Question

Can not access web service, port is open, service is running

Hi all,

I was running docker containers in my droplet and that was working fine with port mapping and such through docker. However, there is a very nasty memory leak with Docker and JVMs (and perhaps not just JVMs) that cause my docker containers to crash in short order. So I am now trying to just run my java service on the droplet OS itself outside of Docker. I am able to start it up no problem, just like I do on my dev box. It starts on port 8090. I try an external port check site and it says 8090 is open on my droplet IP.

When I make a request using <ip>:8090 it just hangs until it finally times out and says it could not get a response. When I try other ports, like port 80, it immediately fails.

I added an iptables entry and now my iptables -S looks like below. I am unclear if the -A INPUT line below the -N DOCKER-ISOLATION some how screws this up, and I dont know much about iptables so not sure if there is something else I need to do to get the service listening on the port to accept a request. I did confirm with netstat -ulntp that it is listening on 8090 as well. At this point I am not sure what could be up. I suspect it may have something to do with the Docker mappings taking over all ports and then nothing listening inside of Docker. If that is the case, what to do to map 8090 to my java service running on the droplet?

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION -A INPUT -p tcp -m tcp --dport 8090 -j ACCEPT -A FORWARD -j DOCKER-ISOLATION -A FORWARD -o docker0 -j DOCKER -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT -A DOCKER-ISOLATION -j RETURN

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

This question was answered by @ryanpq:

If you disable your droplet’s firewall to test, are you able to access the service? Try disabling the iptables service with service iptables stop and then attempt to access your service on port 8090. If you are able to get there then I would recommend starting over your iptables configuration cleanly testing as you add your rules in. If the service is not accessible after disabling iptables then you’ll want to look at the service configuration itself and make sure that it is listening on your public IP address and not just on localhost.

View the original comment