I'm trying to connect a jboss/Keycloak docker container to a local Postgresql database. When creating the container using the command docker run --name keycloak --env-file .\endpoint.txt -p 8080:8080 jboss/keycloak with the environment variables (see below), I unfortunately always get the error message that the connection to the database cannot be established.
endpoint.txt:
DB_VENDOR=postgresql
DB_ADDR=172.16.240.123
DB_PORT=5432
DB_DATABASE=keycloak_db
DB_USER=keycloak
DB_PASSWORD=admin123
My server:
The jboss/Keycloak container runs on my Windows Server 2019 with Hyper-V.
I suspect that it is due to the IP of the Postgresql database. Unfortunately it doesn't work with localhost and 127.0.0.1 as IP either. Do I maybe have to pay attention to something special because the docker container is a Linux container on a Windows host system?
Related
I'm new to Docker. I successfully created a PostgreSQL container my-database and I am able to access it from SQLTools on my local machine with server address localhost and the port.
I got the containerized database's IP address from the following command:
docker container inspect my-database
But when I go back to SQLTools or the PHP web application (not containerized) and try to connect to my-database with the IP address I got above, it couldn't connect successfully.
What am I missing here?
FYI, I also created another container and was able to connect to my-database with the following way: Use the same network for both my-database and the second container.
It all depends on how you enable access to the database.
If your php service runs in the same machine, then localhost could work
If its on a different machine in the same network, then use the network IP assigned to that machine. If you have your php server in a totally different location, then you may want to use something like an nginx reverse proxy to your docker container.
So in your case you should get the ip:port where your db container runs and use that. Docker inspect shows the internal network ip which only helps other containers in the same virtual network connect to a container.
You never need the docker inspect IP address. You can only connect to it in two specific circumstances: if you're in a different container on the same Docker network, or if you're (a) not in a container at all, (b) on the same host, and (c) that host is running native Linux and not a different OS.
You've already identified the right answers. Say you start the container as
docker network create any-network-name
docker run \
--name database \
--net any-network-name \
-p 5432:5432 \
postgres
From another Docker container on the any-network-name network, you can use the database container name as a DNS name, and avoid the manual IP lookup; ignore any -p options and use the "normal" port for the service. From outside a container, you can use the host's DNS name or IP address (or, if it's the same host, localhost) and the first -p port number.
If you're running this in Docker Compose, it automatically creates a network for you and registers containers under their Compose service name; you do not need networks:, container_name:, or other similar settings.
version: '3.8'
services:
database:
image: postgres
ports: ['5432:5432']
application:
build: .
environment:
- PGHOST=postgres
I have a Spring Boot application that runs inside a container and needs to connect to a local Postgresql database.
Now it fails at build time, as that is the moment when it tries to configure Spring beans and to connect to database.
I have configured it like following:
spring
datasource:
initialization-mode: always
platform: postgres
url: jdbc:postgresql://192.168.122.1:5432/academy
username: myuser
password: mypassword
but it fails to connect.
How shall I configure Dockerfile/connection string?
I think you have at least two alternatives
Alternative 1: Connecting via Unix domain socket
If you could have Postgres listen on a Unix domain socket, you could then pass in that socket to the container with a bind-mount. Use podman run with one of the command-line arguments --volume or --mount.
Maybe something like:
--mount type=bind,src=/path/to/socket/on/host,target=/path/to/socket/in/container
If your system has SELINUX enabled, you would need to add the option Z
--volume /path/to/socket/on/host:/path/to/socket/in/container:Z
Alternative 2: Connecting via TCP socket
I think you could add the option
--network slirp4netns:allow_host_loopback=true
to the podman run command and connect to the IP address 10.0.2.2.
Quote "Allow the slirp4netns to reach the host loopback IP (10.0.2.2, which is added to /etc/hosts as host.containers.internal for your convenience)" from the podman run man page.
See also slirp4netns.1.md.
(The IP address 10.0.2.2 is a default value hard coded in the source code of slirp4netns).
