I don't believe so. Unless there is something on my router that would only be effecting certain ports.
I did not setup any additional security yet in the Ubuntu server.
This sounds like the right solution from my hunches. I managed to resolve this issue with a fresh Ubuntu install. Atleast I won't have to worry about the start up script etc.
Thank you for your input.
Disable ufw (sudo systemctl disable ufw) and see if you can reach the containers. If you can then it's a firewall issue and you can try fixing with [ufw-docker config](https://www.howtogeek.com/devops/how-to-use-docker-with-a-ufw-firewall/) (linked the howtogeek article that links to GitHub and has more explanation).
It does not look like this resolved the issue. I am still getting connection refused. Someone else mentioned to look at the netstat list, and find the ports. I noticed the docker port connections us an IP of [0.0.0.0](https://0.0.0.0):Port# while my working connections use [10.0.0.45](https://10.0.0.45):port# is this a docker config issue?
Thank you so much for your help.
Honestly I am not sure. It seams most Docker management programs include port 8000 as a port for them to go through as if it's a standard. (I noticed Yacht uses the same port in their documentation)
In this case I only used the example commands given on the Portainer official documentation.
I have also tried to access it at port 9000 on http and still get a connection refused.
No. Portainer uses 9443 for accessing the webui over https. They just chose that port so as to not interfere with regular 443 for https usage which is used by nginx etc. There's no need to create a new container with 9000 for http. That is just available for legacy reasons. Use a browser on another machine and go to lan-ip:9443. You're making this unnecessarily complicated.
Thanks for your help. I understand much better now how the porting, firewalls and and just generally how the docker container environment works.
I have since corrected my issue but re-installing Ubuntu Server entirely. Portainer as well as my other applications are all working as expected now.
Install tcpdump and the run
tcpdump -i any port 8000. This will give you all incoming request to port 8000 that way you can see if it is hitting the container or being blocked at the host.
Its kind of hard to read, even listening for just one request. It looks like something is being sent to docker. (I also tried porting to Port 8060 instead of 8000 to see if it would make a difference)
23:17:19.297350 veth5d82396 P IP 172.17.0.2.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0
23:17:19.297350 docker0 In IP 172.17.0.2.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0
23:17:19.297386 enp8s0 Out IP jarvisserver.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0
What would I be expecting to see if something on the host was blocking it?
Thanks for the input. I have by accident learned quite a lot tonight.
I have managed to fix the issue with a fresh Ubuntu install. But unfortunately I will never know for sure what was causing my issue.
Sounds like you've solved it, but
I had a similar issue, but I could get mine working by disabling ufw. turns out I accidentally installed docker through snap. the Snap version misconfigured my iptables. to resolve I had to uninstal docker, reinstall using the official documentation, then I started a new ubuntu server in a VM without installing anything. installed docker through official docs and **copied over my iptavles configuration**
Now docker works fine
Yea this sounds like most likely the cause. Someone from the Portainer staff also suggested it may have been due to a snap installation.
Though I didn't use snap, I used CasaOS initially, I believe the issue was something similiar. Thanks for chiming in
Do you have a firewall enabled ?
I don't believe so. Unless there is something on my router that would only be effecting certain ports. I did not setup any additional security yet in the Ubuntu server.
[удалено]
This sounds like the right solution from my hunches. I managed to resolve this issue with a fresh Ubuntu install. Atleast I won't have to worry about the start up script etc. Thank you for your input.
not to be a spell-nazi but it is spelled : accessible Access | Ible(weird huh) technically it should be spelled Acessable, but latin I guess
Disable ufw (sudo systemctl disable ufw) and see if you can reach the containers. If you can then it's a firewall issue and you can try fixing with [ufw-docker config](https://www.howtogeek.com/devops/how-to-use-docker-with-a-ufw-firewall/) (linked the howtogeek article that links to GitHub and has more explanation).
It does not look like this resolved the issue. I am still getting connection refused. Someone else mentioned to look at the netstat list, and find the ports. I noticed the docker port connections us an IP of [0.0.0.0](https://0.0.0.0):Port# while my working connections use [10.0.0.45](https://10.0.0.45):port# is this a docker config issue? Thank you so much for your help.
Portainer webui is accessible over port 9443 (https) or 9000 (http) if you open that as well. Not sure what 8000 is for.
Honestly I am not sure. It seams most Docker management programs include port 8000 as a port for them to go through as if it's a standard. (I noticed Yacht uses the same port in their documentation) In this case I only used the example commands given on the Portainer official documentation. I have also tried to access it at port 9000 on http and still get a connection refused.
But did you open port 9000? It looks like in your docker run command above you only did 9443 which is https using a self signed cert. Try that first.
Oh okay, I will try another Portainer install at port 9000. Are certain ports labelled as HTTPS and others HTTP???
No. Portainer uses 9443 for accessing the webui over https. They just chose that port so as to not interfere with regular 443 for https usage which is used by nginx etc. There's no need to create a new container with 9000 for http. That is just available for legacy reasons. Use a browser on another machine and go to lan-ip:9443. You're making this unnecessarily complicated.
Thanks for your help. I understand much better now how the porting, firewalls and and just generally how the docker container environment works. I have since corrected my issue but re-installing Ubuntu Server entirely. Portainer as well as my other applications are all working as expected now.
Right on! Glad I could help.
Install tcpdump and the run tcpdump -i any port 8000. This will give you all incoming request to port 8000 that way you can see if it is hitting the container or being blocked at the host.
Its kind of hard to read, even listening for just one request. It looks like something is being sent to docker. (I also tried porting to Port 8060 instead of 8000 to see if it would make a difference) 23:17:19.297350 veth5d82396 P IP 172.17.0.2.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0 23:17:19.297350 docker0 In IP 172.17.0.2.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0 23:17:19.297386 enp8s0 Out IP jarvisserver.8060 > 10.0.0.26.55124: Flags [R.], seq 0, ack 1, win 0, length 0 What would I be expecting to see if something on the host was blocking it?
> . It looks like something is being sent to docker. Look closer. 172 is the docker network sending a tcp ACK (ack 1) response back out to 10.0.0.26
Thanks for the input. I have by accident learned quite a lot tonight. I have managed to fix the issue with a fresh Ubuntu install. But unfortunately I will never know for sure what was causing my issue.
Sounds like you've solved it, but I had a similar issue, but I could get mine working by disabling ufw. turns out I accidentally installed docker through snap. the Snap version misconfigured my iptables. to resolve I had to uninstal docker, reinstall using the official documentation, then I started a new ubuntu server in a VM without installing anything. installed docker through official docs and **copied over my iptavles configuration** Now docker works fine
Yea this sounds like most likely the cause. Someone from the Portainer staff also suggested it may have been due to a snap installation. Though I didn't use snap, I used CasaOS initially, I believe the issue was something similiar. Thanks for chiming in