ChatGPT解决这个技术问题 Extra ChatGPT

How to get the IP address of the docker host from inside a docker container [duplicate]

This question already has answers here: From inside of a Docker container, how do I connect to the localhost of the machine? (38 answers) Closed 3 months ago.

As the title says, I need to be able to retrieve the IP address the docker hosts and the portmaps from the host to the container, and doing that inside of the container.

Could you elaborate on how you'd like to use this information? You said "docker hosts" -- are you running Docker on more than one host? Once your container knows the IP address of the host and portmaps, what will it do?
The simplest way to pass the docker host IP addresses to the docker container, I think you should make a call inside the container using 'docker container exec'. Suppose you want to ping the host from inside busybox container, use for example: $ IP = '8.8.8.8' && docker container busybox ping $IP ' The way to find out the host IP, use what you like more.

s
spinus 
/sbin/ip route|awk '/default/ { print $3 }'

As @MichaelNeale noticed, there is no sense to use this method in Dockerfile (except when we need this IP during build time only), because this IP will be hardcoded during build time.

When you are using the docker bridge (default) for the containers, this will output the bridges IP like 172.17.42.1 rather than the host's IP such as 192.168.1.x (I'm assuming your host is on a home NAT). Using @Magno Torres answer is probably what people want in such situations if you want the 192.168.1.x address.
that RUN won't work as you expect - it only will calculate the IP at build time - and will forever be static after that, and not useful. It will be the IP of the build host.
@Programster, I can assume people want the connection between docker host and container, that's what bridge IP can give you (of course in the stndard "home" installation). Why anybody would need "real" host IP if it can be even outside of docker bridge and can be unaccessible? This is the solution for all people who just installed docker and want to play with it in a short time.
@MichaelNeale, as before, I would assume that most people who are starting with docker need a connection between their host and container, that's it. If someone is doing "proper" deployments, probably he's not using docker bridge anyway, he's using custom networking and than probably he's aware of all the network quirks or they have DNS (or whatever discovery) set up.
@spinus - but this will only be valid if it runs on the host it was built on - in that case - you can just hard code it - or look it up - I think it isn't a helpful answer and will mislead a lot of people - recommend you remove it. (The RUN bit)
P
Pang

As of version 18.03, you can use host.docker.internal as the host's IP.

Works in Docker for Mac, Docker for Windows, and perhaps other platforms as well.

This is an update from the Mac-specific docker.for.mac.localhost, available since version 17.06, and docker.for.mac.host.internal, available since version 17.12, which may also still work on that platform.

Note, as in the Mac and Windows documentation, this is for development purposes only.

For example, I have environment variables set on my host: 

MONGO_SERVER=host.docker.internal

In my docker-compose.yml file, I have this: 

version: '3'

services:
  api:
    build: ./api
    volumes:
      - ./api:/usr/src/app:ro
    ports:
      - "8000"
    environment:
      - MONGO_SERVER
    command: /usr/local/bin/gunicorn -c /usr/src/app/gunicorn_config.py -w 1 -b :8000 wsgi
@allanberry unfortunately the Docker folks prefer not to give us a platform-independent way to do this because they prefer not to embrace unintended use cases (like accessing any service on the local machine from a docker container)
I was introduced to Docker like Build it once, run it everywhere. But this is acutally false since you always have to configure the host system as well. So docker.for.mac.. is useless since in most cases you don't have a Linux- or Mac-only environment in your company. It's mixed, you have devs using Linux and Mac and Windows. This domain makes no sense since in 99% it's a mixed Host OS environment. I don't develop a container under macOS and deploy it to a macOS server. I deploy it to Linux. This is what everyone does. So what's even the whole point of docker.for.mac..?
host.docker.internal does work on Docker for Windows too, at least at the time of writing this comment.
@joanlofe Sadly, it doesn't work anymore. Tested on 19.03.2.
host.docker.internal worked for me (Windows 10, WSL2 Ubuntu 20.04, Laravel Sail)
a
aljabear

Update: On Docker for Mac, as of version 18.03, you can use host.docker.internal as the host's IP. See aljabear's answer. For prior versions of Docker for Mac the following answer may still be useful:

