I am running a web server (Java Spring boot application) inside a Docker container on port 8080, which is exposed to interface 127.0.0.1 also on port 8080.
docker ps
shows that the port is exposed:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a055dd0dbbfe image "/bin/sh -c 'echo \"T…" 39 minutes ago Up 39 minutes 127.0.0.1:8080->8080/tcp my-app_1
netstat -an
in the host shows the port is actually listening:
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:35900 127.0.0.1:8080 FIN_WAIT2
tcp 142 0 127.0.0.1:8080 127.0.0.1:35900 CLOSE_WAIT
tcp 0 1 172.18.0.1:36626 172.18.0.3:8080 SYN_SENT
If I try to access the server from the Docker host
wget 127.0.0.1:8080
I can see that the connection is established, the HTTP request is sent, but no response is received. The connection is closed by peer after a time. This behavior is reflected in tcpdump
as well:
21:01:14.174522 IP localhost.35872 > localhost.http-alt: Flags [S], seq 441189964, win 43690, options [mss 65495,sackOK,TS val 342973 ecr 0,nop,wscale 7], length 0
21:01:14.174546 IP localhost.http-alt > localhost.35872: Flags [S.], seq 3411015394, ack 441189965, win 43690, options [mss 65495,sackOK,TS val 342973 ecr 342973,nop,wscale 7], length 0
21:01:14.174570 IP localhost.35872 > localhost.http-alt: Flags [.], ack 1, win 342, options [nop,nop,TS val 342973 ecr 342973], length 0
21:01:14.176050 IP localhost.35872 > localhost.http-alt: Flags [P.], seq 1:142, ack 1, win 342, options [nop,nop,TS val 342973 ecr 342973], length 141: HTTP: GET / HTTP/1.1
21:01:14.176068 IP localhost.http-alt > localhost.35872: Flags [.], ack 142, win 350, options [nop,nop,TS val 342973 ecr 342973], length 0
21:03:21.418268 IP localhost.http-alt > localhost.35872: Flags [R.], seq 1, ack 142, win 350, options [nop,nop,TS val 374784 ecr 342973], length 0
The webserver in the container works. Spring Boot server listens to all interfaces (lo
and eth0
):
Application 'app' is running! Access URLs:
Local: http://127.0.0.1:8080
External: http://172.18.0.3:8080
and I can successfully wget
from inside the container:
docker exec <container> wget localhost:8080
:
Connecting to localhost:8080 (127.0.0.1:8080)
index.html 100% |*******************************| 12560 0:00:00 ETA
Docker version is 18.09.2
for client and engine.
OS is Ubuntu, uname -a
:
Linux srv02 4.4.0-142-generic #168-Ubuntu SMP Wed Jan 16 21:00:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
I have no idea what could be wrong?
Best Answer
If you found the problem it's obvious. There was an iptables filter configured by the provider that dropped all "output" packets to unknown ports such as 8080.