WSL: make host.docker.internal work

[ppiotrow]

For feature requests, describe what you'd like to add or change
host.docker.internal works and behaves like in Docker Desktop
https://docs.docker.com/desktop/windows/networking/

[mattfarina]

Ports are mapped to localhost. Have you tried connecting to your containers on localhost?

[ppiotrow]

kubectl port-forward -n minio-app service/minio 10101:80
I can open localhost:10101 on my local macOS machine but I'm unable to reach localhost:10101 from inside running container. With Docker Desktop I could connect to host.docker.internal:10101 from inside container.

[jandubois]

@ppiotrow Please confirm that this is about the Windows version. I assume @mattfarina has set the platform/windows label based on you providing a URL to Docker for Windows, but I want to make sure we are all talking about the same platform.

[ppiotrow]

I'm on MacOS

[alsolh]

i am on windows and the host is not reachable from within a container, any changes I need to do after installing rancher desktop?

[djfoxer]

Any update about how to call host (Windows) from container? If host.docker.internal isn't available, maybe there is any workaround for that?

[jandubois]

I'm on MacOS

On macOS you can currently use host.lima.internal.

We should implement host.docker.internal for compatibility on all platforms.

[jandubois]

On Windows it looks like the recommended way to determine the host IP is to extract it from /etc/resolv.conf from the nameserver field:

export HOST_IP=$(cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f 2)

[jandubois]

From Rancher Users Slack:

Thanks, but none of those worked for me, but I found that if I used any of the ips from the wsl -d rancher-desktop ip route, it works.

[jandubois]

See also #1000 (comment)

[jandubois]

From Rancher Users Slack:

Hmmm... even using the IP from wsl, I still don't have my container able to reach my Windows host unless I also do this command on the host (as Admin):

netsh interface portproxy add v4tov4 listenport=9080 listenaddress=%WIN_IP% connectport=9080 >connectaddress=localhost

I had to do that for podman under WSL, but was hoping that would no longer be the case here

[mook-as]

For WSL, it looks like (assuming it's generating /etc/hosts) it copies over the system hosts file; this means we "just" need to fix it on the Windows side. However, that's only writable by administrators…

[dougbreaux]

Another way to get the IP that works for me:

netsh interface IP show addresses "vEthernet (WSL)"

Or filter further with

netsh interface IP show addresses "vEthernet (WSL)" | findstr "IP"

Or with Powershell

Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "vEthernet (WSL)" | Select-Object -ExpandProperty IPAddress

[mook-as]

If we only update the hosts file in the rancher-desktop distribution, then we won't need to elevate, but that means you can't connect to it from Windows / other WSL distributions.

If we do update it system-wide, then we'll need administrator privileges (which probably means we want to have a Windows service that the front end can start). We can set the service permissions if necessary. However, that would mean we need to install the application as an administrator (so there will be some migration). This will probably not happen in the short term.

I'll get started on the first (container-only) solution, at least.

[gaktive]

This also needs to be investigated for macos in a separate ticket.

[kingrichard2005]

Hello, I'd posted on the separate 1490 issue, but felt it was related in that the discussed workaround for at least on Windows involved manually editing the hosts file.

Docker-Desktop issue 249 goes back even further (circa 2016) and discusses similar (Windows) host file edits as a workaround. In that same context, they also confirm the issue was fixed in an upcoming release of Docker-Desktop at the time.

Could that same, or similar, fix be adopted in Rancher Desktop in order to make host.docker.internal work in a similar way?

[jandubois]

Could that same, or similar, fix be adopted in Rancher Desktop in order to make host.docker.internal work in a similar way?

I believe we have a working solution for host.docker.internal in the next release, so I don't think we are looking for an alternate solution, unless there is something wrong with the current (new) approach.

For the release after the next we are likely to switch to a different stub resolver, that is already used on Rancher Desktop for Linux and macOS, which will handle lookup with split-DNS configurations correctly. That one will also have support for host.docker.internal built-in.

[kingrichard2005]

Could that same, or similar, fix be adopted in Rancher Desktop in order to make host.docker.internal work in a similar way?

I believe we have a working solution for host.docker.internal in the next release, so I don't think we are looking for an alternate solution, unless there is something wrong with the current (new) approach.

For the release after the next we are likely to switch to a different stub resolver, that is already used on Rancher Desktop for Linux and macOS, which will handle lookup with split-DNS configurations correctly. That one will also have support for host.docker.internal built-in.

Really appreciate the quick follow-up @jandubois and great to hear this will be resolved in the next release of Rancher Desktop. I'm helping test Rancher Desktop for my team and DNS issues when pulling from our group's private image repos over our VPN is the main item I'm having issues with and is keeping me coming back to Docker Desktop.

Also just clarifying, but is "the current (new) approach" referring to having to edit the /etc/hosts file?

[jandubois]

Also just clarifying, but is "the current (new) approach" referring to having to edit the /etc/hosts file?

No, on Windows we will be running dnsmasq inside the distro, and the name will will be defined in the dnsmasq config file. /etc/resolv.conf inside the distro will point to this dnsmasq instance, so the name will be resolved before we ever need to query the Windows /etc/hosts. We also filter the Windows /etc/host to make sure none the host.docker.internal name will not be imported into the /etc/hosts inside the distro.

[dougbreaux]

I definitely have this resolving under a Rancher Desktop shell, and I thought it resolved under my container running under RD at one point, but it definitely isn't now...

It might be that it resolved when I first ran nerdctl run..., but not now when running nerdctl start to restart a container I'd stopped earlier.

Except, I just rebuilt an image and ran it, and the name resolved. Then I stopped and started the container, and it still resolved. So I'm not sure what's different.

[wesleyscholl]

I'm on MacOS

On macOS you can currently use host.lima.internal.

We should implement host.docker.internal for compatibility on all platforms.

Thank you for this, I've been searching for a solution for more than a month. Finally I can talk to localhost!