no internet inside docker-compose service

docker docker-compose docker-networking
orshachar picture orshachar · Oct 5, 2016 · Viewed 17.4k times · Source

I cannot reach external network from docker-compose containers.

Consider the following docker-compose file:

version: '2'
services:
    nginx:
      image: nginx

Using the simple docker run -it nginx bash I manage to reach external IPs or Internet IPs (ping www.google.com).

On the other hand if I use docker-compose and attach to the container, I cannot reach external IP addresses / DNS.

docker info:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 1.12.1
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 7
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-38-generic
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859 GiB
Name: ***
ID: ****
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

docker-compose 1.8.1, build 878cff1

daemon.json file:

{
  "iptables" : false,
  "dns" : ["8.8.8.8","8.8.4.4"]
}

Answer

peedee picture peedee · May 4, 2017

The last time I had a problem like that, I solved it like this:

https://github.com/docker/docker/issues/866#issuecomment-19218300

pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
docker -d

It will force docker to recreate the bridge and reinit all the network rules.

As for reasons why this happens, I don't have good answers. But I did recently trace the problem back to journald. When I restart journald (for example because I changed its config), DNS resolution inside docker-compose containers consistently/reproducibly breaks. I don't know why exactly, I can only say that this is a reliable way for me to reproduce it on RHEL.

EDIT The docker -d command might not work for you based on the version of docker you are using but don't worry about it, you can omit that command.

Related questions

Docker Networking - nginx: [emerg] host not found in upstream

I have recently started migrating to Docker 1.9 and Docker-Compose 1.5's networking features to replace using links. So far with links there were no problems with nginx connecting to my php5-fpm fastcgi server located in a different server in one …

Read More
docker-compose: difference between network and link

I'm learning docker. I see those two terms make me confuse. For example here is a docker-compose that defined two services redis and web-app. services: redis: container_name: redis image: redis:latest ports: - "6379:6379" networks: - lognet app: container_name: …

Read More
Docker doesn't resolve hostname

I need to know the hostnames (or ip addresses) of some container running on the same machine. As I already commented here (but with no answer yet), I use docker-compose. The documentation says, compose will automatically create a hostname entry …

Read More