On Docker for Mac the docker0 bridge does not exist, so other answers here may not work. All outgoing traffic however, is routed through your parent host, so as long as you try to connect to an IP it recognizes as itself (and the docker container doesn't think is itself) you should be able to connect. For example if you run this from the parent machine run: 

ipconfig getifaddr en0

This should show you the IP of your Mac on its current network and your docker container should be able to connect to this address as well. This is of course a pain if this IP address ever changes, but you can add a custom loopback IP to your Mac that the container doesn't think is itself by doing something like this on the parent machine: 

sudo ifconfig lo0 alias 192.168.46.49

You can then test the connection from within the docker container with telnet. In my case I wanted to connect to a remote xdebug server: 

telnet 192.168.46.49 9000

Now when traffic comes into your Mac addressed for 192.168.46.49 (and all the traffic leaving your container does go through your Mac) your Mac will assume that IP is itself. When you are finish using this IP, you can remove the loopback alias like this: 

sudo ifconfig lo0 -alias 192.168.46.49

One thing to be careful about is that the docker container won't send traffic to the parent host if it thinks the traffic's destination is itself. So check the loopback interface inside the container if you have trouble: 

sudo ip addr show lo

In my case, this showed inet 127.0.0.1/8 which means I couldn't use any IPs in the 127.* range. That's why I used 192.168.* in the example above. Make sure the IP you use doesn't conflict with something on your own network.

The usage of this hostname makes no sense since it doesn't work under Docker for Linux. Why did they not add it also for Linux?
They are looking into it at this moment @TheFox: github.com/docker/libnetwork/pull/2348
telnet command doesn't exist in my container
N
Nate Fox

For those running Docker in AWS, the instance meta-data for the host is still available from inside the container. 

curl http://169.254.169.254/latest/meta-data/local-ipv4

For example: 

$ docker run alpine /bin/sh -c "apk update ; apk add curl ; curl -s http://169.254.169.254/latest/meta-data/local-ipv4 ; echo"
fetch http://dl-cdn.alpinelinux.org/alpine/v3.3/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.3/community/x86_64/APKINDEX.tar.gz
v3.3.1-119-gb247c0a [http://dl-cdn.alpinelinux.org/alpine/v3.3/main]
v3.3.1-59-g48b0368 [http://dl-cdn.alpinelinux.org/alpine/v3.3/community]
OK: 5855 distinct packages available
(1/4) Installing openssl (1.0.2g-r0)
(2/4) Installing ca-certificates (20160104-r2)
(3/4) Installing libssh2 (1.6.0-r1)
(4/4) Installing curl (7.47.0-r0)
Executing busybox-1.24.1-r7.trigger
Executing ca-certificates-20160104-r2.trigger
OK: 7 MiB in 15 packages
172.31.27.238

$ ifconfig eth0 | grep -oP 'inet addr:\K\S+'
172.31.27.238
This is a super convenient method for those using AWS. I use this to configure Consul agents' client and bind addresses. It's ideal when you're in situations where you can't use host networking (like deploying containers in Elastic Beanstalk and ECS).
This is a lifesaver, thanks. I was having trouble figuring out how to handle communication between containers in my ECS cluster.
On Phusion basimage (based on ubuntu), I had to change your command a little: ifconfig eth0 | grep -oP 'inet \K\S+'
It would be awesome if docker had something like this
for fargate you'll have to search for "IPv4Addresses" in the json response of 169.254.170.2/v2/metadata
N
Nek

AFAIK, in the case of Docker for Linux (standard distribution), the IP address of the host will always be 172.17.0.1 (on the main network of docker, see comments to learn more).

