Connection reset by peer when when hitting Docker container

I think there are some problems with @Bouzid Zitouni's answer, according to Docker official documentation:

this is the same level of isolation as if the nginx process were running directly on the Docker host and not in a container

However, if you use the --network host you will not have isolated networking in the container, and the host networking driver only works on Linux hosts.

The problem of Connection refused/reset happens because your Server is listening on 127.0.0.1 inside the container and the port forwarding is going to external IP of the container (e.g. 172.17.0.2).

Solution

In your case you need to run a new container making your server to listen on all interfaces. Example using python http.server :

docker run -p 8000:8000 -it python:3.7-slim python3 -m http.server --bind 0.0.0.0

Note

The option --bind 0.0.0.0 it's specific option of http.server. Probally your server has other ways to specify this.

References:

https://pythonspeed.com/articles/docker-connection-refused/

https://docs.docker.com/network/network-tutorial-host/


I would like to expand on @Bouzid Zitouni's answer. It seems there is indeed an issue with the address(es) the server binds to.

Connection reset by peer usually indicates that one has defined a port mapping for the container that does not point to a listening server. Here is an example to illustrate this:

docker run -p 10009:10009 -it ubuntu bash

Install nmap in container:

apt-get update && apt install -y nmap

Run ncat (localhost only)

# ncat -v --listen localhost 10009
...
Ncat: Listening on 127.0.0.1:10009

Run curl on host:

# curl localhost:10009
curl: (56) Recv failure: Connection reset by peer

You actually get the same result even if you don't have any server process at all.

Run ncat (all IPs)

# ncat -v --listen 10009
...
Ncat: Listening on :::10009
Ncat: Listening on 0.0.0.0:10009

Curl on host connects successfully. Hope that helps.


I would check to see if the server application is configured to only listen to requests coming from its "localhost", this check depends on the type of server that you're using which is not mentioned.

an easy check is to start your container as follows:

docker run --network host -d yourimagename

You don't need to worry about port mapping since you're using the host network

then try to curl, if that works, then you'll just need to review your server listening IP setting.

curl localhost:10009

Tags:

Docker

Recent Posts