to host-ip:port published from other container.

explain

As Docker Community Forms said, this is a known Bug, the host's port 80 allows other computers to access, but does not allow local Docker container access. Native Docker container access must be allowed by setting firewalld rules.

Gypark points out that this problem can be avoided by adding firewall rules to / etc/firewalld/zones/public.xml:

Note that the 172.17.0. 0 IP 16 here matches all the CPUs in the 172.17.xx.xx IP segment.

Then restart the firewall:

Systemctl restart firewalld

The host port 80 can then be accessed inside the docker container.

Other questions

In fact, when I opened a new virtual machine with vmware hoping to recreate this problem, I found that there was no similar problem on the new virtual machine. In other words, the container can directly access the host port 80 through 172.17.0.1, check the firewall configuration and do not see the whitelist of 172.17.xx.xx.

The guess is that the docker installed in the new virtual machine is Docker version 1.12.5, build 047e51b/1.12.5, that is, Red Hat moved out of the open source version of docker, while the previous version is Docker version 17.06.2-ce, build cec0b72 belongs to Docker-CE, maybe there is a difference in the docker version, and Red Hat fixed that Known Bug by the way.

Thank you for reading! This is the end of the article on "how to solve the problem that the docker container cannot access the host through IP". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.