Skip to content

Troubleshooting / External Network Cannot Access the System

When the system itself is running normally but cannot be accessed externally, it is mostly due to network issues.

Specific manifestations include:

  1. On the deployment server, using curl -i http://127.0.0.1:8088 returns a 302 redirect:
HTTP
1
2
3
4
5
6
7
8
9
HTTP/1.1 302 Found
Location: /client-app
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 33
Date: Wed, 25 Aug 2021 14:23:02 GMT
Connection: keep-alive

Found. Redirecting to /client-app
  1. On the deployment server, using curl http://127.0.0.1:8088/api/v1/do/ping returns 200 normal data:
HTTP
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
HTTP/1.1 200 OK
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Trace-Id: TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C
X-Request-Time: 2021-08-25T14:24:00.239Z
X-Response-Time: 2021-08-25T14:24:00.241Z
X-Request-Cost: 2
Content-Type: application/json; charset=utf-8
Content-Length: 192
ETag: W/"c0-Wb2YFtp16lA4mB7Xh7SpYumGNog"
Date: Wed, 25 Aug 2021 14:24:00 GMT
Connection: keep-alive

{"ok":true,"error":200,"message":"","data":"pong","traceId":"TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C","reqTime":"2021-08-25T14:24:00.239Z","respTime":"2021-08-25T14:24:00.241Z","reqCost":2}
  1. On other devices, using curl -i http://{server address}:8088 does not respond or directly returns a connection refusal.

Such issues are mostly network-related and have nothing to do with DataFlux Func itself.

The following content is only a record of some possible solutions.

1. Incorrect IP / Domain Resolution

Try to ping the server where DataFlux Func is located from other devices to confirm if the IP and domain are correct.

You can resolve this by modifying DNS or /etc/hosts configuration, depending on the actual network situation.

2. Incorrect Firewall or Security Configuration

Including but not limited to:

  1. Incorrect firewall configuration
  2. Incorrect Alibaba Cloud ECS security group configuration
  3. Incorrect reverse proxy server or Alibaba Cloud SLB configuration

First, check the currently open ports:

Bash
1
grep '8088' {installation directory}/docker-stack.yaml

The returned content is:

Text Only
1
- "{open port}:8088"

{open port} defaults to 8088

Check and modify the network environment to allow external access to the server's port.

3. Local Network Conflict with Automatically Created Ingress Subnet

You can check with the following command:

Bash
1
sudo docker network inspect ingress

Check if the IPAM.Config.Subnet value is the same as the local network:

JavaScript
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
[
    {
        "Name": "ingress",
        "Id": "adinmn5ww9q3vqo0wbse2jn1s",
        "Created": "2021-08-21T07:46:47.534343555Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.0.0/16",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
    },
    ...
]

If duplicated, you can modify it in the following way:

  1. Stop DataFlux Func
  2. Delete the existing network: sudo docker network rm ingress
  3. Recreate the network: docker network create --driver overlay --ingress --subnet 10.255.0.0/16 --gateway 10.255.0.1 ingress

  4. Start DataFlux Func

  5. Reference Guide: Docker Swarm Default Address Pool

  6. Reference Guide: Docker Ingress Network Custom Configuration

4. Missing Kernel Forwarding Configuration

This issue has been found in CentOS systems but is not commonly encountered.

You can confirm the forwarding configuration with the following command:

Bash
1
cat /proc/sys/net/ipv4/ip_forward
  1. If the above command returns 1, forwarding is already enabled.
  2. Otherwise, you can enable forwarding with the following command:
Bash
1
echo 1 > /proc/sys/net/ipv4/ip_forward