#StackBounty: #docker Starting specific task containers from inside a coordinator container

Bounty: 100

I have containers that perform specific tasks, for example run an R-project command or create the waveform of an audio file by running “docker (run|exec) run.sh “, I am looking for ways to run those from inside other containers without having to do extra work for each new task.

The current way I am thinking of solving this is to give access to the docker daemon by binding the socket inside the container. My host runs a docker container which runs an application as a user, app.

The host docker socket is mounted inside the docker container and a script is created by root, /usr/local/run_other_docker.sh.

Now, user app does not have access rights on the mounted docker socket, but is allowed to run /usr/local/run_other_docker.sh after being given passwordless access as a sudoer.

How dangerous is this?

Is there a standard/safe way of starting other task containers from inside a container without binding to the host docker socket?

The only other solution I have come across involves creating a microservice that runs in the second container for the first one to call. This is undesirable because it adds more things asking for maintaintenance for each such use case.


Get this bounty!!!

#StackBounty: #docker Docker execution in docker container: is there a safe way to do it?

Bounty: 100

I do understand that giving access to the docker daemon by binding the socket inside the container is a risk to start with, but I have a scenario which I would appreciate some insight on how safe it is from someone knowledgeable…

There is a host running a docker container which runs an application as a user, app.
The host docker socket is mounted inside the docker container and a script is created by root, /usr/local/run_other_docker.sh.

Now, user app does not have access rights on the mounted docker socket, but is allowed to run /usr/local/run_other_docker.sh after being given passwordless access as a sudoer.

How dangerous is this?
Is there a standard way of doing such a thing?

I’ve been searching and the only solution that does not include tricks seems to be creating a microservice that runs in the second container for the first one to call, which can be a pain as it adds more things asking for maintaintenance for each such use case…


Get this bounty!!!

#StackBounty: #docker #hadoop #yarn Unable to increase Max Application Master Resources

Bounty: 50

I am using uhopper/hadoop docker image to create yarn cluster. I have 3 nodes with 250GB RAM per node. I have added configuration

        - name: YARN_CONF_yarn_scheduler_minimum___allocation___mb
          value: "2048"
        - name: YARN_CONF_yarn_scheduler_maximum___allocation___mb
          value: "16384"
        - name:  MAPRED_CONF_mapreduce_framework_name
          value: "yarn" 
        - name: MAPRED_CONF_mapreduce_map_memory_mb
          value: "8192"
        - name: MAPRED_CONF_mapreduce_reduce_memory_mb
          value: "8192"
        - name: MAPRED_CONF_mapreduce_map_java_opts
          value: "-Xmx8192m"
        - name: MAPRED_CONF_mapreduce_reduce_java_opts
          value: "-Xmx8192m"

Max Application Master Resources is 10240 MB. I ran 5 spark jobs with each 3 GB driver memory, 2 jobs never came in RUNNING state due 10240MB. I am unable to fully utilize my hardware.
enter image description here
How I can increase the Max Application Master Resources memory ?


Get this bounty!!!

#StackBounty: #ubuntu #docker docker-compose run –rm slow startup

Bounty: 50

I get that docker has some overhead and I wouldn’t expect it to be as fast as local bin, but 2 seconds overhead? It seems too much … Once the container is running, the execution itself seems the same.

$ time docker-compose run --rm php-cli php -i > /dev/null
docker-compose run --rm php-cli php -i > /dev/null  0,43s user 0,07s system 23% cpu 2,107 total

$ time php -i > /dev/null
php -i > /dev/null  0,04s user 0,01s system 98% cpu 0,050 total

Even the simple docker hello-world takes more time than I would think is appropriate.

time docker run --rm hello-world > /dev/null
docker run --rm hello-world > /dev/null  0,07s user 0,02s system 9% cpu 0,869 total

I tried stracing the command and it hangs on wait4 most of the time (which I guess is waiting for the docker daemon response? I’m not a pro so please correct me), here is partial output if that helps https://pastebin.com/pdA63zBi.

Is this expected behavior or is something wrong with my setup?


Get this bounty!!!

#StackBounty: #systemd #dns #docker #systemd-resolved How to allow systemd-resolved to listen to an interface other than loopback?

Bounty: 100

systemd-resolved is a daemon that, among other things, acts as a DNS server by listening IP address 127.0.0.53 on the local loopback interface.

