Container not getting traffic on port 80

bruce78 · January 28, 2020, 1:23pm

I’m having trouble sending traffic to a container… the host and container are running Debian 9 and the snap version of LXD is 3.19

I set port forwarding on the host to the container like this…

lxc config device add cco-email myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
lxc config device add cco-email myport8083 proxy listen=tcp:0.0.0.0:8083 connect=tcp:127.0.0.1:8083

I can access port 8083 in the container, but nothing works on port 80…

Running sudo tcpdump port 80 and '(tcp-syn|tcp-ack)!=0' on the host shows the traffic hitting the host, but the same command in the container doesn’t work and no results are shown…

sudo tcpdump port 80 and '(tcp-syn|tcp-ack)!=0'                                                           
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                                                   
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

Does anyone have any ideas?

tomp · January 28, 2020, 1:45pm

Can you show the output of netstat -tlpn | grep :80 inside the container and on the host please.

bruce78 · January 28, 2020, 1:56pm

Here’s the host

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::80                   :::*                    LISTEN      -                   
tcp6       0      0 :::8083                 :::*                    LISTEN      -

Here’s the container…

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 10.112.106.223:8080     0.0.0.0:*               LISTEN      -                                            
tcp        0      0 10.112.106.223:80       0.0.0.0:*               LISTEN      -                                            
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      -                                            
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN      -                                            
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN      -

tomp · January 28, 2020, 2:00pm

Your port 80 proxy is forwarding to 127.0.0.1:80, but inside the container there isn’t anything listening on 127.0.0.1:80, only 10.112.106.223:80.

Your port 8083 proxy should work as the container process is listening on all IPs, 0.0.0.0:8083

bruce78 · January 28, 2020, 2:23pm

Ok, thank you… that’s a big help…

lxc config device add cco-email myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:10.112.106.223:u6e80

has fixed it!

simos · January 28, 2020, 6:46pm

Which Web server are you using? The two big ones, Apache and nginx, listen on localhost.

bruce78 · January 29, 2020, 3:35am

I was testing out HestiaCP, which is a VestaCP fork but I had a similar problem with VirtualMin… these panels use Apache and/or NGINX as selected but during this batch of testing, the control panel/web servers seem to pickup the IP of their container, hence this problem, rather than anything else, which I think is where the problem came from this time…

I’ve got another system running HA Proxy in a container which works out fine as I think it listens on all ports/addresses, as do email servers when forwarding ports 25 or 993 etc.