Home > Enterprise >  Why docker containers can't access each other by ip within one network?
Why docker containers can't access each other by ip within one network?

Time:10-15

I have setup in which service_main stream logs on socket 127.0.0.1:6000
Simplified docker-compose.yml looks like that:

version: "3"

networks:
  some_network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 100.100.100.0/24
          gateway: 100.100.100.1
services:
  service_main:
    image: someimage1
    networks:
      some_network:
        ipv4_address: 100.100.100.2
  
  service_listener:
    image: someimage2
    networks:
      some_network:
        ipv4_address: 100.100.100.21
    entrypoint: some_app
    command: listen 100.100.100.2:6000

My assumption that it SHOULD work since both containers belong to one network.
However I got an error(from service_listener) that 100.100.100.2:6000 is not available (which i interpret that service tries to listen some public socket instead of network.)

I tried different ways, without deep understanding: expose/ publish 6000 port on service_main, or set socket for logs as 100.100.100.21:6000 and in service_listener listen 127.0.0.1:6000 (end publish port it also). But nothing works. And apparently I don't understand why.

In same network with similar approach - powerdns and postgresql works fine - I tell powerdns in config that db host is on 100.100.100.x and it works.

CodePudding user response:

It all depends on what you want to do

If you want to access service_main from outside like the host the containers are running on then there are 2 ways to fix this:

  1. Publish the port. This is done with the Ports command:
services:
  service_main:
    image: someimage1
    ports:
      - "6000:4000"

In this case port 4000 being the port where someimage1 is running on inside the Docker Container.

  1. Use a ProxyServer which talks to the IP address of the Docker Container.

But the you need to make sure that the thing you have running inside the Docker Container (someimage1) is indeed running on port 6000.

Proxyserver

The nice thing about the proxyserver method is that you can use nginx inside another docker container and put all the deployment and networking stuff in there. (Shameless self-promotion for an example I created of a proxyserver in docker)

Non Routable Networks

And I would always use a non-routable network for internal networks, not 100.100.100.*

CodePudding user response:

I assume when I publish/mapping port - I make it available not only for docker compose network but for external calls.

My problem was solved by next steps:

  1. In configuration of service_main I set that it should stream log to socket: 100.100.100.21:6000
  2. In service_listener I exposed port 6000 and told app inside to listen 0.0.0.0:6000 port
  service_listener:
    image: someimage2
  expose:
    - "6000/tcp"
  networks:
    some_network:
      ipv4_address: 100.100.100.21
  entrypoint: some_app
  command: listen 0.0.0.0:6000

It helped.

  • Related