loading...

Access host from a docker container

bufferings profile image Mitz ・2 min read

This information is as of 2018-03-31 with Docker 18.03.0-ce

I wanted to access host port from a docker container.

For example, an nginx process is running on the host machine with port 8888 open, then I would like to create a container which can curl host:8888.

I know how to discover container-to-container, but don't know how to get host IP address from a container.

Therefore, I wandered the internet.

Precondition

I mainly use Docker for Mac, but sometimes use Linux. So I want my containers to run on both platform.

TL;DR

https://github.com/bufferings/docker-access-host

Host networking mode?

I found Docker has "host networking mode".

https://docs.docker.com/network/host/

With this mode, the container seems to be able access to the host with "127.0.0.1". How easy! I found it!

So I tried it and it works on my Linux machine, but it didn't work on my Mac. Then I found:

https://docs.docker.com/network/network-tutorial-host/#prerequisites

The host networking driver only works on Linux hosts, and is not supported on Docker for Mac, Docker for Windows, or Docker EE for Windows Server.

(´・ω・`) ok... let me find another way please.

host.docker.internal?

I found I can resolve host.docker.internal as the host IP address in the container on Docker for Mac. Great! That's what I wanted to know! But... where's Linux version of it...?

(´・ω・`) NotFound...

In addition, I was a little bit confused there're several names:

  • docker.for.mac.localhost <- from 17.06.0 but now deprecated
  • docker.for.mac.host.internal <- from 17.12.0-ce-mac46 but now deprecated
  • host.docker.internal <- from 18.03.0-ce-mac59

https://docs.docker.com/docker-for-mac/release-notes

Finally, my solution is like this.

I created docker-entrypoint.sh :

HOST_DOMAIN="host.docker.internal"
ping -q -c1 $HOST_DOMAIN > /dev/null 2>&1
if [ $? -ne 0 ]; then
  HOST_IP=$(ip route | awk 'NR==1 {print $3}')
  echo -e "$HOST_IP\t$HOST_DOMAIN" >> /etc/hosts
fi

(main entrypoint)

and create Dockerfile call this file as an entry point.

COPY docker-entrypoint.sh /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

As a result, Docker for Mac do nothing because it has "host.docker.internal" and Linux version add it into hosts file.

(๑•̀ㅂ•́)و✧

The sample code is here:
https://github.com/bufferings/docker-access-host

I hope host.docker.internal will be added for Linux near future.

If you know better solution, please let me know.

Posted on by:

bufferings profile

Mitz

@bufferings

I like Java, SpringBoot, Thymeleaf, Docker, Scrum, DDD and love my daughters.

Discussion

pic
Editor guide
 

I created a docker container for doing exactly that github.com/qoomon/docker-host

you can then simply use container name dns to access host system e.g.

curl http://dockerhost:9200

 

This doesn't work for me on Ubuntu. I cloned your repo and ran the demo and the curl command just hangs. I connected to the container and confirmed the hostname was in the hosts file. I can ping it but curl doesn't work. I had a similar experience with Bengt's container below - pinging works but wget times out.

 

I figured it out. Nothing wrong with your solution. I have my host firewall locked down tight. Port 80 (which is the host service I was trying to access) is locked to only my LAN network. Adding the docker container network shared by all my containers to the firewall rules fixed it.

 

Could you show the example of how to allow the connection?

I have the same problem, if I try curl host.docker.internal I get
curl: (7) Failed to connect to host.docker.internal port 80: Connection refused

I am linux

Been a while so I'm hazy. From memory my docker containers were running on 192.168.0.0/24 while my LAN is on 192.168.1.0/24. I just needed to tell ufw to allow access to that port from 192.168.0.0/24

I had exactly the same problem.
Confusingly ping was working from the container but e.g. wget and traceroute etc. were not (a good indication of a firewall "problem").

In my set-up the solution was:

ufw allow in to 172.17.0.0/16 proto tcp port 8084

where 172.17.0.1 is the docker0 IP address and 8084 the port on the host machine.

 

This is exactly what I needed!! Thank you!

 

how about the opposite?

  1. i have HOST with multiple dockers (1 docker - 1 apache)
  2. i have 1 proxy-apache on HOST with will route request to applicable docker

i want to use in proxy-apache some DNS-names per each docker instead of IPs, which can be dynamic.

so after docker started it should insert own IP into HOST's /etc/hosts.

how to implement this? (very low info in google about such case)

 

Hi @Mitz

I have docker file like this -
FROM openjdk:8
EXPOSE 9999
ADD target/test-0.0.1-SNAPSHOT.jar test-0.0.1-SNAPSHOT.jar
ENTRYPOINT ["java","-jar","/test-0.0.1-SNAPSHOT.jar"]

How I can add your entrypoint to this?
Please help.

Thanks

 
 

Thanks author, it worked perfectly

 

Thank you!
By which hostname should the container call the host? "host.docker.internal"?
can i make it "localhost"?