compose: "network_mode: host" does not use the network of host machine

Hi, actually I want to deploy all my applications in one machine and I use “network_mode: host” for sharing the same network of host machine inside docker container.

But I find that I can’t access my application with “localhost” in the host machine.

example : Inside docker container, this command works well, but not work in the host machine curl -H "Content-Type: application/json" http://localhost:8761/eureka/apps

ifconfig in the container (IP is 192.168.65.2) :

root@moby:/edge-service# ifconfig
br-11d1260a7759 Link encap:Ethernet  HWaddr 02:42:8c:42:40:f1
          inet addr:172.20.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-812e2bf1341c Link encap:Ethernet  HWaddr 02:42:5e:fc:f0:00
          inet addr:172.19.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-8ddc0704ebaa Link encap:Ethernet  HWaddr 02:42:d0:5a:52:52
          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

docker0   Link encap:Ethernet  HWaddr 02:42:01:ce:32:86
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr c0:ff:ee:c0:ff:ee
          inet addr:192.168.65.2  Bcast:192.168.65.7  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7431 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4343 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10443531 (9.9 MiB)  TX bytes:245727 (239.9 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3199 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3199 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:363061 (354.5 KiB)  TX bytes:363061 (354.5 KiB)

ifconfig in the host machine (IP is 192.168.1.99) :

mobilecenter:~ $ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128
    inet 127.0.0.1 netmask 0xff000000
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 60:f8:1d:bb:54:66
    inet6 fe80::62f8:1dff:febb:5466%en0 prefixlen 64 scopeid 0x4
    inet 192.168.1.99 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:fe:3f:a0
    media: autoselect <full-duplex>
    status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:07:fe:3f:a1
    media: autoselect <full-duplex>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 02:f8:1d:bb:54:66
    media: autoselect
    status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
    ether 5a:15:f9:99:be:bf
    inet6 fe80::5815:f9ff:fe99:bebf%awdl0 prefixlen 64 scopeid 0x8
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 62:f8:1d:bb:23:00
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 5 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 6 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive

I’m a little confused, IP inside container and host machine should not be the same in network_mode: host ?

Between the docker containers, they can share network (the two containers of my docker-compose.yml can communicate well between them with localhost) , but not with the host machine.

I think maybe I misunderstand the network_mode host.

The docker-compose.yml looks like :

version:` '2'

services:
  edge-service:
    restart: restart
    image: registry.raimtec.com/edge-service
    volumes:
      - edge_service_log:/edge-service/logs
    ports:
      - 9080:9080
    container_name: edge-service
    depends_on:
      - discovery-service
    network_mode: host
    environment:
      - HOST_NAME=localhost
      - SERVER_PORT=9080
      - LEASE_RENEWAL_INTERVAL_SECS=30
      - DISCOVERY_HOST=http://localhost:8761
      - HYSTRIX_ISOL_TIMEOUT=60000
      - RIBBON_CONNECT_TIMEOUT=3000
      - RIBBON_READ_TIMOUT=60000
      - RESTART_ENABLED=true
      - SHUTDOWN_ENABLED=true
      - HEALTH_ENABLED=false
      - NEBULA_REF_SERVICE_ROUTE=/nebula/v1/**
  discovery-service:
    restart: restart
    image: registry.raimtec.com/discovery-service
    volumes:
      - discovery_service_log:/discovery-service/logs
    ports:
      - 8761:8761
    container_name: discovery-service
    network_mode: host
    environment:
      - HOST_NAME=localhost
      - SERVER_PORT=8761
      - LEASE_RENEWAL_INTERVAL_SECS=30
      - REGISTER_WITH_EUREKA=true
      - FETCH_REGISTRY=false
      - WAIT_TIME_MS_WHEN_SYNC_EMPTY=0
      - ENABLE_SELF_PRESERVATION=true
      - RESTART_ENABLED=true
      - SHUTDOWN_ENABLED=true
      - HEALTH_ENABLED=true
volumes:
  edge_service_log: {}
  discovery_service_log: {}

Docker inspect (network part) :

        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "9a7eb00e08cbf5f1dbd3fe87d1643f8a5fa31414a6bd7fa7e04081949284d363",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/default",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "host": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "d3a065edac656a838506f1975c755a9732cc5d458de7ef30c2a8c128ce1249da",
                    "EndpointID": "a8b37dac419e8fdd1cbfc5f80bfd7e117359274f56c1fe0ea752d739f713f936",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }
            }
        }

