WiFi router > RPi > Docker > nginx > net::ERR_CONNECTION_RESET

I have a home setup as mentioned in the title:

WiFi router > RPi > Docker > nginx > php app 

The setup was working fine for several months, until I changed ISP. That is when I had to address several issues:

  1. ISP was using CG-NAT by default. Thankfully, I was able to request a public dynamic IP.
  2. ISP provided me with Sagemcom 5655 v2AC router that by default uses ports 80/443 for remote management and I had to jump through some hoops to disable that feature and instead forward those ports to the RPi. (checked with portchecker.co that port 80 is open)

Just when I thought surprises were over and I was testing how my webapp looks when accessed via domain name (Google DNS + DDClient), it didn’t work. At first, I thought I still couldn’t access RPi using public IP address, but then I opened Chrome dev console and saw that some resources were actually being downloaded, while others failed. That’s when I tried to access website using RPi’s local IP address out of curiosity and it worked just fine.

The situation that I’m in now is following:

  • Accessing webapp using local IP address works fine
  • Accessing webapp using public IP address serves some resources (index, manifest.js), while others seem to be served partially (app.css, vendor.js) and eventually time out with net::ERR_CONNECTION_RESET error

This is how it looks when I try to load <my_domain>.net/css/app.css

enter image description here

I used ngrep to see how network traffic differs between local and public IP requests to <my_domain>.net/css/app.css and noticed something strange. While loading resource via local IP address I just saw bunch of TCP packets that contained parts of the resource, however when loading it via public IP it would end up resending the first packet multiple times until it gives up:

$   sudo ngrep port 80 interface: eth0 (192.168.1.0/255.255.255.0) filter: (ip or ip6) and ( port 80 ) # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c   653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop   yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o   range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w   arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun   ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f   amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic   le,aside,figcaption,figure,footer,header,hgroup,main,na # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c   653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop   yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o   range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w   arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun   ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f   amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic   le,aside,figcaption,figure,footer,header,hgroup,main,na # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   HTTP/1.1 200 OK..Server: nginx..Date: Sun, 20 Jan 2019 12:07:56 GMT..Content-Type: text/css..Content-Length: 155254..Last-Modified: Thu, 17 Jan 2019 18:15:47 GMT..Connection: keep-alive..ETag: "5c40c   653-25e76"..Accept-Ranges: bytes....@import url(https://fonts.googleapis.com/css?family=Nunito);/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Cop   yright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#3490dc;--indigo:#6574cd;--purple:#9561e2;--pink:#f66d9b;--red:#e3342f;--o   range:#f6993f;--yellow:#ffed4a;--green:#38c172;--teal:#4dc0b5;--cyan:#6cb2eb;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#3490dc;--secondary:#6c757d;--success:#38c172;--info:#6cb2eb;--w   arning:#ffed4a;--danger:#e3342f;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:"Nun   ito",sans-serif;--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,:after,:before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-f   amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}@-ms-viewport{width:device-width}artic   le,aside,figcaption,figure,footer,header,hgroup,main,na # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   <same as first> # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   <same as first> # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   <same as first> #### T 192.168.1.1:64447 -> <public_ip>:80 [A]   ...... # T 192.168.1.128:80 -> 192.168.1.1:64447 [A]   <same as first> # T 192.168.1.1:64447 -> <public_ip>:80 [A]   ...... ##### T 192.168.1.1:64447 -> 192.168.1.128:80 [A]   ...... #^Cexit 25 received, 0 dropped 

I had some suspicions about RPi/Docker/nginx part of the setup initially, but once I realised that website works fine when accessed locally I don’t know what to think any more. Any ideas?

Контейнеры в docker не видят друг друга

Я есть папка folder1 – там лежит файл docker-compose.yml Есть папка folder2 – там тоже файл docker-compose.yml

Поднимаeм контейнеры командой : docker-compose up -d, все в состоянии up Только находятся в разлиновал подсетях

Container 1 из folder 1 – имеет ip:172.0.25.12 А Container 2 их folder 2 – имеет ip:172.0.26.12

Контенейры друг друга по сети невидят , не пингуют ( разные подсети)

Как сделать так что бы эти два контейнера были в одно подсети и видели друг друга ??

Route Docker container traffic through another container

I’m trying to route tcp traffic of container B (10.10.1.2, custom binary using mysql and running on port 4242) through container A (10.10.1.3, haproxy, setup in transparent proxy mode) to the outside world, they share the same user defined docker network 10.10.1.0/24 in bridge mode

Container B doesn’t expose ports, only container A.

