Completely failing in new and interesting ways
161 views
Skip to first unread message
Jonathan Brooks
Aug 3, 2021, 5:35:25 PM8/3/21
to dcm4che
I'm trying to get secured services to run on docker.
I'm running Ubuntu 20.04LTS, no firewall is running.
Docker generated a private address for the container host (172.18.0.3).
I added the following to my /etc/hosts (as I don't have a working DNS server, and my /etc/nsswitch.conf looks to files first when trying to resolve host names):
172.18.0.3 host.docker.internal hostdocker
I can ping the host, I can log on to the keycloak server (https://hostdocker:8843/auth/admin/dcm4che/console/)
I can register the Client (dcm4chee-arc) - see attached picture
But I am completely unable to access the archive https://hostdocker:8443/dcm4chee-arc/ui2.
For some unknown reason the docker container ("arc") is blocking access via the relevant port - does anyone know how to fix that?
$ docker exec arc nc -v -z 172.18.0.3 8843
Connection to 172.18.0.3 8843 port [tcp/*] succeeded!
Connection to 172.18.0.3 8843 port [tcp/*] succeeded!
$ docker exec arc nc -v -z 172.18.0.3 8443
nc: connect to 172.18.0.3 port 8443 (tcp) failed: Connection refused
nc: connect to 172.18.0.3 port 8443 (tcp) failed: Connection refused
Hope someone can help..
Best wishes,
Jon
Jonathan Brooks
Aug 3, 2021, 5:52:54 PM8/3/21
to dcm4che
The command to start the archive was taken straight from the instructions and it does indeed look like the container has the correct port specification.
$ docker port arc
11112/tcp -> 0.0.0.0:1111211112/tcp -> :::11112
12575/tcp -> 0.0.0.0:12575
12575/tcp -> :::12575
2575/tcp -> 0.0.0.0:2575
2575/tcp -> :::2575
2762/tcp -> 0.0.0.0:2762
2762/tcp -> :::2762
8080/tcp -> 0.0.0.0:8080
8080/tcp -> :::8080
8443/tcp -> 0.0.0.0:8443
8443/tcp -> :::8443
9990/tcp -> 0.0.0.0:9990
9990/tcp -> :::9990
9993/tcp -> 0.0.0.0:9993
9993/tcp -> :::9993
Something weird is going on..
Cheers, Jon
Santiago Gala
Aug 6, 2021, 8:22:50 AM8/6/21
to dcm...@googlegroups.com
On Tue, Aug 3, 2021 at 11:35 PM Jonathan Brooks <pai...@gmail.com> wrote:
Docker generated a private address for the container host (172.18.0.3).
arc is one container host, keycloak a different one. Each one will have different docker ip addresses (it depends how you are orchestrating, typically with docker-compose you can do something like:
docker network inspect docker_default --format='{{range $p := .Containers}} {{$p.Name}} -> {{$p.IPv4Address}} }} {{printf "\n"}} {{end}}'
Assuming that your docker-compose network is called "docker_default"
I added the following to my /etc/hosts (as I don't have a working DNS server, and my /etc/nsswitch.conf looks to files first when trying to resolve host names):172.18.0.3 host.docker.internal hostdockerI can ping the host, I can log on to the keycloak server (https://hostdocker:8843/auth/admin/dcm4che/console/)I can register the Client (dcm4chee-arc) - see attached pictureBut I am completely unable to access the archive https://hostdocker:8443/dcm4chee-arc/ui2.For some unknown reason the docker container ("arc") is blocking access via the relevant port - does anyone know how to fix that?$ docker exec arc nc -v -z 172.18.0.3 8843
Connection to 172.18.0.3 8843 port [tcp/*] succeeded!$ docker exec arc nc -v -z 172.18.0.3 8443
nc: connect to 172.18.0.3 port 8443 (tcp) failed: Connection refusedHope someone can help..Best wishes,Jon
--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/c5672364-f522-444c-b3b6-1c0c20896e8dn%40googlegroups.com.
Jonathan Brooks
Aug 10, 2021, 12:33:55 PM8/10/21
to dcm4che
Hi Santiago,
Thanks for the feedback, but I think my understanding is still at a lower level!
I understand that docker creates a bridge between the host OS and the containers to allow traffic to pass, but it wasn't clear to me what IP address/hostname to use through the installation steps: see my related question.
I am trying to install the secure version, which has the following instruction as part of the archive installation:
which differs from Run minimum set of archive services on a single host only by
- -e AUTH_SERVER_URL=https://<docker-host>:8843/auth - you have to replace <docker-host> by the hostname of the docker host, which must be resolvable by your DNS server -
So is <docker-host> the IP address of the keycloak container, localhost, or a DNS registered name for the actual computer that runs docker?
Hope you can help me understand this.
Best wishes,
Jon
Reply all
Reply to author
Forward
0 new messages