Hi, i have a droplet with my domain name assoaciated, i don’t add a firewall rule and the UFW is disabled.

I installed an Ubuntu18.04 and i used this repo to set the environment:

https://github.com/cvaclav/docker-lemp-stack

Actually when y write the IP of my droplet on Chrome say: ERRCONNECTIONREFUSED

Result of -> netstat -anltp | grep “LISTEN”

tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 651/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 848/sshd
tcp6 0 0 :::22 :::* LISTEN 848/sshd

This is the status of the docker containers:

STATUS PORTS NAMES
Up 10 minutes 80/tcp xxxnginx
Up 10 minutes 9000/tcp xxx
php-fpm
Up 10 minutes 80/tcp xxxphpmyadmin
Up 10 minutes 3306/tcp xxx
mysql

I am not sure if I have to activate the UFW with some rules or if I have to use the firewall from the networking menu.

Thank’s for your help!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello, @webcf931eb5d0d1

I assume that the DNS is pointed correctly (domain name is pointed to the IP address of the droplet and that the DNS has already propagated, this can take up to 48 hours in order to fully update)

Looking at the provided output from the netstat command there is no service listening on port 80 and thus you get the ERRCONNECTIONREFUSED error. Have you installed any web server like Apache or Nginx before going forward with the docker setup?

When you created the container did you binded any port on the host to forward the traffic to the container, e.g the phpMyAdmin one?

You can send me the output of the following command:

docker ps -a

This will list the running containers and we can check if you’ve binded any port on the host with the containers.

Additionally you can check this super helpful question posted in the community and also check the video listed in it:

https://www.digitalocean.com/community/questions/how-to-host-multiple-docker-containers-on-a-single-droplet-with-nginx-reverse-proxy

Hope this helps!

Let me know how it goes.

Regards,
Alex

Hi Alex, thank’s for your help.

On the DNS server (external DigitalOcean) i have this line:

A @ Point to: IP

Digital Ocean DNS records:

CNAME

www.xxx.com is an alias of domain.com
A xxx directs to IP
NS xxx directs to ns2.digitalocean.com
NS xxx directs to ns3.digitalocean.com
NS xxx directs to ns1.digitalocean.com

The result of docker ps -a

STATUS PORTS NAMES
Up 15 hours 80/tcp xxxnginx
Up 15 hours 9000/tcp xxx
php-fpm
Up 15 hours 80/tcp xxxphpmyadmin
Exited (1) 15 hours ago xxx
traefik
Exited (1) 15 hours ago xxxportainer
Up 15 hours 3306/tcp xxx
mysql

When i enter the server via SSH i say this message:

Welcome to DigitalOcean’s One-Click Docker Droplet.
To keep this Droplet secure, the UFW firewall is enabled.
All ports are BLOCKED except 22 (SSH), 2375 (Docker) and 2376 (Docker).

edited by alexdo
  • Hello, @webcf931eb5d0d1

    From what I can see the DNS seems okay and there are no issues with DNS propagation and etc.

    Also thanks for sharing that you’ve used the One-Click Docker Droplet. As per the message - “ All ports are BLOCKED except 22 (SSH), 2375 (Docker) and 2376 (Docker).”

    This means we need to open ports 80 and 443 on the droplet. You can do this using the following commands:

    sudo ufw allow http
    

    An alternative syntax is to specify the port number of the HTTP service:

    sudo ufw allow 80
    

    Allow All Incoming HTTPS
    To allow all incoming HTTPS (port 443) connections run this command:

    sudo ufw allow https
    

    An alternative syntax is to specify the port number of the HTTPS service:

    sudo ufw allow 443
    

    Allow All Incoming HTTP and HTTPS
    If you want to allow both HTTP and HTTPS traffic, you can create a single rule that allows both ports. To allow all incoming HTTP and HTTPS (port 443) connections run this command:

    sudo ufw allow proto tcp from any to any port 80,443
    

    And this is basically is. You can now spin up your docker containers and the traffic to them should be okay. You can double check the mini tutorial:

    https://www.digitalocean.com/community/questions/how-to-host-multiple-docker-containers-on-a-single-droplet-with-nginx-reverse-proxy

    Hope this helps!

    Let me know how it goes.

    Regards,
    Alex

Submit an Answer