How to access Docker container through DockerNAT IP address on Windows 10?

Question

Overview

I am using a course to learn how to Dockerize my ASP.NET Core application. I have a networking issue with the token server I am trying to use in my configuration.

The ASP.NET Core Web application (webmvc) allows authorization through a token server (tokenserver).

docker-compose for the services

tokenserver

  tokenserver:
    build:
      context: .\src\Services\TokenServiceApi
      dockerfile: Dockerfile
    image: shoes/token-service
    environment:
      - ASPNETCORE_ENVIRONMENT=ContainerDev
      - MvcClient=http://localhost:5500
    container_name: tokenserviceapi
    ports:
      - "5600:80"

    networks:
      - backend
      - frontend
    depends_on:
      - mssqlserver

tokenserver knows about the webmvc url.

webmvc

  webmvc:
    build:
      context: .\src\Web\WebMvc
      dockerfile: Dockerfile
    environment:
      - ASPNETCORE_ENVIRONMENT=ContainerDev
      - CatalogUrl=http://catalog
      - IdentityUrl=http://10.0.75.1:5600
    container_name: webfront
    ports:
      - "5500:80"
    networks:
      - frontend
    depends_on:
      - catalog
      - tokenserver

Running the container confirms that webmvc will try to reach the identity server at http://10.0.75.1:5600.

By running ipconfig in my Windows machine I confirm that DockerNAT is using 10.0.75.1:

Ethernet adapter vEthernet (DockerNAT):

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.75.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

http://10.0.75.1:5600/ is not accessible when accessed from the host machine while http://localhost:5600 is accessible.

However, I have to rely on DockerNAT IP because webmvc must access the service from its own container where localhost:5600 does not make sense:

docker exec -it webfront bash
root@be382eb4608b:/app# curl -i -X GET http://10.0.75.1:5600
HTTP/1.1 404 Not Found
Date: Fri, 03 Jan 2020 08:55:48 GMT
Server: Kestrel
Content-Length: 0

root@be382eb4608b:/app# curl -i -X GET http://localhost:5600
curl: (7) Failed to connect to localhost port 5600: Connection refused

Token service container inspect (relevant parts)

"HostConfig": {
    "Binds": [],
    ....
    "NetworkMode": "shoesoncontainers_backend",
    "PortBindings": {
        "80/tcp": [
            {
                "HostIp": "",
                "HostPort": "5600"
            }
        ]
    },

"NetworkSettings": {
    "Bridge": "",
    "SandboxID": "6637a47944251a4dc59205dc6e03670bc4b03f8bf38a7be0dc11b72adf6a3afa",
    "HairpinMode": false,
    "LinkLocalIPv6Address": "",
    "LinkLocalIPv6PrefixLen": 0,
    "Ports": {
        "80/tcp": [
            {
                "HostIp": "0.0.0.0",
                "HostPort": "5600"
            }
        ]
    },
    "SandboxKey": "/var/run/docker/netns/6637a4794425",
    "SecondaryIPAddresses": null,
    "SecondaryIPv6Addresses": null,
    "EndpointID": "",
    "Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "IPAddress": "",
    "IPPrefixLen": 0,
    "IPv6Gateway": "",
    "MacAddress": "",
    "Networks": {
        "shoesoncontainers_backend": {
            "IPAMConfig": null,
            "Links": null,
            "Aliases": [
                "tokenserver",
                "d31d9b5f4ec7"
            ],
            "NetworkID": "a50a9cee66e6a65a2bb90a7035bae4d9716ce6858a17d5b22e147dfa8e33d686",
            "EndpointID": "405b1beb5e20636bdf0d019b36494fd85ece86cfbb8c2d57283d64cc20e5d760",
            "Gateway": "172.28.0.1",
            "IPAddress": "172.28.0.4",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "MacAddress": "02:42:ac:1c:00:04",
            "DriverOpts": null
        },
        "shoesoncontainers_frontend": {
            "IPAMConfig": null,
            "Links": null,
            "Aliases": [
                "tokenserver",
                "d31d9b5f4ec7"
            ],
            "NetworkID": "b7b3e8599cdae7027d0bc871858593f41fa9b938c13f906b4b29f8538f527ca0",
            "EndpointID": "e702b29016b383b7d5872f8c55cad0f189d6f58f2631316cf0313f3df30331c0",
            "Gateway": "172.29.0.1",
            "IPAddress": "172.29.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "MacAddress": "02:42:ac:1d:00:03",
            "DriverOpts": null
        }
    }
}

I have also created an inbound rule for port 5600 in Windows Defender Firewall with Advanced Security.

Question: How to access Docker container through DockerNAT IP address on Windows 10?

Answer 1

I think you are looking for host.docker.internal. It's a special DNS name which allow you to connect from a container to a service on the host or a container exposed on the host.

The official documentation.

You can fine longer explanations here.

Answer 2

I am not sure why it does not work as expected, but using the information provided here I was able to figure out how to make it work:

You can try add incoming rule in firewall:

Example:

protocol: any/tcp/udp/... program: any action: allow local port: any remote port: any local address: 10.0.75.1 remote address: 10.0.75.0/24

or you can try use address 10.0.75.2 instead of 10.0.75.1

For me the second solution worked.