Skip to main content
Super User

Return to Question

Added some troubleshooting steps that have been taking so far.
Source Link
bzanchi
bzanchi
  • 1
  • 1

Overview:

I have Docker running several containers on an rack server running Ubuntu Server 18.04. Most of these containers provide a service that is accessible through a browser on a port other than 80. I setup a nginx container to provide the reverse proxy such that when I type service1.mydomain.com it will pass the request to the ip+port combination that hosts that service (the service is another docker container).

This works great from within my LAN. On any computer in my house I can type service.mydomain.com and have access to the container. I own mydomain and have DynamicDNS setup and ports 80 and 443 forwarded to the IP that nginx is running on.

Problem:

When I setup the containers to run on a macvlan network, I can access the services from outside of my LAN (at work, on my phone, etc). However, when I use the default Docker bridge network, the outside access is broken. I can still connect to the containers from within my house (LAN) but can no longer connect from outside my house.

Troubleshooting:

This is what I have tried to troubleshoot so far.

  • Ran tcpdump at server. Can see packets destined for the docker's ip:port combination.
  • If I make a request from within the LAN, I get a [S] flag followed by an [S.] flag and the request goes through.
  • If I make a request from outside the LAN, I get a bunch of [S] flags with the request not going through. Seems like the packet is getting dropped somewhere in the server.
  • Disabled UFW. Did not help.
  • Using netstat -i, there was no change in RX-DRP packets but increases in RX-OK packets to docker0 and eno2 interfaces. There was an increase in TX-OK packets from docker0 but not eno2. (nginx is using the IP of eno2)

Any ideas? I have been searching for days and cannot find any example of this issue.

Overview:

I have Docker running several containers on an rack server running Ubuntu Server 18.04. Most of these containers provide a service that is accessible through a browser on a port other than 80. I setup a nginx container to provide the reverse proxy such that when I type service1.mydomain.com it will pass the request to the ip+port combination that hosts that service (the service is another docker container).

This works great from within my LAN. On any computer in my house I can type service.mydomain.com and have access to the container. I own mydomain and have DynamicDNS setup and ports 80 and 443 forwarded to the IP that nginx is running on.

Problem:

When I setup the containers to run on a macvlan network, I can access the services from outside of my LAN (at work, on my phone, etc). However, when I use the default Docker bridge network, the outside access is broken. I can still connect to the containers from within my house (LAN) but can no longer connect from outside my house.

Any ideas? I have been searching for days and cannot find any example of this issue.

Overview:

I have Docker running several containers on an rack server running Ubuntu Server 18.04. Most of these containers provide a service that is accessible through a browser on a port other than 80. I setup a nginx container to provide the reverse proxy such that when I type service1.mydomain.com it will pass the request to the ip+port combination that hosts that service (the service is another docker container).

This works great from within my LAN. On any computer in my house I can type service.mydomain.com and have access to the container. I own mydomain and have DynamicDNS setup and ports 80 and 443 forwarded to the IP that nginx is running on.

Problem:

When I setup the containers to run on a macvlan network, I can access the services from outside of my LAN (at work, on my phone, etc). However, when I use the default Docker bridge network, the outside access is broken. I can still connect to the containers from within my house (LAN) but can no longer connect from outside my house.

Troubleshooting:

This is what I have tried to troubleshoot so far.

  • Ran tcpdump at server. Can see packets destined for the docker's ip:port combination.
  • If I make a request from within the LAN, I get a [S] flag followed by an [S.] flag and the request goes through.
  • If I make a request from outside the LAN, I get a bunch of [S] flags with the request not going through. Seems like the packet is getting dropped somewhere in the server.
  • Disabled UFW. Did not help.
  • Using netstat -i, there was no change in RX-DRP packets but increases in RX-OK packets to docker0 and eno2 interfaces. There was an increase in TX-OK packets from docker0 but not eno2. (nginx is using the IP of eno2)

Any ideas? I have been searching for days and cannot find any example of this issue.

Source Link
bzanchi
bzanchi
  • 1
  • 1

Docker Containers not accessible outside of LAN

Overview:

I have Docker running several containers on an rack server running Ubuntu Server 18.04. Most of these containers provide a service that is accessible through a browser on a port other than 80. I setup a nginx container to provide the reverse proxy such that when I type service1.mydomain.com it will pass the request to the ip+port combination that hosts that service (the service is another docker container).

This works great from within my LAN. On any computer in my house I can type service.mydomain.com and have access to the container. I own mydomain and have DynamicDNS setup and ports 80 and 443 forwarded to the IP that nginx is running on.

Problem:

When I setup the containers to run on a macvlan network, I can access the services from outside of my LAN (at work, on my phone, etc). However, when I use the default Docker bridge network, the outside access is broken. I can still connect to the containers from within my house (LAN) but can no longer connect from outside my house.

Any ideas? I have been searching for days and cannot find any example of this issue.