Port binding does not work for locahost
minherz opened this issue · comments
Expected behavior
When running windows container with -p<host_port>:<exposed_port>
I expect to be able to access the application in container via localhost:<host_port>
.
Actual behavior
I need to discover the container IP and access the application in container via <container ip>:<exposed port>
only. The application cannot be accessed via localhost:<host_port>
.
Information
- Diagnostic ID: F9F388E9-7AB0-4CE8-BD59-045CF28124A7/2017-02-02_13-49-56
- Docker for Windows: 1.13.1-rc1-beta40 (9961) Channel: beta 0d026e1
- Host: Windows 10 x64 Enterprise Version 1607 (OS Build 14393.693)
Steps to reproduce the behavior
- Create ASP.NET Core 1.1 web application with a project name AspNetCoreWebApp1
- Create Docker image using these commands
FROM microsoft/dotnet:nanoserver
ARG source=./bin/Release/PublishOutput/
COPY $source /app/
WORKDIR /app
ENV ASPNETCORE_URLS http://*:8282
EXPOSE 8282
ENTRYPOINT ["dotnet", "AspNetCoreWebApp1.dll"]
- Build the image by calling
docker build . -t AspNetCoreWebApp1
from the project root directory. - Run container from the image using
docker run -it -d -p 88:8282 AspNetCoreWebApp1
- Open http://locahost:88 in the browser on the host
This is working as expected: https://blog.sixeyed.com/published-ports-on-windows-containers-dont-do-loopback/
@londoncalling we should document this.
Does it mean that using an ethernet interface IP i cannot access the exposed port either? Say, my host has ethernet interface with IP 10.0.0.100 and I have an exposed port bound to the port 88 of the host. Does the above mean that I still cannot access the container by 10.0.0.100:88 from the host?
@minherz you cannot access it from the host, but other hosts on the network will be able to access 10.0.0.100:88
Thank you, @friism. Is there a plan to introduce this functionality into roadmap? Although it does not have a big difference for production, this hindrance complicates the development process.
@minherz I don't know about MSFTs plans to make this available. With Linux containers on Windows, we have a great deal of flexibility because we have our own component (VPNKit) in the network path.With Windows containers we do not have the necessary hooks to do the same.
Thank you.
I do believe Microsoft is working on making exposed ports available on localhost for Windows containers. @kallie-b can perhaps help clarify.
@minherz -- apologies for the delay, and I'll be happy to clarify.
We are working on this, and we know that it's a complication that is causing frustration in the development process. There are two cases we're aware of:
- Host --> container communication using the host IP
- Container --> host communication using localhost (or 127.0.0.1)
The first item is a fix that we have resolved, and should become available soon as a Windows update. We are still working on the second item, and we aim to make the fix available as soon as possible.
@kallie-b, great news! And thank you for the update. If there is a chance that you can provide a KB number for the anticipated update, i will appreciate that.
@minherz, unfortunately I'm unable to provide a KB number for the update--even internally we tend to have only estimates for such things. But if you keep an eye on the Windows Insider updates (I imagine you're already a part of the program, but here's the link just in case), you should see the change soon. Sorry I can't help with more specifics!
Thank you a lot.
I think it is ridiculous that:
a) This was closed. I don't care that it's a Windows issue. Docker says they support windows and should work with Microsoft to resolve this fundamental use case.
b) After almost a year this issue still persists.
Not allowing local loopbacks to containers is a massive fail and completely undermines the value that docker provides from a local development environment standpoint.
Would also love to hear some news!
@jonashackt @OliverRC This is the reply I got in Twitter:
https://twitter.com/stefscherer/status/906463103503695872
Although it's not directly from MS but might give some hint on when it should happen. I'd still like to hear the official version from MS people, how about @kallie-b? :)
Hi all,
We now have support for using localhost/loopback to access your container's published ports on Windows 10. Here's the announcement for this support, which is available starting with Windows 10 Insider build 17025.
Is there a roadmap for when this functionality will be made available/ported to windows server 2016 for windows containers? For instance i have a windows host running a collection of nanoserver containers that need to communicate with each other. These services communicate with each other through the loopback with -net=host on my linux hosts which is convenient because there is no need to fiddle with trying to discover container ip addresses, force containers onto static ip addresses, do container linking.
