Skip to content

Troubleshooting / External Network Cannot Access This System

The system itself is running normally, but external access fails, which is mostly due to network issues.

Specific symptoms include:

  1. Using curl -i http://127.0.0.1:8088 on the deployment server returns a 302 redirect message:
HTTP
1
2
3
4
5
6
7
8
9
HTTP/1.1 302 Found
Location: /client-app
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 33
Date: Wed, 25 Aug 2021 14:23:02 GMT
Connection: keep-alive

Found. Redirecting to /client-app
  1. Using curl http://127.0.0.1:8088/api/v1/do/ping on the deployment server returns 200 normal data:
HTTP
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
HTTP/1.1 200 OK
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Trace-Id: TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C
X-Request-Time: 2021-08-25T14:24:00.239Z
X-Response-Time: 2021-08-25T14:24:00.241Z
X-Request-Cost: 2
Content-Type: application/json; charset=utf-8
Content-Length: 192
ETag: W/"c0-Wb2YFtp16lA4mB7Xh7SpYumGNog"
Date: Wed, 25 Aug 2021 14:24:00 GMT
Connection: keep-alive

{"ok":true,"error":200,"message":"","data":"pong","traceId":"TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C","reqTime":"2021-08-25T14:24:00.239Z","respTime":"2021-08-25T14:24:00.241Z","reqCost":2}
  1. Using curl -i http://{server address}:8088 on other devices results in no response or directly returns a connection refusal.

Such issues are mostly network-related and not related to DataFlux Func itself.

The following content is merely a record of some possible solutions.

1. Incorrect IP / Domain Name Resolution

Try to ping the server where DataFlux Func is located from another device to confirm if the IP and domain name are correct.

This can be resolved by modifying DNS or editing the /etc/hosts configuration according to the actual network situation.

2. Incorrect Firewall or Security Configuration

Including but not limited to:

  1. Incorrect firewall configuration
  2. Incorrect Alibaba Cloud ECS security group configuration
  3. Incorrect reverse proxy server or Alibaba Cloud SLB configuration

First, check the ports currently open for deployment:

Bash
1
grep '8088' {installation directory}/docker-stack.yaml

The returned content should be:

Text Only
1
- "{open port}:8088"

{open port} default is 8088

Check and modify the network environment to allow external access to the server port.

3. Conflict Between Local Network and Automatically Created Ingress Subnet

You can use the following command to check:

Bash
1
sudo docker network inspect ingress

Check if the IPAM / Config / Subnet value matches the local network:

JavaScript
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[
    {
        "Name": "ingress",
        "Id": "adinmn5ww9q3vqo0wbse2jn1s",
        "Created": "2021-08-21T07:46:47.534343555Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.0.0/16", // 【Here】
                    "Gateway": "10.0.0.1"
                }
            ]
        },
    },
    ...

If there is a conflict, you can modify it as follows:

  1. Stop DataFlux Func
  2. Delete the existing network: sudo docker network rm ingress
  3. Rebuild the network: docker network create --driver overlay --ingress --subnet 10.255.0.0/16 --gateway 10.255.0.1 ingress

  4. Start DataFlux Func

  5. Reference Document: Docker Swarm Default Address Pool

  6. Reference Document: Customizing Docker Ingress Network Configuration

4. Missing Kernel Forwarding Configuration

This issue has been found in CentOS systems, but it is rarely encountered in most cases.

You can confirm the forwarding configuration as follows:

Bash
1
cat /proc/sys/net/ipv4/ip_forward
  1. If the above command returns 1, forwarding is already enabled.
  2. Otherwise, you can enable forwarding with the following command:
Bash
1
echo 1 > /proc/sys/net/ipv4/ip_forward