Can't access mysql docker container from the host

I have a debian server with docker 1.6.0 on it with a running official mysql container (https://registry.hub.docker.com/_/mysql/).

I use a fairly basic firewall configuration in which all ports are closed except SSH, HTTP and NTP (http://pastebin.com/raw.php?i=dFUcJWxy).

When I try to connect to my mysql database:

mysql -u root -h 172.17.0.3 -p

I get the following error message:

ERROR 2003 (HY000): Can't connect to MySQL server on '172.17.0.3' (110)

Port 3306 is filtered on it :

nmap -p 3306 172.17.0.3

PORT     STATE    SERVICE
3306/tcp filtered mysql

... and when I open port 3306 on the host i can access to the mysql server.

How to access the mysql server container without opening port 3306 of the host machine ?

Further information than can help:

The ansible task to launch the container :

- name: Mysql container
  docker:
    name: mysql
    image: mysql:5.7
    state: started
    volumes:
    - /var/container_data/mysql:/var/lib/mysql
    ports:
    - "127.0.0.1:3306:3306"
    env:
        MYSQL_ROOT_PASSWORD: my-root-password

docker inspect mysql -> pastebin.com/raw.php?i=uhXEhuXJ

iptables -L -> pastebin.com/raw.php?i=18fkgktF

ifconfig -> pastebin.com/raw.php?i=YJs2JnQx

If you need more information don't hesitate to ask me.

Best regards

Finally, opening port 3306 on the docker0 interface solved my issue :

iptables -t filter -A INPUT -p tcp -i docker0 --dport 3306 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -o docker0 --dport 3306 -j ACCEPT

I think the real answer is to use the --service-ports option when starting the container using docker-compose:

docker-compose run --service-ports db

... as per: https://stackoverflow.com/questions/32360687/connect-to-docker-mysql-container-from-localhost/32407507#32407507

Can't access mysql docker container from the host

Related

Recent Posts