Cannot access windows container from outside the Azure host vm

Question

I have created a docker container in Azure on Windows 2016. Here is my DOCKERFILE:

FROM microsoft/aspnet

COPY ./ /inetpub/wwwroot

EXPOSE 443
EXPOSE 80

I run it up like so:

docker run -d --name myctr myimg -p 443:443

I can browse to it via the a domain name, which I configure in the hosts file. SUCCESS!

On a remote machine, outside of the Azure network, I configure my hosts file, using the IP address of the Azure VM (and have also tried using the IP address of the container - not sure which one to use!)

However, I can't browse to it from outside of Azure.

Windows Firewall

I have disabled the Windows firewall.

Azure NSG

I have set up a Network Security Group which allows traffic in on port 443 (I have another website running on this box, and can access it from outside of Azure, with success)

Netstat shows the following:

netstat -ano | findstr :443 | findstr ESTABLISHED
  TCP    10.0.0.4:49682         99.99.99.99:443       ESTABLISHED     1252
  TCP    10.0.0.4:49700         99.99.99.98:443       ESTABLISHED     2476
  TCP    10.0.0.4:49718         99.99.99.92:443       ESTABLISHED     5112

How do I configure the container/host/Azure so that I can view the website hosted on the container from a remote machine outside of Azure? Any ideas greatly appreciated!

can you connect to your docker now? – Jason Ye Nov 30 '17 at 01:08 — Jason Ye, Nov 30 '17 at 01:08

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

How do I configure the container/host/Azure so that I can view the website hosted on the container from a remote machine outside of Azure?

By default,-p 80:80 means we are mapping port 80 of container to host port 80. So now others can access port 80 of your host to hit port 80 of container.

Here a example:

PS C:\Users\jason> docker run -d -p 80:80 microsoft/iis
3bf999503cd3110ae8fb1c01cc5c8c6153645a0d533960339490a0ba50634d3a

After add port 80 to NSG inbound rule, I can browse it via Internet:

I have set up a Network Security Group which allows traffic in on port 443 (I have another website running on this box, and can access it from outside of Azure, with success)

In your scenario, your port 443 in use, we can't bind docker with port 443, please try another port.

edited Jun 20 '20 at 09:12

Community

1
1

answered Nov 17 '17 at 08:39

Jason Ye

13,710
2
16
25

Jason, many thanks... Indeed, the port is in use - by the WindowsAzure GuestAgent, WindowsExplorer and ServiceHost: UtcSvc. I am able to browse the site locally, so the port being in use by other apps is not the issue... The issue is the ability to access from outside the host. Additionally, your response shows a standard website. I am looking to run a docker container. (I can already host a standard website on 443 on this machine - I host TFS) – Banoona Dec 06 '17 at 08:07
If that port is in use, we should map it to another port which not in use. For example -p 80:8080 – Jason Ye Dec 06 '17 at 08:14
The port needs to be 443 - I am using SSL – Banoona Dec 11 '17 at 18:29

Cannot access windows container from outside the Azure host vm

1 Answers1