Can't connect to docker container running inside WSL2

[massix]

• Your Windows build number: Microsoft Windows [Version 10.0.19041.153]

I'm running a couchbase server inside WSL2 with multiple port-forwarding :

(from Windows) ❯ wsl -l -v
  NAME      STATE           VERSION
* Ubuntu    Running         2

(inside WSL) ❯ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS
                                                                                           NAMES
aaad5f11ad16        couchbase:community   "/entrypoint.sh couc…"   17 minutes ago      Up 4 minutes        0.0.0.0:8091-8096->8091-8096/tcp, 0.0.0.0:11207->11207/tcp, 0.0.0.0:11210-11211->11210-11211/tcp, 18091-18096/tcp   couchbase

Everything seems to work, I can connect to localhost:8091 from the Windows Host, I can setup the Couchbase and if I try to connect to the different ports exposed by the container, things look nice and clear:

(from Windows) ❯ Invoke-RestMethod -Uri http://localhost:8092

couchdb version couchbase
------- ------- ---------
Welcome         6.5.0-4966-community

(from Windows) ❯ Invoke-RestMethod -Uri http://localhost:8093
Invoke-RestMethod: 404 page not found

(from Windows) ❯ Invoke-RestMethod -Uri http://localhost:8094
Invoke-RestMethod: {"error":"Page not found","status":"fail"}

The problem is that if I try to connect to the same ports using a Java server that I'm building, I get a Timeout, 100% of times.

It worked until yesterday if I put the IP address of the WSL VM instead of localhost in the configuration file of my server (not the best solution, but at least it worked), then I updated the kernel of the WSL - because I was forced to - and it stopped working.

Even after restarting the lxssservice the problem persists.

The only thing that works is if I start the docker container with --net=host but then I can't start multiple instances of the same container because of the ports binding..

I don't know if it's related but when I run a netstat on the WSL machine it seems like only tcp6 bindings have been created but it seems to work if I force a tcp4 connection:

(from WSL) ❯ sudo netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::11207                :::*                    LISTEN      1510/docker-proxy
tcp6       0      0 :::11210                :::*                    LISTEN      1496/docker-proxy
tcp6       0      0 :::11211                :::*                    LISTEN      1481/docker-proxy
tcp6       0      0 :::8091                 :::*                    LISTEN      1593/docker-proxy
tcp6       0      0 :::8092                 :::*                    LISTEN      1579/docker-proxy
tcp6       0      0 :::8093                 :::*                    LISTEN      1566/docker-proxy
tcp6       0      0 :::8094                 :::*                    LISTEN      1552/docker-proxy
tcp6       0      0 :::8095                 :::*                    LISTEN      1538/docker-proxy
tcp6       0      0 :::8096                 :::*                    LISTEN      1524/docker-proxy
(from WSL) ❯ telnet -4 localhost 8091
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet>

If someone has a better solution than the --net=host I'm all ears..

Thank you everyone in advance, small bugs aside, WSL (and WSL 2 in particular) is what made me get back to Windows as my daily driver.

[jishi]

I had the same problem, and it turned out that WSL2 only binds to ipv6 localhost ([::1]) and not ipv4 localhost (127.0.0.1). It took me a while to figure out, because some applications default to ipv6 resolve first, and other apps (like node.js) defaults to ipv4 lookup. Hence, the host localhost works in your browser, but not in, lets say, node.js. I'm thinking Java does the same, since you are experiencing this problem.

I resorted to using the ipv6 localhost url, http://[::1]:8091 and it just worked.

When you test in WSL2 and connect to localhost with -4 flag, it works because from the WSL side of things it is acessible both via ipv4 and ipv6. From my experience, even if it lists only ipv6 listings in netstat, it does still listen on ipv4, but maybe this is actually the problem, the Windows bridge only forward traffic for the netstat listing and errorneously only binds ipv6 from the host into the WSL subsystem.

I hope this helps.

[koying]

As doing a search on a similar issue brought me here

The workaround [::1] works for ipv6-enabled app, but if you need ipv4, an option is to use the WSL2 subsystem ip adress instead, i.e. the adress returned by doing a ifconfig inside wsl.

$ ifconfig
eth0: flags=4163  mtu 1500
[...]
        inet 172.19.171.88 netmask 255.255.240.0  broadcast 172.19.175.255
[...]

Still quite inconvenient as I think this address changes at every restart of WSL.

[icorbrey]

@koying The subsystem IP did not work for me, but using the IPv6 loopback address like @jishi recommended works perfectly!