@adragoset this functionality is available from Windows Server Insider Build 17035 onwards
Is this feature available in Windows 10 1803? I'm trying hard to get it working on 1803 but no luck..
Does not work in Windows Server1803 with lcow containers and docker for windows edge. Haven't tested it to see if its working with pure windows containers yet.
@SeriousM I created a repro machine using a recent Windows 10 1803 build and Docker version 18.05-ce from the Edge channel.
I used the command docker run -p 8080:80 microsoft/iis
to try and repro. I am able to use loopback and access the container using http://localhost:8080 or http://127.0.0.1:8080.
What docker version are you using? Does the above work for you?
I'll give the iis test windows container a try. But it didn't work running a lcow test webserver container.
docker run -d --name web-test -p 80:8000 crccheck/hello-world
could not access port 80 from localhost.
Trying to run docker run -p 8080:80 microsoft/iis
result in no manifest for windows/amd64
I think in on the wrong version of docker-ee. Are there instructions to get the correct version of docker-ee onto windows server version 1803?
Install commands were:
Uninstall-Module DockerMsftProvider -force
Install-Module DockerProvider -force
Install-Package -Name docker -ProviderName DockerProvider -RequiredVersion preview -Force
Start-Service Docker
docker version:
Client:17.10.0-ee-preview-3
Server:17.10.0-ee-preview-3
Windows Server version:
OS-Version: 1803
OS-Build: 17666
Installed on Bare Metal
Same issue herer @adragoset, just OS-Build is 17661.
Could we reopen this issue please?
@SeriousM @adragoset We have investigated this further and I can confirm that this is indeed a known issue. We are actively working on a fix for this and I will let you know once it is out!
@SeriousM @adragoset Thank you for your patience -- I wanted to give you a quick update here. We have checked in a fix for this that should be available in Windows Insider build 17692 and above. Since this is an Insider build, I will try to validate that there are no other regressions that could cause this to fail and post back here.
We are also working on all the checkmarks that are needed to be able to propagate this fix to Windows April 2018 Update and Windows Server, version 1803. I will post back here if a KB is released.
@SeriousM @adragoset Just wanted to confirm that I validated the fix to make sure it works, both on a VM and my personal physical workstation from Windows Insider build 17692 and above. For example, I tried builds 17692 and 17704.
If you are on an older build and you are seeing this issue (e.g. 17686) please check for a network adapter with an APIPA (169.254.x.y) address. The workaround is to disable any adapters which have an APIPA (169.254.x.y) IP address assigned.
That being said, we are still working on servicing this fix back to Windows April 2018 Update and Windows Server, version 1803.
Okay, I had this issue, and it was related to where I was running the commands.
Running the command with gitbash would fail to bind the ports properly, but running docker run ...
on cmd works just fine
@HunderlineK Its still not binding with golang even while running it on cmd
@SeriousM @adragoset @HunderlineK @LordRahl90 @CuddleBunny
Thanks for patiently waiting! We backported the container localhost/loopback access fix for Windows April 2018 Update (Windows 10 version 1803) through KB4340917, available now.
To validate this fix, you can use docker run -p 8080:80 microsoft/iis command. Once the container is running, you should be able to use loopback and access the container using http://localhost:8080 or http://127.0.0.1:8080.
@daschott
I still have this issue after updating Windows 10 pro to September 26, 2018—KB4458469 (OS Build 17134.320)https://support.microsoft.com/en-us/help/4458469/windows-10-update-kb4458469
I have tried following cmd:
docker run -p 8080:80 microsoft/iis command
and access http://localhost:8080 is not working for me. But I can use host's IP address to access container, like http://10.24.10.10:8080 is working. Nether localhost nor 127.0.0.1 works.
I am still facing the same issue. I cant access using localhost on windows 10 1803 build. Need concrete fix asap
Thanks
Harshal
in my case I cannot even access from host's IP address.
I'm on windows 10 Entreprise
Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.
If you have found a problem that seems similar to this, please open a new issue.
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked