Skip to content

Troubleshooting / External Network Cannot Access the System

When the system itself is running normally but cannot be accessed externally, it is mostly due to network reasons.

Specific manifestations are:

  1. Using curl -i http://127.0.0.1:8088 on the deployment server itself returns a 302 redirect message:
HTTP
1
2
3
4
5
6
7
8
9
HTTP/1.1 302 Found
Location: /client-app
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 33
Date: Wed, 25 Aug 2021 14:23:02 GMT
Connection: keep-alive

Found. Redirecting to /client-app
  1. Using curl http://127.0.0.1:8088/api/v1/do/ping on the deployment server itself returns 200 normal data:
HTTP
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
HTTP/1.1 200 OK
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Trace-Id: TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C
X-Request-Time: 2021-08-25T14:24:00.239Z
X-Response-Time: 2021-08-25T14:24:00.241Z
X-Request-Cost: 2
Content-Type: application/json; charset=utf-8
Content-Length: 192
ETag: W/"c0-Wb2YFtp16lA4mB7Xh7SpYumGNog"
Date: Wed, 25 Aug 2021 14:24:00 GMT
Connection: keep-alive

{"ok":true,"error":200,"message":"","data":"pong","traceId":"TRACE-D2B2A855-3C28-4566-8EC5-5A2EDD85856C","reqTime":"2021-08-25T14:24:00.239Z","respTime":"2021-08-25T14:24:00.241Z","reqCost":2}
  1. Using curl -i http://{server address}:8088 on other devices yields no response, or directly returns a connection refused.

When such problems occur, most are network issues and are not related to DataFlux Func itself.

The following content is only a record of some possible solutions.

1. Incorrect IP / Domain Name Resolution

Try to ping the server where DataFlux Func is located from other devices to confirm if the IP and domain name are correct.

It can be resolved by modifying DNS or the /etc/hosts configuration, depending on the actual network situation.

2. Incorrect Firewall or Security Configuration

Including but not limited to:

  1. Incorrect firewall configuration
  2. Incorrect Alibaba Cloud ECS security group configuration
  3. Incorrect reverse proxy server or Alibaba Cloud SLB configuration

First, check the ports currently open for deployment:

Bash
1
grep '8088' {installation directory}/docker-stack.yaml

The returned content is:

Text Only
1
- "{open port}:8088"

The default {open port} is 8088

Check and modify the network environment to allow external access to the server's port.

3. Local Network Conflict with Automatically Created Ingress Subnet

You can check with the following command:

Bash
1
sudo docker network inspect ingress

Check if the IPAM.Config.Subnet value is the same as the local network:

JavaScript
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
[
    {
        "Name": "ingress",
        "Id": "adinmn5ww9q3vqo0wbse2jn1s",
        "Created": "2021-08-21T07:46:47.534343555Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.0.0/16",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
    },
    ...
]

If they are the same, you can modify it in the following ways:

  1. Stop DataFlux Func
  2. Delete the existing network: sudo docker network rm ingress
  3. Recreate the network: docker network create --driver overlay --ingress --subnet 10.255.0.0/16 --gateway 10.255.0.1 ingress

  4. Start DataFlux Func

  5. Reference: Docker Swarm Default Address Pool

  6. Reference: Docker Ingress Network Custom Configuration

4. Missing Kernel Forwarding Configuration

This issue has been found in CentOS systems, but in most cases, it has not been encountered.

You can confirm the forwarding configuration by:

Bash
1
cat /proc/sys/net/ipv4/ip_forward
  1. If the above command returns 1, it means forwarding is already enabled.
  2. Otherwise, you can enable the forwarding configuration as follows:
Bash
1
echo 1 > /proc/sys/net/ipv4/ip_forward