Make docker use IPv4 for port binding
I have docker host and inside I have one container.
The docker host is binding the port on IPv6 interface only, not on IPv4.
This is the output
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:55082 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::40280 :::* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
tcp6 0 0 :::40122 :::* LISTEN -
tcp6 0 0 :::36378 :::* LISTEN -
tcp6 0 0 :::40543 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN -
Now I have 40122 port on host to link with port 22 on container.
I want to SSH into that container but I am not able to as its only bound to IPv6
This is my docker version Docker version 1.5.0, build a8a31ef
docker ps
201bde6c839a myapp:latest "supervisord -n" 3 weeks ago Up 2 hours 0.0.0.0:40122->22/tcp, 0.0.0.0:40280->80/tcp, 0.0.0.0:40543->443/tcp myapp
I ran using docker run -d -P -p 40122:22
netstat -tlna
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3031 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::6379 :::* LISTEN
ps aux
root 1 0.0 0.8 52440 16668 ? Ss 00:53 0:03 /usr/bin/python /usr/bin/supervisord -n
root 49 0.0 0.1 17980 3048 ? S 01:32 0:00 bash
root 64 0.0 0.1 46632 2712 ? S 01:32 0:00 su -l vagrant
vagrant 65 0.0 0.1 21308 3760 ? S 01:32 0:00 -su
root 288 0.0 0.1 17980 3088 ? S 02:01 0:00 bash
root 304 0.0 0.1 46632 2720 ? S 02:01 0:00 su -l vagrant
vagrant 305 0.0 0.1 21304 3804 ? S 02:01 0:00 -su
vagrant 308 0.0 3.7 429616 75840 ? Sl+ 02:01 0:05 python ./manage.py shell_plus
root 654 0.0 0.4 47596 9848 ? S 03:12 0:01 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini
root 655 0.0 0.3 90280 7732 ? S 03:12 0:00 nginx: master process /usr/sbin/nginx
www-data 656 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process
www-data 657 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process
www-data 658 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process
www-data 659 0.0 0.2 90940 4500 ? S 03:12 0:00 nginx: worker process
root 660 0.0 0.2 61372 5332 ? S 03:12 0:00 /usr/sbin/sshd -D
root 669 0.0 0.4 37004 8892 ? Sl 03:12 0:01 redis-server *:6379
root 856 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini
root 857 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini
root 858 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini
root 859 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini
vagrant 889 0.0 0.1 18692 2508 ? R+ 04:11 0:00 ps aux
Answer
As @daniel-t points out in the comment: github.com/docker/docker/issues/2174 is about showing binding only to IPv6 in netstat, but that is not an issue. As that github issues states:
When setting up the proxy, Docker requests the loopback address '127.0.0.1', Linux realises this is an address that exists in IPv6 (as ::0) and opens on both (but it is formally an IPv6 socket). When you run netstat it sees this and tells you it is an IPv6 - but it is still listening on IPv4. If you have played with your settings a little, you may have disabled this trick Linux does - by setting net.ipv6.bindv6only = 1.
In other words, just because you see it as IPv6 only, it is still able to communicate on IPv4 unless you have IPv6 set to only bind on IPv6 with the net.ipv6.bindv6only setting. To be clear, net.ipv6.bindv6only should be 0 - you can run sysctl net.ipv6.bindv6only to verify.