Docker/Docker compose version:

mobilecenter:~ $ docker version
Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      linux/amd64

mobilecenter:~ $ docker-compose version
docker-compose version 1.8.0, build f3628c7
docker-py version: 1.9.0
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.2h  3 May 2016

Thanks in advance

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 40
  • Comments: 20

Most upvoted comments

network_mode: host still doesn’t work on mac

+174
sarkistlt on Mar 9, 2017

If you just want to reach a service on the host from within a docker container on Mac OS X you cannot use localhost or 127.0.0.1 . Instead you have to use

host.docker.internal

see https://docs.docker.com/docker-for-mac/networking/ .

+67
asmaier on May 28, 2019

Replying “me 2” like some AOLer isn’t helping the discussion, in fact, it’s a great way to get the conversation locked.

If you are just here to say “pl0x fix kthx1” All you have to do is click the “Subscribe” button in the right-hand column and click the “Thumbs Up” icon on the first post or the “Sad Face” emoji three posts above.

+45
jnovack on Mar 17, 2017

@raycursif Thanks for the issue. --net host does not work in Docker for Mac at the time of writing. (see also: https://forums.docker.com/t/should-docker-run-net-host-work/14215/17) At least not how you’re intending it to.

In Docker for Mac you have a little managed VM that runs Linux. This is where Docker actually runs. D4M does “magic” to map exposed ports to your Mac’s localhost if you expose them using -p etc. on the default bridge network.

--net host will instruct the container to use the host’s network namespace (the Linux VM – not the Mac) but the D4M magic does not know how to forward ports in this case because they are not “registered” with Docker. They are simply exposed in the native network namespace of the host. Think about it, this container is just a process that could be listening on any number of ports but D4M has no way to query what they are. Usually this is easily parse-able via docker inspect or equivalent if they were set with --publish. So D4M can’t forward them to your Mac localhost.

You can see it with your own two eyes:

(on Mac)

$ docker run -d --net host nginx
7596dfd95ebddd0ffcfd6cdc4542df22a78b1d987e02993de7697007b2c50855

$ curl localhost
curl: (7) Failed to connect to localhost port 80: Connection refused

$ docker run --net host alpine wget -qO- localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Why do you want to use --net host at all? If you are not 100% positive that you need this, usually best is to not use it. A vastly superior option is to create your own docker network and throw the containers that need to talk to each other on it. You can still expose ports on the bridge using -p or ports: to contact on the Mac’s localhost.

+21
nathanleclaire on Aug 2, 2016

Same issue, solved by below, not sure if buggy or not. For me it works, need host dns server. Env: linux.

services:
  foobar:
    build:
      context: .
      dockerfile: Dockerfile
      network: host
version: '3.8'
+15
loynoir on Apr 19, 2021

Hi there,

“host” network mode should work on docker for mac if you disable the dns_search method by adding the command dns_search=. to the docker-compose specification.

The explanation: By default, the container will try to resolve ip-addresses depending on the dns configuration of the host. Usually the host will have a google dns server specified to resolve addresses. The google dns server will however not be able to resolve internal localhost addresses. If you disable the external dns server with the dns_search setting, the internal addresses should be resolved correctly.

+6
tikiatua on Apr 28, 2017

This is outside of Compose’s purview. People interested in a resolution to this issue should follow https://github.com/docker/for-mac/issues/1031 instead.

+4
shin- on Aug 3, 2017

Docker seems to like to change their docker-compose.yml schema. Make sure you are using the correct parameters for your version. For example, @loynoir 's highly downvoted answer worked great for me. I suspect the downvoters are on a different version.

+3
wymaricd on Mar 17, 2022

I am facing the same issue

+2
arbhoj on Mar 17, 2017

Does this work on Windows?

+1
neilpalima on Oct 17, 2018

@montrealist No, now I use the real IP address instead of ‘localhost’ to avoid using ‘–net host’.

Btw, I tried ‘–net host’ in Debian linux, it works.

+1
leialexisjiang on Dec 14, 2016

@raycursif were you able to figure it out? Having a similar issue.

+1
montrealist on Dec 14, 2016
Read more comments on GitHub
← compose: Network priority ignored for external networks
compose: New TUI spams lines when pulling multiple images causing you to lose your terminal history →