Menu
I would like to network with a child docker container from a parent docker container, with a docker-in-docker setup.
Let's say I'm trying to connect to a simple Apache httpd server. When I run the httpd container on my host machine, everything works fine:
asnyder:~$ docker run -d -p 8080:80 httpd:alpine asnyder:~$ curl localhost:8080 <html><body><h1>It works!</h1></body></html> But when I do the same from a docker-in-docker setup, I get a Connection refused error:
asnyder:~$ docker run -d --name mydind --privileged docker:dind asnyder:~$ docker run -it --link mydind:docker docker:latest sh / # docker run -d -p 8080:80 httpd:alpine / # curl localhost:8080 curl: (7) Failed to connect to localhost port 8080: Connection refused I have tried a couple alterations without luck. Specifying the 0.0.0.0 interface:
asnyder:~$ docker run -d --name mydind --privileged docker:dind asnyder:~$ docker run -it --link mydind:docker docker:latest sh / # docker run -d -p 0.0.0.0:8080:80 httpd:alpine / # curl 0.0.0.0:8080 curl: (7) Failed to connect to 0.0.0.0 port 8080: Connection refused Using the host network:
asnyder:~$ docker run -d --name mydind --privileged docker:dind asnyder:~$ docker run -it --link mydind:docker docker:latest sh / # docker run -d --network host httpd:alpine / # curl localhost:80 curl: (7) Failed to connect to localhost port 80: Connection refused Surprisingly, I was unable to find any existing articles on this. Does anyone here have some insight?
Thanks!
809
If you are running more than one container, you can let your containers communicate with each other by attaching them to the same network. Docker creates virtual networks which let your containers talk to each other. In a network, a container has an IP address, and optionally a hostname.
In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network.
To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host to the outside world.
There are pros and cons for both DinD and bind mounting the Docker socket and there are certainly use cases for both. As an example, check out this set of blog posts, which does a good job of explaining one of the use cases.
Given your example docker-in-docker setup above, you can access Apache httpd server in one of two ways:
1) From inside the docker:dind container, it will be available on localhost:8080.
2) From inside the docker:latest container, where you were trying to access it originally, it will be available on whatever hostname is set for the docker:dind container. In this case, you used --name mydind, therefore curl mydind:8080 would give you the standard Apache <html><body><h1>It works!</h1></body></html>.
Hope it makes sense!
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
