I have one host docker that runs 2 web applications inside separate containers. I have a nginx container setup in front of both of them acting as reverse proxies. There are two dns entries for different subdomains pointing to this single host, so I can reach application 1 using app1.domain.com and app2 using app2.domain.com. This setting works fine, and each application is available to the wider universe.
However, app2 should also be able to make an http call to the web services provided by app1. For some reason, http calls to http://app1.domain.com cannot be resolved from the app2 container. curl http://app1.domain.comreturns Failed to connect to app1.domain.com port 80: No route to host.Strangely enough, I can ping app1.domain.com from the app2 container and successfully resolve the host URL. I tried disabling iptables with service iptables stopon the docker host, and this makes the curl and ping commands just hang for a while, before finally returning an error about the unknown host for ping and could not resolve the waving host.
Finally, I can curl from the app2 container to app1 using the docker IP address and port, although this is not an ideal solution, given that he will need to change the way this application is deployed and configured so that this IP address and port can be detected.
UPDATE: output iptables -n -L -v -x
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 * 10.191.192.0/18 0.0.0.0/0
124 6662 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 120 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
141668 14710477 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
252325 512668022 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
31 2635 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
5496 331240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
623 37143 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
437791 334335762 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
438060 347940196 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
680992 61107377 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
356 24168 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 604 packets, 125207 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.191.192.0/18
124 6662 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:81
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:443
2191 156283 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:80
0 0 ACCEPT tcp -- docker0 docker0 172.17.0.60 172.17.0.7 tcp dpt:3000
0 0 ACCEPT tcp -- docker0 docker0 172.17.0.7 172.17.0.60 tcp spt:3000
app1 docker ip: 172.17.0.7 app2 docker ip: 172.17.0.60
source
share