I would like to let the daemon listen to another interface. My use-case is to expose it to docker containers, so that docker containers share the DNS caching provided by systemd-resolved. I know how to configure the host as a DNS server for docker containers, but at least by default, systemd-resolved rejects these DNS queries because they are not coming from the loopback interface, but from the docker bridge interface.

With dnsmasq (a tool similar to systemd-resolved), I did this by adding listen-address=172.17.0.1 to the configuration file. Unfortunately, I couldn’t find a systemd-resolved equivalent.

Is there a way to configure which interface systemd-resolved listens on?


Get this bounty!!!

#StackBounty: #virtualbox #symbolic-link #docker Docker Symlink from shared folder in virtualbox

Bounty: 50

I’m working on a test server, on my computer. Where I have installed Ubuntu server, as a VM in virtual-box.

Version 5.2.8.r121009

Specs:

  • Ubuntu 17.10 4.13.0-21-generic
  • Docker version 18.04.0-ce, build 3d479c0

I have created two Shared folders.

root@docker:/var/lib/docker# ls /media/ -l
totalt 4
drwxr-xr-x 2 root root   4096 mai    8 23:15 cdrom
drwxrwx--- 1 root vboxsf    0 mai    8 23:46 sf_docker-compose
drwxrwx--- 1 root vboxsf    0 mai    9 00:17 sf_docker-volumes 

When I do

service docker stop && 
rm -fr /var/lib/docker/volumes && 
ln -s /media/sf_docker-volumes /var/lib/docker/volumes && 
service docker restart && 
docker ps

I get the following error

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. 
Is the docker daemon running?

So i revert back, to the defaults:

service docker stop && 
rm -fr /var/lib/docker/volumes && 
service docker restart && 
docker ps

And everything is working again.

So my questions is, how can i fix the permissions issues i get from using a symlink for the /var/lib/docker/volumes/ folder.
Im sure that the issue is that the group owner of the symlink is vboxsf and not root. but i cant seem to manage to change that .


Get this bounty!!!

#StackBounty: #ubuntu #nginx #docker Update fastcgi_pass in nginx conf with docker container IP on startup

Bounty: 50

We have the following setup:

We host multiple website on an Ubuntu server, most of them running PHP 5.6. One of them, runs inside a Docker container with PHP 7.1.

The nginx conf for this website has the following line:

fastcgi_pass 172.17.0.4:9000;

which points to the IP of the docker container, which we get from

docker inspect <container>|grep IP

The problem is whenever the system restarts, the container gets a new IP assigned and we have to copy it into the nginx conf again and restart nginx. How could we do this automatically?

Thank you!

BR,
Peter


Get this bounty!!!

#StackBounty: #xorg #raspberry-pi #vnc #docker Dockerizing VNC and xeyes together as proof of concept, not working

Bounty: 100

I’ve been trying to dockerize the xeyes app just to test. I know there are other ways to run things in raspberry pi but I needed a self contained image that doesn’t rely on the machine’s X11. I had to use xvfb to get rid of lots of errors. The VNC itself starts and I can connect, but the screen is black.

It is based on this answer https://stackoverflow.com/a/16311264/6655884

Here’s my Dockerfile:

FROM resin/rpi-raspbian:latest

RUN apt-get update && apt-get install -y arduino x11vnc xvfb x11-apps

RUN mkdir ~/.vnc && x11vnc -storepasswd 1234 ~/.vnc/passwd

ENV DISPLAY :1

CMD /usr/bin/Xvfb :1 -screen 0 1366x768x16 & x11vnc -display :1 -forever -usepw -create & sleep 20 && xeyes

I had to add an sleep of 20 seconds to make VNC start before the xeyes, otherwise the dockerfile stops with an error about not being able to connect to display 1.

