Home / server / Questions / 764082
Accepted
wishi
Asked: 2016-03-17 04:20:10 +0800 CST

How to manage a Docker container with port mapping?

  • 772

I installed the ELK Docker container.

I run it with these parameters:

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 5000:5000 -it --name elk sebp/elk

Check check:

sudo docker ps

CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                                                                                                      NAMES
4f42137c954d        sebp/elk:latest     "/usr/local/bin/star   22 hours ago        Up 22 hours         0.0.0.0:5000->5000/tcp, 0.0.0.0:5044->5044/tcp, 0.0.0.0:5601->5601/tcp, 0.0.0.0:9200->9200/tcp, 9300/tcp   elk

Jo, looks good.

Here is the external interface of the KVM guest, in which the Docker containers reside:

marius@elk:~$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 52:54:00:15:cf:f2
inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0

But port 5044 (for Elastic Beats e.g.) is closed in the KVM network interface:

marius@elk:~$ nc -v 192.168.100.134 5044
nc: connect to 192.168.100.134 port 5044 (tcp) failed: Connection refused

The reason for this appears to be, that I created chaos:

marius@elk:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:5000
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:5044
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:5601
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:9200

And the new IP of the Docker container after a restart is 172.17.42.1 and 0.4

marius@elk:~$ /sbin/ifconfig docker0 Link encap:Ethernet HWaddr a6:3d:01:38:7a:6a
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0

So, how do I restart / manage a Docker container in a way, so that I don't run into IPtables conflicts

And how do I fix this without creating a Docker / IPtables chaos each time? I don't want to manually flush away Docker's iptables.

iptables

1 Answers

  1. Best Answer

    First and foremost - this is because you're operating under a bit of a misconception. Docker containers have dynamic IP addressing within the docker network. You are asking for pain if you try and rely on that being static.

    So don't - just get used to the idea that whilst containers have to have IP addresses to work, you shouldn't ever refer to them directly. You have a number of ways of avoiding this:

    • docker inspect + pass environment variables to containers.
    • With newer docker (1.10+) you have a name service
    • haproxy can dynamically reroute traffic to a range of IP addresses, so you can use something like haproxy + confd + etcd to 'detect' container locations, and dynamically add new entries to the haproxy configuration.
    • 2