Search code examples
dockerfirewallnetflix-eurekafirewalld

Unable to access Eureka dashboard inside a docker container

I am setting up a docker container test environment of a Spring Cloud Config Server and Eureka Discovery Service to a server running Oracle Linux 8. Before anything else, I added the following port from firewalld to allow inbound (reloaded and restarted the firewall after):

  • 8086: Spring Cloud Config Server
  • 8087: Eureka Discovery Service

I can confirm the port were added successfully

enter image description here

Next, I created a docker network: docker network create net-test then build and run the Spring Cloud Config Server and it's accessible via my local computer when I tried to curl: curl http://192.168.1.100:8086/actuator (dummy) as it displays the actuator details.

Next, I ran the Eureka and checked the logs and its getting the application properties from the Spring Cloud Config Server. enter image description here

However, I am unable to access it via browser or curl (curl http://192.168.1.100:8087) Failed to connect to 192.168.1.100 port 8087: Connection refused

This is the application.properties of Eureka

"source": {
     "server.port": 8087,
     "spring.application.name": "discovery",
     "eureka.client.fetchRegistry": false,
     "eureka.client.registerWithEureka": false,
     "eureka.client.serviceUrl.defaultZone": "http://192.168.1.100:8087/eureka", # IP of host machine
     "eureka.instance.prefer-ip-address": true,
     "spring.security.user.name": "test1",
     "spring.security.user.password": "test1"
}

UPDATE:

  • This is the nmap result for 8086 and 8087 enter image description here enter image description here

  • This is from the iptables enter image description here

UPDATE Here are the Docker commands/setup I used

  • Docker network: docker network create net-test
  • Dockerfile
FROM adoptopenjdk/openjdk11:alpine
VOLUME /tmp
COPY target/discoveryservice-0.0.1-snapshot.jar discoveryservice.jar
EXPOSE 8087
ENTRYPOINT ["java", "-jar", "discoveryservice.jar"]
  • Docker Build: docker build --tag=discovery-service --force-rm=true .
  • Docker Run: docker run -p 8087:8087 --network=net-test --name=discovery-service discovery-service
Solution

  • According to @PapEr's comment: You have to turn server.address to 0.0.0.0.

    Why?

    Listing on ports must be bind to a host. Read this for more informations.
    With the address you can reduce the machines, which can talk to the port.

    In Docker?

    Normally you don't know the docker-ip, so you can't just set the address of your docker-container. You have only the choice between localhost or 0.0.0.0.
    With localhost only connection from the inside of your docker-container are possible. In other words: No other applications can talk to your container, if you set localhost.
    Since your containers have their own network and ip, I don't see any reason why address=0.0.0.0 is bad idea. Also in production.