Here’s the output:

23/04/2018 02:32:35 -usepw: found /root/.vnc/passwd
23/04/2018 02:32:35 x11vnc version: 0.9.13 lastmod: 2011-08-10  pid: 12
23/04/2018 02:32:35 
23/04/2018 02:32:35 wait_for_client: WAIT:cmd=FINDCREATEDISPLAY-Xvfb
23/04/2018 02:32:35 
23/04/2018 02:32:35 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/2560
23/04/2018 02:32:35 
23/04/2018 02:32:35 Autoprobing TCP port 
23/04/2018 02:32:35 Autoprobing selected TCP port 5900
23/04/2018 02:32:35 Autoprobing TCP6 port 
23/04/2018 02:32:35 Autoprobing selected TCP6 port 5900
23/04/2018 02:32:35 listen6: bind: Address already in use
23/04/2018 02:32:35 Not listening on IPv6 interface.
23/04/2018 02:32:35 

The VNC desktop is:      a385d9fbfff3:0
23/04/2018 02:33:35 Got connection from client 172.17.0.1
23/04/2018 02:33:35   other clients:
23/04/2018 02:33:35 Normal socket connection
23/04/2018 02:33:35 incr accepted_client=1 for 172.17.0.1:37900  sock=6
23/04/2018 02:33:35 wait_for_client: got client
23/04/2018 02:33:35 Client Protocol Version 3.8
23/04/2018 02:33:35 Protocol version sent 3.8, using 3.8
23/04/2018 02:33:35 client progressed=1 in 4/0 0.034084 s
23/04/2018 02:33:35 client useCopyRect: 172.17.0.1 0
23/04/2018 02:33:35 client_set_net: 172.17.0.1  0.1560
23/04/2018 02:33:35 wait_for_client: running: env X11VNC_SKIP_DISPLAY=''  /bin/sh /tmp/x11vnc-find_display.DnAxqk
/tmp/x11vnc-find_display.DnAxqk: 1: /tmp/x11vnc-find_display.DnAxqk: netstat: not found
/tmp/x11vnc-find_display.DnAxqk: 1: /tmp/x11vnc-find_display.DnAxqk: xauth: not found
23/04/2018 02:33:36 wait_for_client: find display cmd failed.
23/04/2018 02:33:37 wait_for_client: FINDCREATEDISPLAY cmd: /bin/sh /tmp/x11vnc-find_display.DnAxqk Xvfb
trying N=20 ...
redir_daemon=
/tmp/x11vnc-find_display.DnAxqk: 461: /tmp/x11vnc-find_display.DnAxqk: /tmp/x11vnc-find_display.DnAxqk: 461: /tmp/x11vnc-find_display.DnAxqk: nmerge: not found
-f: not found
/tmp/x11vnc-find_display.DnAxqk: 462: /tmp/x11vnc-find_display.DnAxqk: nmerge: not found
/tmp/x11vnc-find_display.DnAxqk: 462: /tmp/x11vnc-find_display.DnAxqk: -f: not found
/usr/bin/Xvfb :20 -screen 0 1280x1024x24 -cc 4 -nolisten tcp -auth  
use: X [:<display>] [option]
-a #                   default pointer acceleration (factor)
-ac                    disable access control restrictions
-audit int             set audit trail level
-auth file             select authorization file
-br                    create root window with black background
+bs                    enable any backing store support
-bs                    disable any backing store support
-c                     turns off key-click
c #                    key-click volume (0-100)
-cc int                default color visual class
-nocursor              disable the cursor
-core                  generate core dump on fatal error
-displayfd fd          file descriptor to write display number to when ready to connect
-dpi int               screen resolution in dots per inch
-dpms                  disables VESA DPMS monitor control
-deferglyphs [none|all|16] defer loading of [no|all|16-bit] glyphs
-f #                   bell base (0-100)
-fc string             cursor font
-fn string             default font name
-fp string             default font path
-help                  prints message with these options
+iglx                  Allow creating indirect GLX contexts
-iglx                  Prohibit creating indirect GLX contexts (default)
-I                     ignore all remaining arguments
-ld int                limit data space to N Kb
-lf int                limit number of open files to N
-ls int                limit stack space to N Kb
-nolock                disable the locking mechanism
-maxclients n          set maximum number of clients (power of two)
