https://rancher.com/ logo
Join Slack
Powered by
i've started a docker container to debug some node...
# rancher-desktop
q
i've started a docker container to debug some node stuff... now i want to use node inspector (
--inspect-brk
) with chrome://inspect to connect from my host (mac, m1, Sequoia). I don't want to kill my container and recreate it since i did a lot of file system modifications to set up my world as well as env tweaks to get things to where they are. is there a way to make things happy?
f
I have never tried this, but if you can install an ssh client inside your container, you could create a tunnel to the VM, or directly to the host, and try to connect to that
Untested: 
ssh -L 9229:192.168.5.2:9229 localhost
q
How did you pick that ip address? And which direction am I looking? I had kinda imagined something like that (and did install openssh-server in the docker container where I'm doing work)
f
The IP address is the address of the host from inside the VM. It should be the same as 
host.docker.internal
, maybe I should have used the symbolic name.
This command is creating the tunnel from inside the container, so it would connect to the sshd on the host; it would just need the ssh client inside the container.
Of course you either need to allow password auth on the host, or copy some keys around
And I want to point out again that I didn't test it, so I may be making a thinko here
q
[m1sonoma] >[limaalpine]->[docker-instance:ubuntu]
you want me to run that command on lima?
(all 3 have ssh-client+ssh-server)
f
You cannot connect to the container if it doesn't expose the port. But you can create a tunnel from inside the container to the host, and then you connect to localhost from chrome://inspect (or that is my idea)
q
yeah, i more or less understand how the forwarding stuff works outside this context and the lack of the exposed port
but it seems like i should be running the command from ubuntu and targeting ... sonoma?
f
If you had exported the port, it would be forwarded automatically. You are now just doing the same thing manually
You need to run it from inside the container to break out.
Think of it as a computer behind NAT, with no port forwarding defined in the router: the computer behind NAT needs to reach out to establish the connection. Then you can talk both ways
q
i seem to have killed things
f
😞
q
Copy code
jsoref@jsoref-mbp ~ % docker ps
Cannot connect to the Docker daemon at unix:///Users/jsoref/.rd/docker.sock. Is the docker daemon running?
Copy code
prettier@324aaa6d95f7:~/.ssh$ time="2025-08-11T15:28:19-04:00" level=error msg="error waiting for container: unexpected EOF"
f
So is the VM dead? Or the container dead?
q
rdctl shell
is happy-ish
f
And 
rdctl shell docker ps
?
q
Copy code
lima-rancher-desktop:/Users/jsoref/code$ docker ps
CONTAINER ID   IMAGE           COMMAND   CREATED       STATUS       PORTS     NAMES
324aaa6d95f7   debian:trixie   "bash"    5 hours ago   Up 5 hours             bold_fermat
lima-rancher-desktop:/Users/jsoref/code$ docker exec -it 324aaa6d95f7 bash
root@324aaa6d95f7:/#rancher-desktop
so it feels like it's just the normal ssh forwards that died
Copy code
jsoref@jsoref-mbp code % ps aux|grep ssh
jsoref           33836   0.0  0.0 426846096   1808   ??  S    Wed11AM   0:00.88 /usr/bin/ssh-agent -l
jsoref           10964   0.0  0.0 410732592   1472 s086  S+    3:34PM   0:00.00 grep ssh
jsoref           10753   0.0  0.0 411069920  31824   ??  Ss    3:28PM   0:10.73 ssh: /Users/jsoref/Library/Application Support/rancher-desktop/lima/0/ssh.sock [mux]
f
Yeah, I think there is no way to re-establish the connection when it gets broken. That would need to be implemented in Lima
q
is there a ticket for that?
f
But you should still be able to create the tunnel from the container to the host
There may be some tickets for "ssh connection dies when host went to sleep" or similar, but nothing that could be reproed, just anecdotal evidence.
There is also a possibility that the ssh control channel gets overloaded and breaks because Lima multiplexes all connections over a single channel to avoid having to re-authenticate on each command.
Anyways, I don't want to talk about it right now. 😄
💚 1
Why don't you try to set up the tunnel and see if it works?
q
i'm trying
just slightly dizzy
so i'm ssh'ing from ubuntu to sonoma, right?
f
Oh, ubuntu is your container. Sorry, I was confused and somehow thought you were running Lima with a guest VM using Ubuntu. I have too many interleaved conversations
So yes, ssh from the container to the macOS host
q
for whatever reason, it really doesn't like that
i created an ssh private+public key pair in ubuntu and added the public key to my authorized keys
i think the hostname you gave me is for lima (alpine) ?
oh wait
i'm ssh'ing ubuntu to ubuntu?
ok, let's try that
chrome://inspect/ definitely doesn't see it w/ that
Copy code
root@324aaa6d95f7:~/.ssh# ssh -L 9229:host.docker.internal:9229 localhost
Linux 324aaa6d95f7 6.6.93-0-virt #1-Alpine SMP PREEMPT_DYNAMIC 2025-06-09 11:51:57 aarch64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Aug 11 19:43:28 2025 from ::1
root@324aaa6d95f7:~#
it feels more likely that i'd want an ssh from ubuntu to alpine with a 
-R
instead of a 
-L
but maybe because these are all almost the same computer it doesn't matter
f
I'm trying to run it myself, give me a couple of minutes
❤️ 1
Ok, I got the direction reversed. Here is what worked for me to forward an nginx port to 8888 on the host:
Copy code
ssh -N -R 8888:localhost:80 jan@host.docker.internal
Copy code
❯ curl localhost:8888
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
It needs to be a reverse tunnel. And 
-N
is needed to prevent it from running your shell profile
q
so, i'm connecting from ubuntu to alpine
f
No you are connecting from Ubuntu to macOS
q
got it, thanks!
f
Copy code
❯ docker run -d -p 5500:80 --restart=always --name=nginx nginx
970873a337493f494d08cec1603fcfc8c5aac5cd6cd44d96de2b89a12c94e320
❯ docker exec -it nginx bash
root@970873a33749:/# apt update
root@970873a33749:/# apt install -y openssh-client
root@970873a33749:/# ssh -N -R 8888:localhost:80 jan@host.docker.internal
This is what I did to set it up. Then I could curl nginx from macOS from both 5500 and 8888
q
yeah, i'm in chrome talking to this node thing
👍 1
now i just need to crawl through node
f
Yeah, I don't want to hear about that part 😛
q
the trick is keeping the three hosts straight and figuring out where i'm sending data
decades ago i did lots of fancy ssh forwarding
f
I gave you the connection so I think my job is done 😄
q
oh, definitely
6 Views
Open in Slack
PreviousNext
Powered by