Cannot connect to VNC server on Docker containers running on Google Compute Instance VM-CodePudding

I'm using the following docker-compose.yml in my google compute engine VM instance, which I invoke via the docker compose up command in the compute engine instance. Both the services aaa and bbb run a VNC server so that I may monitor a GUI dashboard remotely for each service from my local machine.

If I invoke the very same docker compose file on my local machine (an M1 mac), I'm able to successfully connect via vncviewer by connecting to localhost:5900 and localhost:5901.

However when my docker containers are running on the google compute engine instance, the connection (say external.IP:5900) to the external IP fails with a timeout.

version: "3.4"

services:
  aaa:
    image: gcr.io/my-nginx-363907/aaa
    volumes:
      - ./pystoredata:/root/pystore
    ports:
      - 5900:5900
      - 4002:4002
      - 4004:4004
    restart: on-failure
  
  bbb:
    image: gcr.io/my-nginx-363907/bbb
    volumes:
      - ./pystoredata:/root/pystore
    ports:
      - 5901:5901
    restart: on-failure
    depends_on:
      - aaa

Here's the output of netstat -lntp on the compute engine instance:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      6120/docker-proxy
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      6270/docker-proxy
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      507/sshd: /usr/sbin
tcp        0      0 0.0.0.0:4002            0.0.0.0:*               LISTEN      6164/docker-proxy
tcp        0      0 0.0.0.0:4004            0.0.0.0:*               LISTEN      6141/docker-proxy
tcp6       0      0 :::5900                 :::*                    LISTEN      6127/docker-proxy
tcp6       0      0 :::5901                 :::*                    LISTEN      6277/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      507/sshd: /usr/sbin
tcp6       0      0 :::4002                 :::*                    LISTEN      6170/docker-proxy
tcp6       0      0 :::4004                 :::*                    LISTEN      6149/docker-proxy

How do I connect my vnc client on my local machine to the two docker containers running on the compute engine instance?

Edit

In order to address the concerns raised by @divyang4481 and @Slava Kuravsky here are my firewall settings. It appears, to my eye at least, that the ports 5900, and 5901 are already enabled/open and yet I'm unable to connect to the vncserver running on my containers. Let me know if I'm missing something.

CodePudding user response：

This problem is due to Firewall, you need to open 5901, 5900, 4002, 4004 port

For GCP, firewalls are managed using “Firewall Rules,” which are sets of allowed/denied ports with other settings like source IP filter. The firewall rule can be applied to every instance in the account, but you’re supposed to set a “target tag,” such as “VNC” or “VNC-server,” which can be added to any compute engine instance to open the specified ports.

Then you have to set rule in firewall of VPC. For Target Tags, give the rule a name to identify it. For the source IP range, there isn’t an option for “anywhere,” so you’ll need to manually type in 0.0.0.0/0—CIDR notation for all possible IP addresses.

and make sure to allow port forwarded in your computer engine/VM instance

network:
  forwarded_ports:
  - 5900
  instance_tag: vnc

CodePudding user response：

Don't forget to configure firewall rules on the cloud: https://cloud.google.com/vpc/docs/firewalls