How Do You Troubleshoot a Docker Container Supporting a Web Service That Web Browsers Cannot Seem to Reach?

Problem scenario
You have configured a Docker container with a web service (e.g., Apache web server or Nginx).  You configured the listening, external port to be 80 or a different port number.  You find the web server (either Apache or Nginx) is not working from a web browser.  How do you find what is wrong?

#1  Use nmap to test the port and IP address.  If you are using Windows, see this URL to use PowerShell to test the port and IP address.  If there is no activity, one of the following tips may apply:
    a) an intermediate firewall is blocking the connectivity.  The results of an nmap command would show "filtered."  The result "open" shows activity, and "closed" shows nothing is blocking the connection but nothing is listening on that port either.  PowerShell would likely just show connectivity or a lack thereof.  To turn off the firewall on an Ubuntu server (which is on by default on an AWS instance of Ubuntu), run this command: sudo ufw disable
To learn more about getting around a potential firewall, see this posting.
    b)  it could be that the host of the Docker container has IPv6 enabled.  Disable ipv6.  If you are running Ubuntu or a Debian distribution of Linux, use this link to disable IP version 6.  If the server is a RedHat derivative, follow these steps to disable IP version 6:
              i)  sudo cp /etc/modprobe.d/disableipv6.conf /etc/modprobe.d/bak.disableipv6.conf.bak
                  (Do not be concerned if the source file does not yet exist.  The above command is precautionary.)
             ii)  You need to become root to run a special echo command.
sudo su -
echo "install ipv6 /bin/true" >> /etc/modprobe.d/disableipv6.conf

            iii)  reboot the server.
      c)  Verify the Docker service is running:  docker ps -a
If it is not running, try this command if you are running a RedHat derivative:  sudo systemctl start docker
Then start the Docker container with the web service.

#2  Verify that port forwarding is configured properly.  If you are using a RedHat derivative, run this command from the OS:  sudo sysctl net.ipv4.conf.all.forwarding

The result should end with "= 1."  If it does not and it ends with an "= 0", run this command if the Linux server is a RedHat derivative:  sysctl net.ipv4.conf.all.forwarding=1

#3  If there is no activity over the port (it isn't filtered/blocked by an intermediate firewall but there seems to be nothing listening on the port), try rebooting the server.

#4  Verify the Docker network IP address is within the range of the IP address on the Linux server.  For example, run ip addr show.  This should show a range of IP addresses near the word inet.  If you misconfigured the Docker network to have an IP address too low or high for the range of IP addresses that can be seen by eth0 (or another known working NIC), then you may need to reconfigure the Docker network.

#5  If you notice that there is activity on the port that you expect for a small amount of time (e.g., three minutes) after the container has been started yet this activity goes away on its own, there could be two potential problems: one, there could be another Docker container or service competing for the port.  Secondly there could be a misconfigured network interface.  You may want to shut off other services and turn on only what you are testing.  If the problem persists after a reboot with minimal services turned  on, you may want to start over with your user-defined network.  To deploy several Docker containers on one server with Nginx running in each of them simultaneously, try this link.

#6  You may want to examine Docker logs thoroughly.  This link has information on how to do that.  You may want to get a book on Docker; here is a good list.

Leave a comment

Your email address will not be published. Required fields are marked *