Here is an example of a container that connects to a web server running on localhost:
esjolund#laptop:~$ curl -sS http://localhost:8000/file.txt
hello
esjolund#laptop:~$ cat /etc/issue
Ubuntu 20.04.2 LTS \n \l
esjolund#laptop:~$ podman --version
podman version 3.0.1
esjolund#laptop:~$ podman run --rm docker.io/library/fedora cur-l -sS http://10.0.2.2:8000/file.txt
curl: (7) Failed to connect to 10.0.2.2 port 8000: Network is unreachable
esjolund#laptop:~$ podman run --rm --network slirp4netns:allow_host_loopback=true docker.io/library/fedora curl -sS http://10.0.2.2:8000/file.txt
hello
esjolund#laptop:~$
I use Spring Boot application inside Docker container on Ubuntu 18 (in a Virtual Box). My application should connect to Postgres database installed on this same VM.
I followed all steps with this tutorial:
https://nickjanetakis.com/blog/docker-tip-35-connect-to-a-database-running-on-your-docker-host
I defined IP of my host by ifconfig: 192.168.1.67
My application.properties:
server.port=2020
ip.address=localhost # <- will be overwritten
spring.datasource.driverClassName =org.postgresql.Driver
spring.jpa.database=POSTGRESQL
spring.datasource.url=jdbc:postgresql://${ip.address}:5432/postgres
Dockerfile:
FROM openjdk:8-alpine
MAINTAINER Kirill Ch "kirill.m.ch#gmail.com"
EXPOSE 2020
WORKDIR /usr/local/bin
COPY server.jar .
CMD ["java","-Dip.address=192.168.1.67", "-jar", "server.jar"]
I create image:
docker image build -t ws-server .
My PosgreSQL server is up and running. However when I run:
docker container run -it -p 2020:2020 ws-server
I receive this error:
org.postgresql.util.PSQLException: Connection to 192.168.1.67:5432
refused. Check that the hostname and port are correct and that the
postmaster is accepting TCP/IP connections.
If I run my app normally without Docker all goes right.
I suspect that the issue with a virtual machine however do not know how to solve it if so.
If I use --network=host parameter all works:
docker container run -it --network=host ws-server
What do I miss, how do it properly, without "host"?
I am running Postgres on a Windows 10 computer, and I want to connect to it from a Docker container. I've followed instructions from many sources and things should be working, but they're not.
Command line used to create Docker container:
docker run --rm -d --network=host --name mycontainer myimage
In postgresql.conf:
listen_addresses = '*'
In pg_hba.conf:
host all all 172.17.0.0/16 trust
In the bash shell of my container, I run:
psql -h 127.0.0.1
and I get the error:
psql: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting TCP/IP connections on port 5432?
Needless to say, Postgres is definitely running on my computer and I am able to query it from local applications. What am I missing?
THIS WON'T WORK FOR DOCKER v18.03 AND ONWARDS
The answer is already there - From inside of a Docker container, how do I connect to the localhost of the machine?
This question is related to a mysql setup, but it should work for your case too.
FOR DOCKER v18.03 ONWARDS
Use host.docker.internal to refer to the host machine.
https://docs.docker.com/docker-for-windows/networking/#i-cannot-ping-my-containers
As you've discovered, --network-host doesn't work with Docker for Windows or Docker for Mac. It only works on Linux hosts.
One option for this scenario might be to host PostgreSql in a container, also. If you deploy them with a docker-compose file, you should be able to have two separate Docker containers (one for the database and one for your service) that are networked together. By default, docker-compose will expose containers to others in the same compose file using the container name as its DNS name.
You could also consider including the database in the same container as your service, but I think the docker-compose solution is better for several reasons:
It adheres to the best practice of each container having only a single process and single responsibility.
It means that you can easily change and re-deploy your service without having to recreate the database container.
Configure the connection inside your docker container with the real ip-address of your host or as workaround with a dns name
Using virtual hosts rather than deployed Docker container it was a normal work process for me to create ssh tunnels in order to access delimited machines from my local box. For instance connect with my psql client to a Postgres instance which I could only reach from a bastion box.
With Docker everything is boxes away even more. Is there an equivalent for doing the same but with Docker? Tunnel through the Docker instance to the RDS instance?
You use the docker CLI to connect to a running container. For instance...
To log into a db running in a container you can use (from your local machine)
docker exec -it mypsqlcontainer psql -U username dbname
I personally almost never have to ssh into the host. Everything can be done through the docker CLI.
You can make ssh-tunnel to the docker host. DB port must be accessible from docker host (i.e. using "-p" docker run option).
If you prefer not publishing DB port you can create jumpbox container with ssh server, publish port 22 on this container and user container linking to link jumpbox container with DB container.