[koying]

Oh sure. My workaround is only for non-ipv6 enabled apps.

[icorbrey]

Ah, that makes sense

[otavionetoca]

It worked for me @jishi thanks!

[rvangala936]

I have tried ip address of both "ip from ifconfig inside wsl" and "http://[::1]:port" and neither worked for "Ubuntu-20.04" on Windows 10 via Wsl2

[BrianLeishman]

If you're using MySQL Workbench, make sure to leave out the brackets and use ::1 as the host

[canove]

I resorted to using the ipv6 localhost url, http://[::1]:8091 and it just worked.

In my case, MySQL Workbench is the only SQL Viwer app that works with localhost. Beekeeper Studio was not working, even with WSL IP 172.X.X.X.

Using IPV6 localhost ::1 works like a charm!

[angrygorilla]

As doing a search on a similar issue brought me here

The workaround [::1] works for ipv6-enabled app, but if you need ipv4, an option is to use the WSL2 subsystem ip adress instead, i.e. the adress returned by doing a ifconfig inside wsl.

$ ifconfig
eth0: flags=4163  mtu 1500
[...]
        inet **172.19.171.88** netmask 255.255.240.0  broadcast 172.19.175.255
[...]

Still quite inconvenient as I think this address changes at every restart of WSL.

thank you this was helpful.....

[afcruzs]

Has anybody make this work on Ubuntu-20.04?

[tristan-curve]

Has anybody make this work on Ubuntu-20.04?

Same issue as well for me on Ubuntu-20.04 can't connect to docker with any of the suggestions above

[kAlvaro]

The IPv6 workaround (::1) works fine for me on Ubuntu 20.04 LTS.

[beriloqueiroz]

@massix
run the command on ubuntu:
ip addr | grep -E "\binet.global" | sed -E "s/inet(.)/./\1/"

result example:
172.29.51.119
172.17.0.1
172.18.0.1

get the first -> 172.29.51.119

run the command in the shell windows as an administrator (the port, for example, is 3333):
netsh interface portproxy add v4tov4 listenport=3333 listenaddress=0.0.0.0 connectport=3333 connectaddress=172.29.51.119

listenport is the windows port
listenaddress is the windows address, usually 0.0.0.0
connectport is the ubuntu port
connectaddress is the int ip ubuntu

[efcjunior]

Why cannot I run curl 172.17.16.1:2375 in wsl2 ubuntu with docker desktop for windows?

I got 172.17.16.1 IP in this file /etc/resolv.conf on wsl2/ubuntu.

I tried to create a interface portproxy like this netsh interface portproxy add v4tov4 listenport=2375 listenaddress=0.0.0.0 connectport=2375 connectaddress=172.17.16.1, but I got error curl: (52) Empty reply from server.

if I execute the command docker -H 172.17.16.1:2375 ps, displays this error during connect: Get http://172.17.16.1:2375/v1.24/containers/json: EOF

My problem began when I download code and executed on it the fabric8io/docker-maven-plugin. From here, I looked at all forums and google search results, but without success.

Is there any idea how could I proceed with this problem?

best regards,
efcjunior

[storm1er]

More than one year after and the problem still exist.

I used the upload diagnostic tools: 53A83A43-5D21-4978-846F-3FD11662A256/20211206133132

EDIT:
I think there's more than this, I ended up removing docker and wsl then reinstalling.
Still doesn't work.

[hijkzzz]

Me too, this is a serious problem

[Trenrod]

I stopped hoping for a fix. As I fear MS will only offer this "premium" feature only over its "freemium" docker desktop :(.

[boyang9602]

Same problem.
Windows 11, WSL2 Ubuntu 20.04, Docker for windows WSL2 backend (https://docs.docker.com/desktop/windows/wsl/)
I can curl localhost:<port> inside the container. But I cannot access it in either WSL2 using curl or browser of the windows host.
I tried the following things:

1. Add the port to Inbound rules on Windows firewall
2. Use the address of WSL2 instead of localhost or 127.0.0.1
3. Also tried the ipv6 address

[befabry]

Still having the problem. I was able to make it work on my Ubuntu work laptop, but it's not working on my personal computer. Works on Linux.

• WSL 2
• Windows 10
• Content from React is served,
• PostgreSQL database reachable,
• Can't reach the NestJS server listening on port 0.0.0.0 inside the Docker container
• Port 3000 (React) & 3001 (Nest) allowed in the Firewall

Edit:
I made the decision to switch to Linux, I'd rather deal with Linux incompatibilities and sketchiness than Windows one. It's been 2 years this is open. I'm out.