The easiest way to get it is via ifconfig (interface docker0) from the host: 

ifconfig

From inside a docker, the following command from a docker: ip -4 route show default | cut -d" " -f3

You can run it quickly in a docker with the following command line: 

# 1. Run an ubuntu docker
# 2. Updates dependencies (quietly)
# 3. Install ip package   (quietly)
# 4. Shows (nicely) the ip of the host
# 5. Removes the docker (thanks to `--rm` arg)
docker run -it --rm ubuntu:22.04 bash -c "apt-get update > /dev/null && apt-get install iproute2 -y > /dev/null && ip -4 route show default | cut -d' ' -f3"
This is true of containers attached to the docker0 default bridge interface. It is not true of containers stood up using Docker Compose, which will not live on the default bridge interface. docker network ls and docker network inspect <network_name> can help you figure out what that IP will be.
Thanks for the instructions. Btw I'm on linux and I expected 172.17.0.1, in fact I'm checking a container and it haves 172.23.0.1. May the number of running containers affect how the host machine is mapped by incrementing the ip number ?
@funder7 It actually depends on what network you use inside docker. You can access networks with docker network ls, and if you didn't define any network, just know that docker-compose automatically defined virtual networks inside docker (that you can also list).
@Nek probably it was my fault, I was looking at the container's internal ip, while my docker0 network interface is 172.17.0.1, anyway I used docker.host.internal which now supports linux. Thanks for the command though, I will give it a try!
K
Kevin Panko

The only way is passing the host information as environment when you create a container 

run --env <key>=<value>
More specifically, the bridge IP address can be passed in using a command line option like: -e "DOCKER_HOST=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+')" (using the accepted answer from unix.stackexchange.com/questions/87468/…)
I think it not works in Docker for Mac / Windows. (the bridge IP)
C
Community

The --add-host could be a more cleaner solution (but without the port part, only the host can be handled with this solution). So, in your docker run command, do something like: 

docker run --add-host dockerhost:`/sbin/ip route|awk '/default/ { print  $3}'` [my container]

(From https://stackoverflow.com/a/26864854/127400 )

I said "made for this" when someone else wanted an entry in /etc/hosts; in this question it isn't really true. Also OP asked for "host and portmaps" and you have only covered the host.
Ok. I was a bit confused as the accepted solution only covers the host part also. And I think your solution is superior to the one of spinus.
this doesn't work if you want to use dind - docker-in-docker. Inner docker will have different ip
B
BMitch

The standard best practice for most apps looking to do this automatically is: you don't. Instead you have the person running the container inject an external hostname/ip address as configuration, e.g. as an environment variable or config file. Allowing the user to inject this gives you the most portable design.

Why would this be so difficult? Because containers will, by design, isolate the application from the host environment. The network is namespaced to just that container by default, and details of the host are protected from the process running inside the container which may not be fully trusted.

There are different options depending on your specific situation:

If your container is running with host networking, then you can look at the routing table on the host directly to see the default route out. From this question the following works for me e.g.: 

ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p'

An example showing this with host networking in a container looks like: 

docker run --rm --net host busybox /bin/sh -c \
  "ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p'"

For current versions of Docker Desktop, they injected a DNS entry into the embedded VM: 

getent hosts host.docker.internal | awk '{print $1}'

With the 20.10 release, the host.docker.internal alias can also work on Linux if you run your containers with an extra option: 

docker run --add-host host.docker.internal:host-gateway ...

If you are running in a cloud environment, you can check the metadata service from the cloud provider, e.g. the AWS one: 

curl http://169.254.169.254/latest/meta-data/local-ipv4

If you want your external/internet address, you can query a remote service like: 

curl ifconfig.co

Each of these have limitations and only work in specific scenarios. The most portable option is still to run your container with the IP address injected as a configuration, e.g. here's an option running the earlier ip command on the host and injecting it as an environment variable: 

export HOST_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
docker run --rm -e HOST_IP busybox printenv HOST_IP
N
Nick Grealy

TLDR for Mac and Windows 

docker run -it --rm alpine nslookup host.docker.internal

... prints the host's IP address ... 

nslookup: can't resolve '(null)': Name does not resolve

Name:      host.docker.internal
Address 1: 192.168.65.2

Details

On Mac and Windows, you can use the special DNS name host.docker.internal.

The host has a changing IP address (or none if you have no network access). From 18.03 onwards our recommendation is to connect to the special DNS name host.docker.internal, which resolves to the internal IP address used by the host. This is for development purpose and will not work in a production environment outside of Docker Desktop for Mac.

