2

According to https://docs.docker.com/compose/compose-file/#links, if I specify the name of another service under links in docker-compose, I should be able to reach that service at a hostname identical to the service name.

To test this, I tried the following docker-compose.yml:

version: '3'

services:
  tor:
    build: ./tor

  use_tor:
    build: ./use_tor
    links:
      - tor

where the tor and use_tor directories contain Dockerfiles:

.
├── docker-compose.yml
├── tor
│   └── Dockerfile
└── use_tor
    └── Dockerfile

which are, for tor:

FROM alpine:latest
EXPOSE 9050
RUN apk --update add tor
CMD ["tor"]

and for use_tor:

FROM alpine:latest
CMD ["nc", "-z", "tor", "9050"]

However, if I do docker-compose build followed by docker-compose up, I see from the logs that the use_tor service exits with status code 1:

Starting scrapercompose_tor_1
Recreating scrapercompose_use_tor_1
Attaching to scrapercompose_tor_1, scrapercompose_use_tor_1
tor_1      | May 02 15:36:34.123 [notice] Tor v0.2.8.12 running on Linux with Libevent 2.0.22-stable, OpenSSL LibreSSL 2.4.4 and Zlib 1.2.8.
tor_1      | May 02 15:36:34.123 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
tor_1      | May 02 15:36:34.123 [notice] Configuration file "/etc/tor/torrc" not present, using reasonable defaults.
tor_1      | May 02 15:36:34.129 [notice] Opening Socks listener on 127.0.0.1:9050
tor_1      | May 02 15:36:34.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
tor_1      | May 02 15:36:34.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
tor_1      | May 02 15:36:34.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
tor_1      | May 02 15:36:34.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.
tor_1      | May 02 15:36:34.000 [notice] Bootstrapped 0%: Starting
scrapercompose_use_tor_1 exited with code 1
tor_1      | May 02 15:36:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
tor_1      | May 02 15:36:36.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
tor_1      | May 02 15:36:36.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
tor_1      | May 02 15:36:36.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
tor_1      | May 02 15:36:36.000 [notice] Bootstrapped 100%: Done

Apparently the command nc -z tor 9050 doesn't return the expected status code 0 on the use_tor container. However, it would seem to me that this should work. For example, if I modify the tor service to map port 9050 on the container to the host as follows,

services:
  tor:
    build: ./tor
    ports:
      - "9050:9050"

Then in my ordinary terminal, I do see that nc -z localhost 9050 yields an exit code of 0:

kurt@kurt-ThinkPad:~$ nc -z localhost 9050
kurt@kurt-ThinkPad:~$ echo $?
0

In short, I would expect the hostname tor to behave like localhost on my the host after the port mapping, but this appears not to be the case. Why is this not working?

Kurt Peek
  • 52,165
  • 91
  • 301
  • 526

1 Answers1

1

This question made me gawk at it for once. Although I cloned this example but was not able to get the solution. According to docker docs

The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. EXPOSE does not make the ports of the container accessible to the host. To do that, you must use either the -p flag to publish a range of ports or the -P flag to publish all of the exposed ports. You can expose one port number and publish it externally under another number.

So I think that may be because the tor service is running on 127.0.0.1 instead of 0.0.0.0 (for difference between them you can look here)

tor_1 | May 02 15:36:34.129 [notice] Opening Socks listener on 127.0.0.1:9050

It is accessible through terminal is because of the ports argument in docker-compose.yml which does the same as -p argument.

All in all if the tor service listens on 0.0.0.0 then it should work as expected.

Community
  • 1
  • 1
radbrawler
  • 2,391
  • 2
  • 15
  • 22
  • Though its a guess for now but I'll look through it tomorrow. Its night here in India.!! :D – radbrawler May 02 '17 at 17:34
  • Also I use the docker links same way that you've used and they work absolutely fine.! – radbrawler May 02 '17 at 17:36
  • This was exactly right. I fixed the problem by adding a configuration file `torrc` to the `tor` directory with the single line `SocksListenAddress 0.0.0.0` (cf. https://www.torproject.org/docs/tor-manual.html.en), and added `COPY torrc /etc/tor/torrc` to the `Dockerfile`. Now I see `scrapercompose_use_tor_1 exited with code 0` in the docker-compose logs as expected. – Kurt Peek May 03 '17 at 08:14