-nolisten string       don't listen on protocol
-listen string         listen on protocol
-noreset               don't reset after last client exists
-background [none]     create root window with no background
-reset                 reset after last client exists
-p #                   screen-saver pattern duration (minutes)
-pn                    accept failure to listen on all ports
-nopn                  reject failure to listen on all ports
-r                     turns off auto-repeat
r                      turns on auto-repeat 
-render [default|mono|gray|color] set render color alloc policy
-retro                 start with classic stipple and cursor
-s #                   screen-saver timeout (minutes)
-seat string           seat to run on
-t #                   default pointer threshold (pixels/t)
-terminate             terminate at server reset
-to #                  connection time out
-tst                   disable testing extensions
ttyxx                  server started from init on /dev/ttyxx
v                      video blanking for screen-saver
-v                     screen-saver without video blanking
-wm                    WhenMapped default backing-store
-wr                    create root window with white background
-maxbigreqsize         set maximal bigrequest size 
+xinerama              Enable XINERAMA extension
-xinerama              Disable XINERAMA extension
-dumbSched             Disable smart scheduling, enable old behavior
-schedInterval int     Set scheduler interval in msec
-sigstop               Enable SIGSTOP based startup
+extension name        Enable extension
-extension name        Disable extension
-query host-name       contact named host for XDMCP
-broadcast             broadcast for XDMCP
-multicast [addr [hops]] IPv6 multicast for XDMCP
-indirect host-name    contact named host for indirect XDMCP
-port port-num         UDP port number to send messages to
-from local-address    specify the local address to connect from
-once                  Terminate server after one session
-class display-class   specify display class to send in manage
-cookie xdm-auth-bits  specify the magic cookie for XDMCP
-displayID display-id  manufacturer display ID for request
[+-]accessx [ timeout [ timeout_mask [ feedback [ options_mask] ] ] ]
                       enable/disable accessx key sequences
-ardelay               set XKB autorepeat delay
-arinterval            set XKB autorepeat interval
-screen scrn WxHxD     set screen's width, height, depth
-pixdepths list-of-int support given pixmap depths
+/-render          turn on/off RENDER extension support(default on)
-linebias n            adjust thin line pixelization
-blackpixel n          pixel value for black
-whitepixel n          pixel value for white
-fbdir directory       put framebuffers in mmap'ed files in directory
-shmem                 put framebuffers in shared memory
/usr/bin/nohup: failed to run command ‘.xinitrc’: No such file or directory
/tmp/x11vnc-find_display.DnAxqk: 981: /tmp/x11vnc-find_display.DnAxqk: -f: not found
23/04/2018 02:33:44 Using X display :20
23/04/2018 02:33:44 rootwin: 0x43 reswin: 0x200001 dpy: 0x13c58b8
23/04/2018 02:33:44 
23/04/2018 02:33:44 ------------------ USEFUL INFORMATION ------------------
23/04/2018 02:33:44 X DAMAGE available on display, using it for polling hints.
23/04/2018 02:33:44   To disable this behavior use: '-noxdamage'
23/04/2018 02:33:44 
23/04/2018 02:33:44   Most compositing window managers like 'compiz' or 'beryl'
23/04/2018 02:33:44   cause X DAMAGE to fail, and so you may not see any screen
23/04/2018 02:33:44   updates via VNC.  Either disable 'compiz' (recommended) or
23/04/2018 02:33:44   supply the x11vnc '-noxdamage' command line option.