[prodkt]

This is still happening.

[crimini]

Explicitly bind the port of the server in the docker container to the port of the WSL2.
So in docker run file add
-p 80xx:80xx => (port in WLS2 binds to port in docker container).
Now your docker is visible in Windows.
This seems to work for me. For some reason the professional edition works effortlessly with
--network=host
in docker run

[nathanieltagg]

Crimini:
The desire here is to directly access the docker internal network, as can be done on linux and MacOS. Binding the port with -p connects the host port to the container's port, but we wish to directly access the container's port. For example, some applications do not have predictable port numbers, but we do not wish to use --host=network because that might conflict with host ports.

[befabry]

@genyded My response was to switch all my computers to Linux. No regrets.

[herbat73]

I wasted 2 days trying with Docker on Windows 11 Pro with WSL.

Here is what I did in my case:

1. run wsl on command prompt
2. run ipconfig
3. get address from network interface eth0 (I had 2 intefaces, eth0 and lo, lo - loopback inteface does not work for me from outside wsl)
4. connect by address from eth0 inteface with your port

One usefull hint. From Powershell you can check proxies and get the address you are looking for.

netsh interface portproxy show v4tov4

[genyded]

We're using Laravel and this is a MAJOR issue because any work-around screws up all the URL's for links and routing. Is anyone form Microsoft even looking into this? How hard can it be to bind to IPv4 and then IPv6? They hack together WSL so we can even begin to use Docker on THIER OS and then leave us stranded unable to develop and test apps using it. I am trying to convince our CEO to move to mac for dev solely because of this issue, but he is hung up on the $$ difference. Guess it's true though, you do get what you pay for. 3 YEARS LATER AND NOT A PEEP FROM MICROSOFT ON THIS ISSUE.

[Yueyi-Shaw]

this problem still exist on Ubuntu 20.04

[wenion]

Hi Yueyi, I also encountered this issue. But I have fixed it through updating the latest version. Maybe you can go to https:/microsoft/WSL/releases and download and install the latest msixhundle file under the Asset attachment.

[Yueyi-Shaw]

Hi Yueyi, I also encountered this issue. But I have fixed it through updating the latest version. Maybe you can go to https:/microsoft/WSL/releases and download and install the latest msixhundle file under the Asset attachment.

oh,thank you, I will have a try.

[nervousapps]

Hi, I can connect to my container from another host on my private network by following this https://www.it-connect.fr/wsl-2-port-forwarding-comment-acceder-a-sa-machine-virtuelle-a-distance/

What I have done :

• netsh interface portproxy add v4tov4 listenport=<port d'écoute sur la machine Windows> listenaddress=0.0.0.0 connectport=<port de destination sur la machine Linux> connectaddress=<adresse IP machine Linux>

• New-NetFireWallRule -DisplayName 'WSL 2' -Direction Outbound -LocalPort "<port d'écoute sur la machine Windows>" -Action Allow -Protocol TCP

• New-NetFireWallRule -DisplayName 'WSL 2' -Direction Inbound -LocalPort "<port d'écoute sur la machine Windows>" -Action Allow -Protocol TCP

Hope it will help :)

[anadi]

Cant believe this is still open. What a waste the windows hardware is proving to be for devs

[gustavotoyota]

Just bumped into this problem.

Impossible to start my Docker container on Windows:

C:\Users\gusta> docker start 37ad37d59367b1978d7c8e823be19dbf2a2b48f9d798868bc09d59971085b1ec
Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:50922 -> 0.0.0.0:0: listen tcp 0.0.0.0:50922: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
Error: failed to start containers: 37ad37d59367b1978d7c8e823be19dbf2a2b48f9d798868bc09d59971085b1ec

[jwhipp]

Any updates on this? I've tried the pre-release (1.3.14) to no avail. This complicates using WSL for development with Docker Desktop.

[usikpavel]

Just bumped into this problem.

Impossible to start my Docker container on Windows:

C:\Users\gusta> docker start 37ad37d59367b1978d7c8e823be19dbf2a2b48f9d798868bc09d59971085b1ec
Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:50922 -> 0.0.0.0:0: listen tcp 0.0.0.0:50922: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
Error: failed to start containers: 37ad37d59367b1978d7c8e823be19dbf2a2b48f9d798868bc09d59971085b1ec

I had the same problem.

(I'm not sure, but I think, that) Solution for me was to check and disable some "unplugged" virtual Network Adapters.

Details.