On container B:

# ip route show default via 10.10.1.1 dev eth0 10.10.1.0/24 dev eth0 proto kernel scope link src 10.10.1.2 # ip route replace default via 10.10.1.3 # ip route show default via 10.10.1.3 dev eth0 10.10.1.0/24 dev eth0 proto kernel scope link src 10.10.1.2 

On container A (haproxy):

sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_nonlocal_bind=1 iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp -s 10.10.1.0/24 --sport 4242 -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 

net.ipv4.ip_forward is set to 1 everywhere, Docker run with default options.

But when I change the route; because it must answer back to container A; container B can’t reach anything, a simple ping google.com timeout.

I’m not a specialist but according to the tcpdump commands I have ran on the 3 parts, there is an exchange between them. Maybe some paquets are not passing through ?

I’m I missing nothing? it should be pretty simple but I can’t get I working I don’t understand why.

Thank you

WelcomeHosting – New York Launch! KVM VPS’s with Docker Support starting at just $21/year for 1GB KVM VPS!

Brian from WelcomeHosting recently contacted us with their first special offer for 2019. WelcomeHosting has been featured before on LowEndBox with positive reviews, however those offers were based out of their original Los Angeles datacenter location. For the new year, they have expanded to the east coast with a brand new New York datacenter location!

They are here with some KVM VPS’s in NY with exclusive discounts for the community. They are offering various different pricing structure options based on the plan, however, the most savings and value are to be had when choosing to pay using an annual billing cycle. For example, the 6GB KVM VPS is just $ 69/year when paid annually, instead of $ 9/mo!

Their WHOIS is public, and you can find their ToS/Legal Docs here. They accept PayPal, VISA, MasterCard, American Express, Discover, Bitcoin, Litecoin and Ethereum as payment methods.

Here’s what they had to say: 

“Nowadays, it seems like it’s almost impossible to find a hosting company that understands its customers by their first name – not just another number. What’s one aspect about home that’s found nowhere else? Feeling comfortable and welcome — and that’s exactly the type of client experience we aspire to deliver here at WelcomeHosting. We offer plenty of different hosting solutions, and we’re always available to help you every step of the way. Welcome to a personalized and worry-free hosting experience!”

Here’s the offers: 

1GB KVM VPS

  • 1024MB RAM
  • 1x CPU Core
  • 25GB RAID-10 Storage
  • 2TB Bandwidth
  • 1Gbps Uplink
  • 1 x IPv4
  • KVM/SolusVM
  • Docker/Custom ISO
  • $ 7/qtr OR $ 21/yr
  • [ORDER]

3GB KVM VPS

  • 3072MB RAM
  • 2x CPU Core
  • 40GB RAID-10 Storage
  • 5TB Bandwidth
  • 1Gbps Uplink
  • 1 x IPv4
  • KVM/SolusVM
  • Docker/Custom ISO
  • $ 5/mo or $ 35/yr
  • [ORDER]

6GB KVM VPS

  • 6144MB RAM
  • 4x CPU Core
  • 60GB RAID-10 Storage
  • 10TB Bandwidth
  • 1Gbps Uplink
  • 1 x IPv4
  • KVM/SolusVM
  • Docker/Custom ISO
  • $ 9/mo or $ 69/yr
  • [ORDER]

NETWORK INFO:

Los Angeles, CA – ColoCrossing Datacenter:
Test IPv4: 198.46.138.196
Test file: http://198.46.138.196/1000MB.test


KVM Nodes:
– 2x Intel Xeon E5-2660v2 CPU
– 128GB RAM
– 8x 1TB HDD’s
– LSI Hardware RAID-10
– 1Gbps Uplink

Please let us know if you have any questions/comments and enjoy!

Docker: how to sync date between a CentOs host and a Debian container?

I have a CentOs host running a docker Debian container.

The container has the wrong localtime and timezone: how can I synchronize it with the host date?

I’m trying with mounting volumes on the docker-compose with /etc/localtime but it doesn’t work.

The solution I prefer should be one of them:

  • set a particular ENV in the Dockerfile
  • mount properly volumes in the docker-compose.yml

New server to setup, docker or VM?

I’m a developer and I have some doubts about server configuration. We have a new server with a dual Xeon CPU, 128 GB RAM & 4 TB SAS SSD. We have to run some web application.