Please don't add the same answer to multiple questions. Answer the best one and flag the rest as duplicates, once you earn enough reputation. If it is not a duplicate, tailor the post to the question and flag for undeletion.
c
cleaversdev 
docker network inspect bridge -f '{{range .IPAM.Config}}{{.Gateway}}{{end}}'

It's possible to retrieve it using docker network inspect

Best answer so far considering that it doesn't rely on any binary being present in a container.
K
Kamil Witkowski

If you want real IP address (not a bridge IP) on Windows and you have docker 18.03 (or more recent) do the following:

Run bash on container from host where image name is nginx (works on Alpine Linux distribution): 

 docker run -it nginx /bin/ash

Then run inside container 

/ # nslookup host.docker.internal

Name:      host.docker.internal
Address 1: 192.168.65.2

192.168.65.2 is the host's IP - not the bridge IP like in spinus accepted answer.

I am using here host.docker.internal:

The host has a changing IP address (or none if you have no network access). From 18.03 onwards our recommendation is to connect to the special DNS name host.docker.internal, which resolves to the internal IP address used by the host. This is for development purpose and will not work in a production environment outside of Docker for Windows.

I tried you solution and it seems that nslookup command cannot be found
@Sergey Is your image based on Alpine Linux ? If not then check equivalent for your specific linux distribution.
No I use exactly your command - docker run -it nginx /bin/ash
Ok - if you are on windows, then i switched to linux containers and i am not using windows containers.You can do that by right clicking the docker icon and selecting Switch to Linux containers. I think that could be important when you are downloading image. If you had windows container check if deleting old nginx image and downloading it again will get you an other container. If it still won't work for you - than you can try to install nslookup in the ash.
If you can't do nslookup, just do ping. It'll show the resolved IP. For me this answer works, and I'm just using this hostname (host.docker.internal) from inside the container
A
Aref Aslani

In linux you can run 

HOST_IP=`hostname -I | awk '{print $1}'`

In macOS your host machine is not the Docker host. Docker will install it's host OS in VirtualBox. 

HOST_IP=`docker run busybox ping -c 1 docker.for.mac.localhost | awk 'FNR==2 {print $4}' | sed s'/.$//'`
First code block will grab the container IP and not the host IP
mandoc of hostname -I warns to not "make any assumptions about the order of the output."
i
ilya_direct

I have Ubuntu 16.03. For me 

docker run --add-host dockerhost:`/sbin/ip route|awk '/default/ { print  $3}'` [image]

does NOT work (wrong ip was generating)

My working solution was that: 

docker run --add-host dockerhost:`docker network inspect --format='{{range .IPAM.Config}}{{.Gateway}}{{end}}' bridge` [image]
B
BSCheshir

Docker for Mac I want to connect from a container to a service on the host

The host has a changing IP address (or none if you have no network access). From 18.03 onwards our recommendation is to connect to the special DNS name host.docker.internal, which resolves to the internal IP address used by the host.

The gateway is also reachable as gateway.docker.internal. https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds

G
Gerold Broser

If you enabled the docker remote API (via -Htcp://0.0.0.0:4243 for instance) and know the host machine's hostname or IP address this can be done with a lot of bash.

Within my container's user's bashrc: 

export hostIP=$(ip r | awk '/default/{print $3}')
export containerID=$(awk -F/ '/docker/{print $NF;exit;}' /proc/self/cgroup)
export proxyPort=$(
  curl -s http://$hostIP:4243/containers/$containerID/json |
  node -pe 'JSON.parse(require("fs").readFileSync("/dev/stdin").toString()).NetworkSettings.Ports["DESIRED_PORT/tcp"][0].HostPort'
)

The second line grabs the container ID from your local /proc/self/cgroup file.

Third line curls out to the host machine (assuming you're using 4243 as docker's port) then uses node to parse the returned JSON for the DESIRED_PORT.

This only applies when you use port forwarding. Indeed HostPort can be useful information here, unfortunately the HostIp might be 0.0.0.0
Your solution to find the host's IP is relying on knowing the host's hostname or IP?
D
DinoStray

My solution:

docker run --net=host

then in docker container:

hostname -I | awk '{print $1}'

k
kenn

Here is another option for those running Docker in AWS. This option avoids having using apk to add the curl package and saves the precious 7mb of space. Use the built-in wget (part of the monolithic BusyBox binary): 

wget -q -O - http://169.254.169.254/latest/meta-data/local-ipv4
S
Swaleh Matongwa

use hostname -I command on the terminal

P
Pang

Try this: 

docker run --rm -i --net=host alpine ifconfig
J
J Roysdon

So... if you are running your containers using a Rancher server, Rancher v1.6 (not sure if 2.0 has this) containers have access to http://rancher-metadata/ which has a lot of useful information.