1. I had Windscribe VPN on the host. When installed, it creates several virtual adapters (Windscribe VPN, Windscribe Windtun420). I've disabled both, and problem was sovled.
2. On the other hand, I have several disconnected OpenVPN adapters. They don't affect this problem.

[kanine]

@nervousapps re:fix Thank you so much, I knew there had to be a firewall issue, the documentation did not mention the two firewall rules you added.

Perhaps this needs updating: https://learn.microsoft.com/en-us/windows/wsl/networking#accessing-a-wsl-2-distribution-from-your-local-area-network-lan

The other error in that page is it says to use wsl hostname -i to get the WSL Host IP but it should say wsl hostname -I

Note: I found this looking for a solution to how to connect to your Docker Apps over the LAN with WSL. I was connecting from the host just fine, it was specifically over LAN that was my issue until now! Thanks!

[themustafaomar]

After a whole day of pulling hair out, solved my issue (in my case it was a Vite project) by switching from this:

"scripts": {
    "dev": "vite",
    ...
},

To this:

"scripts": {
    "dev": "vite --host 0.0.0.0",
    ...
},

Now I can access the project in the browser using http://localhost:5173 as normal.

Docker command:

docker run -d -p 5173:5173 --name vue-app-container vue-app

[sarthikg]

After a whole day of pulling hair out, solved my issue (in my case it was a Vite project) by switching from this:

"scripts": {
    "dev": "vite",
    ...
},

To this:

"scripts": {
    "dev": "vite --host 0.0.0.0",
    ...
},

Now I can access the project in the browser using http://localhost:5173 as normal.

Docker command:

docker run -d -p 5173:5173 --name vue-app-container vue-app

This worked like a charm. Change the app host to bound to 0.0.0.0 instead of the default localhost or 127.0.0.1.

[robinloxley1]

bind your docker app host to 0.0.0.0, other than 127.0.0.1 works to me.
wsl: ubuntu
windows: 11
docker image tested: mlflow docker run -it --rm -p 5000:5000 ghcr.io/mlflow/mlflow mlflow ui -h 0.0.0.0
result: from windows browser, I can access locahost:5000

[deadcoder0904]

this worked for me. why is microsoft so useless in trying to fix such a basic issue?

its been 4 years guys. common now.

[General4077]

Saw the same issue on Windows 10 with wsl Ubuntu-20.04. This doc solved for me. it boils down to the first command of @nervousapps answer

[ismaelhamed]

Much of the networking problems I've encountered with WSL2 and Docker for Windows over the years went away when I switched to Mirrored mode networking.

[wsl2]
networkingMode=mirrored
dnsTunneling=true
autoProxy=true

Then, you can, for instance, access your Windows host from Linux using 127.0.0.1. Additionally, dnsTunneling and autoProxy can also help if you're behind a corporate proxy.

[evilmonkey19]

This bug is really annoying! 😠 Common, it's only Windows the only who do this. It should imitate Linux but it doesn't in this way.

Anyway, for the folks who are developing on python i suggest the following:

1. There is library that you can use to detect when you are in docker called detect: https://pypi.org/project/detect/
2. In the standard python library there is a library called platform
3. If you want to detect when using docker in WSL2 you can the following:

import platform
import detect

if detect.docker and "WSL2" in platform.release():
   # Bind to 0.0.0.0 instead of 127.0.0.1

Please @microsoft solve this bug. A lot of people is waiting for you and we don't like to be fooled.

[happyday326]

I am using windows docker desktop v4.33.1. There's a feature in settings > features in development > beta features >enable host networking. It works for me with the feature enabled.

[Bugsbugme]

@massix run the command on ubuntu: ip addr | grep -E "\b_inet.global" | sed -E "s/inet(.)/._/\1/"

result example: 172.29.51.119 172.17.0.1 172.18.0.1

get the first -> 172.29.51.119

run the command in the shell windows as an administrator (the port, for example, is 3333): netsh interface portproxy add v4tov4 listenport=3333 listenaddress=0.0.0.0 connectport=3333 connectaddress=172.29.51.119

listenport is the windows port listenaddress is the windows address, usually 0.0.0.0 connectport is the ubuntu port connectaddress is the int ip ubuntu

I know this is super old lol, but this fixed my problem!
My problem is I have been trying to run a Plex server in a docker container, inside WSL Ubuntu. I wasn't able to enable remote access because my router obviously can only route traffic to my Windows host, but then Windows couldn't route the traffic to the docker container. (at least that's how I see it in my head, I don't know if that's accurate 😅)

This seems like port forwarding, but between Windows and the docker container. Which makes sense. I figured it would be something like that but didn't know how to actually do it.