0

I have a server that has Docker installed. It's currently only running one container - Jenkins.

I want to configure the Docker plugin in Jenkins to talk to the local docker server.

The Docker instance is listening on the network, but the container is trying to use the localhost interface when I configure docker via the cloud plugin.

I can connect to the docker instance using curl like below.

curl server.domain.com:2375/version

This yields the expected json document.

When I setup jenkins I created a docker network that the container is running in.

When I attempt the connection from Jenkins I get:

Connection refused: server.domain.com/127.0.1.1:2375

java.net.ConnectException: Connection refused
Caused: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: server.domain.com/127.0.1.1:2375
    at java.base/sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
    at java.base/sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:777)
    at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327)
    at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:636)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:583)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:500)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:462)
    at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:829)

I'm just starting to work with Docker in the last couple of months and know my understanding of the virtualized networking is weak.

It's also not clear to me if this is related to the networking or credentialing. My gut says networking because it seems to be attempting on the 127 localhost address and the /version call does not need credentials to be successful.

Any help/links to documentation are appreciated.

Shawn

Shawn Taylor
  • 270
  • 2
  • 4
  • 11
  • Making the Docker socket available on port 2375 is an incredibly insecure configuration; it gives unrestricted root access to anyone on the host without any credentials or logging (and if you've made it accessible off-host, to the entire network). [Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock](https://stackoverflow.com/questions/47854463/docker-got-permission-denied-while-trying-to-connect-to-the-docker-daemon-socke) has lots of discussion on this topic; does perhaps [this answer](https://stackoverflow.com/a/51921594) help? – David Maze Dec 21 '21 at 19:47
  • I agree with your security concern. I was simply peeling back the security layers, trying to get it to integrate. – Shawn Taylor Dec 22 '21 at 17:44

0 Answers0