0

Hi what I am actually trying is to connect remotly from a MySQL Client in Windows Subsystem for Linux mysql -h 172.18.0.2 -P 3306 -u root -p and before that I started the Docker Container as follows: docker container run --name testdb --network testnetwork -p 3306:3306 -e MYSQL_ROOT_PASSWORD=mysqlRootPassword -e MYSQL_DATABASE=localtestdb -d mariadb/server.

The purpose why I put the container in a own network, is because I also have a dockerized Spring Boot Application (GraphQL-Server) which shall communicated with this db. But always when I try to connect from my built-in mysql client, in my Windows Subsystem for Linux, with the above shown command. I got the error message: ERROR 2002 (HY000): Can't connect to MySQL server on '172.18.0.2' (115).

What I already tried, to solve the problem on my own is, look up whether the configuration file line (bind-address) is commented out. But it wont work. Interestingly it already worked to set up a docker container with MariaDB and connect from the outside, but now when I try exactly the same, only with the difference that I now put the container in a own existing network, it wont work.

Hopefully there some one out there which is able to help me with this annonying problem. Thanks!

So far, Daniel

//edit:

Now I tried the solution advice from a guy from this topic: How to configure containers in one network to connect to each other (server -> mysql)?. Futhermore I linked my Spring Boot (server) application with the "--link databaseContainerName" parameter to the MariaDB container.

Now I am able to start both containers without any error, but I am still not able to connect remotly to the MariaDB container. Which is now running in a virtual docker network with his own subnet.

Daniel Tran
  • 69
  • 1
  • 8
  • 1) Check the IP address, it can change after the network creation 2) Check that your database allows external connects. After the network creation, host calls can become more external – Nick Vee Apr 19 '20 at 08:22
  • Thanks for trying to help me. Now when I try to figure out whats the ip address of the MariaDB container ```docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' testdb``` then I got a realy strange ip address back: ```172.17.0.2172.20.0.2```. This cant be right ip address right? What the heck is going on there :D ? – Daniel Tran Apr 19 '20 at 08:34
  • It can be not "heck" but the fact that ip addresses can appear in the "inspect" 's output twice. Just watch through "docker inspect testdb" 's output manually. It is long but not complex. Network details are usually is the last part. – Nick Vee Apr 19 '20 at 08:39
  • When I run the docker inspect command I got a long output, at the end of this there are mandy different ip addresses but no one want work. – Daniel Tran Apr 19 '20 at 08:51
  • Same error which I got before: ERROR 2002 (HY000): Can't connect to MySQL server on '172.19.0.1' (115) – Daniel Tran Apr 19 '20 at 08:57
  • "Networks": { "your_custom_network_name": { ... , "IPAddress": "172.19.0.3", ... } } You would see something like this – Nick Vee Apr 19 '20 at 08:58
  • all (for docker, especially) .1 is a gateway address, it won't work of course. – Nick Vee Apr 19 '20 at 09:01
  • Which driver do your network use? Bridge? – Nick Vee Apr 19 '20 at 09:07
  • Yep thats right, my network uses "bridge" as driver. But interestingly, because of that weird ip address, which I got through ```docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' testdb``` I decided to delete all containers and also the network and try it again from scratch, I've done exactly the same, as before, but now I cant get my Spring Boot App running again. It always tells me that there is a communications link failure, because the connection is refused. – Daniel Tran Apr 19 '20 at 09:29
  • Maybe you forgot accidently to use the network for both containers – Nick Vee Apr 19 '20 at 10:28

1 Answers1

0

I explored this recently - this is by design - container isolation. Usually only main (service httpd) host is accessible externally, hiding internal connections (hosts it communicates to deliver response).

Container created in own network is not accessible from external adresses, even from containers in the same bridge but other network (172.19.0.0/16).

Your container should be accessible on docker host address (127.0.0.1 if run locally) and mapped ("-p 3306:3306") port - 3306. But of course it won't work if many running db containers have the same mapping to the same host port.

Isolation is done using firewall - iptables. You can list rules (iptables -L) to see that - from docker host level.

You can modify firewall to allow external access to internal networks. I used this rule:

iptables -A DOCKER -d 172.16.0.0/12 -j ACCEPT

After that your MySQL containerized engine should be accessible using internal address 172.18.0.2 and source (not mapped) port 3306.

Warnings

  • it disables all isolation, dont't use it on production;
  • you have to run this after every docker start - rules created/modified by docker on the fly
  • not every docker container will respond on ping, check it from docker host (linux subsystem in this case) first, from windows cmd later

I used this option (in docker.service) to make rule permanent:

ExecStartPost=/bin/sh -c '/etc/iptables/accept172_16.sh'

For docker on external(shared in lan) host you should use route add (or hosts file on your machine or router) to forward 172.x.x.x addresses into lan docker host.

Hint: use portainer project (with restart policy - always) to manage docker containers. It's easier to see config errors, too.

xadm
  • 8,219
  • 3
  • 14
  • 25