3

I am setting up a docker container test environment of a Spring Cloud Config Server and Eureka Discovery Service to a server running Oracle Linux 8. Before anything else, I added the following port from firewalld to allow inbound (reloaded and restarted the firewall after):

  • 8086: Spring Cloud Config Server
  • 8087: Eureka Discovery Service

I can confirm the port were added successfully

enter image description here

Next, I created a docker network: docker network create net-test then build and run the Spring Cloud Config Server and it's accessible via my local computer when I tried to curl: curl http://192.168.1.100:8086/actuator (dummy) as it displays the actuator details.

Next, I ran the Eureka and checked the logs and its getting the application properties from the Spring Cloud Config Server. enter image description here

However, I am unable to access it via browser or curl (curl http://192.168.1.100:8087) Failed to connect to 192.168.1.100 port 8087: Connection refused

This is the application.properties of Eureka

"source": {
     "server.port": 8087,
     "spring.application.name": "discovery",
     "eureka.client.fetchRegistry": false,
     "eureka.client.registerWithEureka": false,
     "eureka.client.serviceUrl.defaultZone": "http://192.168.1.100:8087/eureka", # IP of host machine
     "eureka.instance.prefer-ip-address": true,
     "spring.security.user.name": "test1",
     "spring.security.user.password": "test1"
}

UPDATE:

  • This is the nmap result for 8086 and 8087 enter image description here enter image description here

  • This is from the iptables enter image description here

UPDATE Here are the Docker commands/setup I used

  • Docker network: docker network create net-test
  • Dockerfile
FROM adoptopenjdk/openjdk11:alpine
VOLUME /tmp
COPY target/discoveryservice-0.0.1-snapshot.jar discoveryservice.jar
EXPOSE 8087
ENTRYPOINT ["java", "-jar", "discoveryservice.jar"]
  • Docker Build: docker build --tag=discovery-service --force-rm=true .
  • Docker Run: docker run -p 8087:8087 --network=net-test --name=discovery-service discovery-service
Rye
  • 445
  • 4
  • 15
  • What are your run commands for Docker and what are your Docker images?(have you exposed port in the Dockerfile of Eureka?) – Niklas Mar 20 '21 at 14:09
  • Hi @Niklas, I have updated my question to include my Docker configs/commands used. Kindly scroll above. – Rye Mar 22 '21 at 01:12
  • there should be a config for Eureka, `server.address`, could you try changing it to `0.0.0.0` – PapEr Mar 22 '21 at 02:48
  • @PapEr, yes I have but with localhost. `server.address=localhost` – Rye Mar 22 '21 at 06:36
  • 2
    that‘s my point, change it to `0.0.0.0` and try again, it should possibly work – PapEr Mar 22 '21 at 06:43
  • `0.0.0.0` allows connections from everywhere, be careful with that on production systems. – Niklas Mar 22 '21 at 07:41
  • If you open bash on your Spring container, and try to curl Eureka from there, what happens? – Niklas Mar 22 '21 at 07:44
  • 1
    @PapEr and @Niklas, I have updated `server.address=0.0.0.0` and inside the container I did `wget http://username:password@localhost:8087` works. But outside it says, `Read error (Connection reset by peer) – Rye Mar 22 '21 at 08:57
  • forgive me if this is a stupid question, how did you change your config, and did you restart you server after changing the config – PapEr Mar 22 '21 at 09:24
  • @PapEr, I edited my ‘discovery-service.yml’ located in a test branch git repo online. Then hit the Config Server’s refresh endpoint. I can verify the update was received by eureka server app from logs ‘keys refreshed’. I also did stop/start config server and eureka to be sure – Rye Mar 22 '21 at 22:32
  • I don't understand why the address must be `0.0.0.0` just to access the eureka dashboard (container) within the docker network or docker host. While you can hit the config server refresh endpoint from docker host/remote with configured `address: localhost` to it. – RJB Jul 27 '21 at 08:38

1 Answers1

1

According to @PapEr's comment: You have to turn server.address to 0.0.0.0.

Why?

Listing on ports must be bind to a host. Read this for more informations.
With the address you can reduce the machines, which can talk to the port.

In Docker?

Normally you don't know the docker-ip, so you can't just set the address of your docker-container. You have only the choice between localhost or 0.0.0.0.
With localhost only connection from the inside of your docker-container are possible. In other words: No other applications can talk to your container, if you set localhost.
Since your containers have their own network and ip, I don't see any reason why address=0.0.0.0 is bad idea. Also in production.

akop
  • 5,981
  • 6
  • 24
  • 51
  • Hi @akop, I will try this out. Does this mean I also need to update my `"eureka.client.serviceUrl.defaultZone": "http://username:password@localhost:8087/eureka",` to use `0.0.0.0`? – Rye Mar 22 '21 at 08:41
  • No, `0.0.0.0` is a "catch all ip-address" and you can't use it as address in webbrowser. For `eureka.client.serviceUrl.defaultZone` you have to configure the host for eureka. In your case (you want to access it on your local machine) `localhost` is fine. – akop Mar 22 '21 at 08:47
  • I've updated the config to this `server.address=0.0.0.0` and `eureka.client.serviceUrl.defaultZone=http://${spring.security.user.name}:${spring.security.user.name}@localhost:8087/eureka` but it doesn't work. – Rye Mar 22 '21 at 08:54
  • I went inside the container I did `wget http://username:password@localhost:8087` works. But outside it says, `Read error (Connection reset by peer)` – Rye Mar 22 '21 at 08:59
  • It seems, that new config may not be applied correctly. – akop Mar 22 '21 at 09:00
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/230219/discussion-between-akop-and-rye). – akop Mar 22 '21 at 09:48