23/04/2018 02:33:44 
23/04/2018 02:33:44 Wireframing: -wireframe mode is in effect for window moves.
23/04/2018 02:33:44   If this yields undesired behavior (poor response, painting
23/04/2018 02:33:44   errors, etc) it may be disabled:
23/04/2018 02:33:44    - use '-nowf' to disable wireframing completely.
23/04/2018 02:33:44    - use '-nowcr' to disable the Copy Rectangle after the
23/04/2018 02:33:44      moved window is released in the new position.
23/04/2018 02:33:44   Also see the -help entry for tuning parameters.
23/04/2018 02:33:44   You can press 3 Alt_L's (Left "Alt" key) in a row to 
23/04/2018 02:33:44   repaint the screen, also see the -fixscreen option for
23/04/2018 02:33:44   periodic repaints.
23/04/2018 02:33:44 
23/04/2018 02:33:44 XFIXES available on display, resetting cursor mode
23/04/2018 02:33:44   to: '-cursor most'.
23/04/2018 02:33:44   to disable this behavior use: '-cursor arrow'
23/04/2018 02:33:44   or '-noxfixes'.
23/04/2018 02:33:44 using XFIXES for cursor drawing.
23/04/2018 02:33:44 GrabServer control via XTEST.
23/04/2018 02:33:44 
23/04/2018 02:33:44 Scroll Detection: -scrollcopyrect mode is in effect to
23/04/2018 02:33:44   use RECORD extension to try to detect scrolling windows
23/04/2018 02:33:44   (induced by either user keystroke or mouse input).
23/04/2018 02:33:44   If this yields undesired behavior (poor response, painting
23/04/2018 02:33:44   errors, etc) it may be disabled via: '-noscr'
23/04/2018 02:33:44   Also see the -help entry for tuning parameters.
23/04/2018 02:33:44   You can press 3 Alt_L's (Left "Alt" key) in a row to 
23/04/2018 02:33:44   repaint the screen, also see the -fixscreen option for
23/04/2018 02:33:44   periodic repaints.
23/04/2018 02:33:44 
23/04/2018 02:33:44 XKEYBOARD: number of keysyms per keycode 7 is greater
23/04/2018 02:33:44   than 4 and 51 keysyms are mapped above 4.
23/04/2018 02:33:44   Automatically switching to -xkb mode.
23/04/2018 02:33:44   If this makes the key mapping worse you can
23/04/2018 02:33:44   disable it with the "-noxkb" option.
23/04/2018 02:33:44   Also, remember "-remap DEAD" for accenting characters.
23/04/2018 02:33:44 
23/04/2018 02:33:44 X FBPM extension not supported.
23/04/2018 02:33:44 X display is not capable of DPMS.
23/04/2018 02:33:44 --------------------------------------------------------
23/04/2018 02:33:44 
23/04/2018 02:33:44 Default visual ID: 0x21
23/04/2018 02:33:44 Read initial data from X display into framebuffer.
23/04/2018 02:33:44 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/5120
23/04/2018 02:33:44 rfbNewFramebuffer(0x13b66c0, 0x0, 1280, 1024, 8, 1, 4)
23/04/2018 02:33:44 Pixel format for client 172.17.0.1:
23/04/2018 02:33:44   32 bpp, depth 24, little endian
23/04/2018 02:33:44   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
23/04/2018 02:33:44 
23/04/2018 02:33:44 X display :20 is 32bpp depth=24 true color
23/04/2018 02:33:44 
23/04/2018 02:33:44 calling setTranslateFunction()...
23/04/2018 02:33:44 Pixel format for client 172.17.0.1:
23/04/2018 02:33:44   32 bpp, depth 24, little endian
23/04/2018 02:33:44   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
23/04/2018 02:33:44 no translation needed
23/04/2018 02:33:44   done.
23/04/2018 02:33:44 TS_REDIR is empty, restarting...
23/04/2018 02:33:44 
23/04/2018 02:33:44 Xinerama is present and active (e.g. multi-head).
23/04/2018 02:33:44 Xinerama: number of sub-screens: 1
23/04/2018 02:33:44 Xinerama: no blackouts needed (only one sub-screen)
23/04/2018 02:33:44 
23/04/2018 02:33:44 fb read rate: 59 MB/sec
23/04/2018 02:33:44 The X server says there are 10 mouse buttons.
23/04/2018 02:33:44 screen setup finished.
23/04/2018 02:33:44 