  1. Rails App ( NGINX, Puma, Postgres, Redis, ElasticSearch) – VERY HIGH TRAFFIC
  2. Rails App ( NGINX, Puma, Postgres, Redis) – MODERATE TRAFFIC
  3. Rails App ( NGINX, Puma, Postgres) – LOW TRAFFIC
  4. Python App ( NGINX, Mongo DB, Gunicorn, Redis, ElasticSearch) – VERY LOW TRAFFIC
  5. Php App (NGINX, PHP, Postgres) – LOW TRAFFIC

I’m not sure which is the best way to configure my server and share resources.

I think to create a virtual machine for the python app and the php app frontend, because they are very low traffic app.

Then a virtual machine for the DB (Postgres, Redis, Mongo DB)

A virtual machine for Elastic Search

And finally the virtual machine with the rails app frontend.

What about to use docker? Have I got to adapt every app I have to dockerize it?

Docker not logging out anything from spring boot app

So I’m running a spring boot app in a docker swarm on Amazon (using Docker for AWS) and I’m having this persistent issue where I can’t get any logs from the app.

Docker for AWS is set up so that the log data goes to cloudwatch, but for some reason no logs are making it there. It just outputs some basic startup logs but then no error logging at all. I’ve tried changing the logging driver, I’ve tried adding a --logging.file to the spring boot command and mounting that file on the hosts but that file is also empty.

What’s frustrating is running the exact same app on a local box sends logs out. It’s just running it in Docker that seems to make all logging stop working.

Docker: Showing double prompt on power shell and grey text: can’t exit

I am trying to learn docker. I opened a power shell and typed some commands from a tutorial and then I right clicked the mouse. The power shell showed me scrolling of the command window and now its showing me double angle brackets and whatever I am typing its visible in grey.[![power shell][1]][1]

I typed: “>>” quit “>>” exit

But no effect. I can’t come out of that window. Some body please guide me.Sorry I don’t know exact forum for it. Please guide me.

Zulfi.

How I can change drupal site UUID and its runing in docker?

My Docker file

version: '3.1'  services:  drupal: image: drupal:8-apache ports:   - 8082:80 volumes:   - /var/www/html/modules   - /var/www/html/profiles   - /var/www/html/themes   # this takes advantage of the feature in Docker that a new anonymous   # volume (which is what we're creating here) will be initialized with the   # existing content of the image at the same location   - /var/www/html/sites restart: always  postgres: image: postgres:10 environment:   POSTGRES_PASSWORD: example restart: always 

for changing UUID I required drush according to this exmaple How can I import the configuration on a different site? . But I am not able to use drush in docker container.

Driver PDO para Postgres Docker, não instala

Montei um ambiente PHP + Apache usando Docker (até ai tudo OK), porém, notei que o PHP não vem com o driver PDO_PGSQL instalado na imagem.. Pesquisei, achei algumas soluções mas não consegui instalar/rodar o driver. Tentei até copiar um php.ini que eu já possuía, mas também não funcionou.

Segue abaixo meus arquivos:

php.Dockerfile

# Imagem de origem FROM php:7.1-fpm  # Mantenedor LABEL maintainer="Gabriel.sistemasjr@gmail.com"  # tentei copiar o ini, tambem nao funcionou. # ADD php.ini /usr/local/etc/php  # ====== DRIVERS PHP ======== # # -> PDO MYSQL # RUN docker-php-ext-install mysqli pdo_mysql # # -> PDO POSTGRESQL # RUN apt-get update && apt-get install -y libpq-dev && docker-php-ext-install pdo_pgsql # Nao funciona # # # tentei assim, porém, tambem nao funciona. RUN apt-get update && apt-get install -y libpq-dev \ && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \ && docker-php-ext-install pdo_pgsql \ && apt-get clean 

apache.Dockerfile

# Imagem de origem FROM php:apache  # Mantenedor LABEL maintainer="Gabriel.sistemasjr@gmail.com"  # Setando o modo de reescrita de URL no apache. RUN a2enmod rewrite 

docker-compose.yml

version: "3"  services: # Servidor Apache apache:     build:       dockerfile: apache.Dockerfile       context: ./Docker/apache     volumes:       - "./app/src:/var/www/html"     ports:       - "80:80"     depends_on:       - php     container_name: apache    # Codigos da aplicação   php:     build:       dockerfile: teste.Dockerfile       context: ./Docker/php     volumes:       - "./app/src:/var/www/html"     ports:       - "9000:9000"     container_name: php 

Mesmo seguindo alguns tutoriais, lendo a doc não consegui resolver o problema. Os containers montam e não é retornado nenhum erro, porém, ao executar o phpInfo() vejo que o unico driver PDO existente é do sqlite.

No mais é isso, obrigado a quem puder ajudar!