From inside the container the IP address can be found here: curl http://rancher-metadata/latest/self/host/agent_ip

For more details see: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/

P
Pang

This is a minimalistic implementation in Node.js for who is running the host on AWS EC2 instances, using the afore mentioned EC2 Metadata instance 

const cp = require('child_process');
const ec2 = function (callback) {
    const URL = 'http://169.254.169.254/latest/meta-data/local-ipv4';
    // we make it silent and timeout to 1 sec
    const args = [URL, '-s', '--max-time', '1'];
    const opts = {};
    cp.execFile('curl', args, opts, (error, stdout) => {
        if (error) return callback(new Error('ec2 ip error'));
        else return callback(null, stdout);
    })
        .on('error', (error) => callback(new Error('ec2 ip error')));
}//ec2

and used as 

ec2(function(err, ip) {
        if(err) console.log(err)
        else console.log(ip);
    })
A
Aaron Marten

If you are running a Windows container on a Service Fabric cluster, the host's IP address is available via the environment variable Fabric_NodeIPOrFQDN. Service Fabric environment variables

d
djangofan

Here is how I do it. In this case, it adds a hosts entry into /etc/hosts within the docker image pointing taurus-host to my local machine IP: : 

TAURUS_HOST=`ipconfig getifaddr en0`
docker run -it --rm -e MY_ENVIRONMENT='local' --add-host "taurus-host:${TAURUS_HOST}" ...

Then, from within Docker container, script can use host name taurus-host to get out to my local machine which hosts the docker container.

q
qoomon

Maybe the container I've created is useful as well https://github.com/qoomon/docker-host

You can simply use container name dns to access host system e.g. curl http://dockerhost:9200, so no need to hassle with any IP address.

r
ramazotto

The solution I use is based on a "server" that returns the external address of the Docker host when it receives a http request.

On the "server":

1) Start jwilder/nginx-proxy 

# docker run -d -p <external server port>:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

2) Start ipify container 

# docker run -e VIRTUAL_HOST=<external server name/address> --detach --name ipify osixia/ipify-api:0.1.0

Now when a container sends a http request to the server, e.g. 

# curl http://<external server name/address>:<external server port>

the IP address of the Docker host is returned by ipify via http header "X-Forwarded-For"

Example (ipify server has name "ipify.example.com" and runs on port 80, docker host has IP 10.20.30.40): 

# docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
# docker run -e VIRTUAL_HOST=ipify.example.com --detach --name ipify osixia/ipify-api:0.1.0

Inside the container you can now call: 

# curl http://ipify.example.com
10.20.30.40
k
kenorb

On Ubuntu, hostname command can be used with the following options:

-i, --ip-address addresses for the host name

-I, --all-ip-addresses all addresses for the host

For example: 

$ hostname -i
172.17.0.2

To assign to the variable, the following one-liner can be used: 

IP=$(hostname -i)
This will give you the IP address of the Docker container, not of the host
T
Thomas Urban

Another approach is based on traceroute and it's working on a Linux host for me, e.g. in a container based on Alpine: 

traceroute -n 8.8.8.8 -m 4 -w 1 | awk '$1~/\d/&&$2!~/^172\./{print$2}' | head -1

It takes a moment, but lists the first hop's IP that does not start with 172. If there is no successful response, try increasing the limit on the tested hops using -m 4 argument.

G
Gordon

With https://docs.docker.com/machine/install-machine/

a) $ docker-machine ip

b) Get the IP address of one or more machines. 

  $ docker-machine ip host_name

  $ docker-machine ip host_name1 host_name2
This retrieves the IP of the virtual machine that runs the docker containers, not the IP of the host that the containers run in.
This only applies to docker that's running on docker-machine. The new docker for mac doesn't run on docker-machine.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.