The VNC desktop is:      a385d9fbfff3:0

******************************************************************************
Have you tried the x11vnc '-ncache' VNC client-side pixel caching feature yet?

The scheme stores pixel data offscreen on the VNC viewer side for faster
retrieval.  It should work with any VNC viewer.  Try it by running:

    x11vnc -ncache 10 ...

One can also add -ncache_cr for smooth 'copyrect' window motion.
More info: http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching

23/04/2018 02:33:44 rfbProcessClientSecurityType: executing handler for type 2
23/04/2018 02:33:44 Battling with something for -norepeat!! (1 resets left)
23/04/2018 02:33:44 Disabled X server key autorepeat.
23/04/2018 02:33:44   to force back on run: 'xset r on' (2 times)
23/04/2018 02:33:44 created   xdamage object: 0x20002c
23/04/2018 02:33:51 cutbuffer_send: no send: uninitialized clients
23/04/2018 02:34:25 client useCopyRect: 172.17.0.1 0
23/04/2018 02:34:25 Pixel format for client 172.17.0.1:
23/04/2018 02:34:25   8 bpp, depth 8
23/04/2018 02:34:25   true colour: max r 7 g 7 b 3, shift r 0 g 3 b 6
23/04/2018 02:34:25 rfbProcessClientNormalMessage: ignoring unsupported encoding type ultraZip
23/04/2018 02:34:25 Using compression level 9 for client 172.17.0.1
23/04/2018 02:34:25 Using image quality level 0 for client 172.17.0.1
23/04/2018 02:34:25 Using JPEG subsampling 1, Q15 for client 172.17.0.1
23/04/2018 02:34:25 Enabling X-style cursor updates for client 172.17.0.1
23/04/2018 02:34:25 Enabling full-color cursor updates for client 172.17.0.1
23/04/2018 02:34:25 Enabling cursor position updates for client 172.17.0.1
23/04/2018 02:34:25 Enabling KeyboardLedState protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling NewFBSize protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling LastRect protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling SupportedMessages protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling SupportedEncodings protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling ServerIdentity protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Enabling Xvp protocol extension for client 172.17.0.1
23/04/2018 02:34:25 Using tight encoding for client 172.17.0.1
23/04/2018 02:34:30 created selwin: 0x20002d
23/04/2018 02:34:30 called initialize_xfixes()


Get this bounty!!!

#StackBounty: #docker #dockerfile #docker-volume Windows 10 nanoserver Docker Volume access or file permissions issue

Bounty: 50

I am building images to run Java on Nano server
Then adding Spigot for Minecraft with a copy command.
The Docker file Volume command breaks the build if it uses the same path I am coping to.

This breaks and will not start - Notice C:Installs
    docker run -p 2525:2525 -p 2020:25 -p 65500-65515:65500-65515 -v C:UsersabcdDesktopDockerspigotmc-buildRepo:c:Installs -it nano/java/spigot:1 .

This starts - Notice C:InstallsX
    docker run -p 2525:2525 -p 2020:25 -p 65500-65515:65500-65515 -v C:UsersabcdDesktopDockerspigotmc-buildRepo:c:InstallsX -it nano/java/spigot:1 .

The copy in the docker file is creating folders. None of those folders can be mounted Via docker file VOLUME or Command line. Any other folders can be mapped.
but i don’t know how to fix it.

I need to copy files to the docker and then mount is as a volumne to access via the host.

Another thing that may be related.
The Spigot Minecraft server is failing with an error that I think is related to fact that it cannot write to the folders its in. Which i coped in from the docker file on build.

I have posted on my Onedrive all the files I am using to build this.
https://1drv.ms/u/s!AoVqYM2hxXZZ2l1fTIF4HygDnUHX

Download extract and run the POWER SHELL SCRIPT BuildNanoJava.ps1.
It will build the whole thing for you.


Get this bounty!!!

#StackBounty: #nginx #docker #elastic-beanstalk #containers Multi-container docker on AWS – Nginx use host machine /etc/hosts resolver

Bounty: 50

I have a multi-container docker environment on Amazon Elastic Beanstalk with the following Dockerrun.aws.json file:

{ 
    "AWSEBDockerrunVersion": 2, 
    "containerDefinitions": [ 
      { 
        "name": "web", 
        "memoryReservation": 256, 
        "image": "my/nginx/repo/image",  
        "portMappings": [ 
          { 
            "hostPort": 80, 
            "containerPort": 80 
          } 
        ], 
        "links": [ 
          "api" 
        ], 
        "essential": true 
      }, 
      { 
        "name": "api", 
        "memoryReservation": 256, 
        "image": "my-api/repo", 
        "essential": true, 
        "portMappings": [ 
          { 
            "hostPort": 3000, 
            "containerPort": 80 
          } 
        ]
      } 
    ] 
  }

Ultimately I want the node app served by nginx to resolve requests to named addresses from linked containers, so in my web image (node app) I’d like to make a request to http://api/some/resource and let nginx resolve that to the api container.

Now, since docker adds a host entry for the api container due to the specified link, I want the nginx server to resolve addresses from the hosts etc/hosts file, however as I found out, nginx uses it’s own resolver. After researching the issue a bit I found out that in non-Elastic Beanstalk multi-container solutions and with user-defined networks, the resolver would be provided by docker on 127.0.0.11, however since it is currently not possible to define user-defined networks in the Dockerrun.aws.json, I keep looking for a different solution. The links can be resolved inside the container, pinging api does work, however, nginx does it’s own thing there.

I have read about dnsmasq as well, however, I wanted to get this running without installing this package, do I even have a choice here ?


Get this bounty!!!