Windows-Containers icon indicating copy to clipboard operation
Windows-Containers copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Windows 11 Process Isolation of Windows Server 2022 (Preview) fails to expose/forward ports properly

Open robertoandrade opened this issue 1 year ago • 6 comments

Please fill out all the sections below for bug issues, otherwise it'll be closed as it won't be actionable for us to address.

Describe the bug According to the docs running Windows Server 2022 containers on Windows Client 11 host using Process Isolation is supported and it's currently in Preview mode. When I attempt to run a simple IIS container exposing port 80 I'm unable to get a response when attempting to connect on the host side of port 80. Doing it within the container works fine, switching to hyperv isolation works too but we wanted this specifically to run with process isolation so we can mount high I/O volumes within the container which are unusable when using hyperv isolation bind mounts.

To Reproduce Steps to reproduce the behavior:

  • Build a simple IIS container using the following Dockerfile: docker build -t test . 
FROM mcr.microsoft.com/windows/servercore:ltsc2022

RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart

RUN echo "Hello World - Dockerfile" > c:\inetpub\wwwroot\index.html

EXPOSE 80

CMD powershell -command "\
        Start-Job { \
            while ($true) { \
                Invoke-WebRequest -UseBasicParsing localhost; \
                Sleep 1; \
                netsh http flush logbuffer; \
            } \
        };\

        Sleep 2; \
        Write-Host 'Waiting for logs...'; \

        Get-ChildItem C:\inetpub\logs\LogFiles\w3svc1\ | Get-Content -wait \
    "

  • Run a container using process isolation from the built image mapping the exposed port 80: docker run -it --isolation=process -p 80:80 test

  • Attempt to access port 80 from the host:

    • curl -v http://localhost
    • curl -v http://127.0.0.1
    • curl -v http://[::1]
    • or any of the local IPs such as the nat interface created by docker.

Expected behavior Should be able to connect and receive a response from IIS.

Configuration:

  • Edition: Windows 11 22H2 OS Build 22621.2283
  • Base Image being used: Windows Server Core 2022 (mcr.microsoft.com/windows/servercore:ltsc2022)
  • Container engine: Docker
  • Container Engine version: 24.0.6

Additional context Doing the same on a Windows Server 2022 host works as expected with process isolation.

robertoandrade avatar Oct 04 '23 20:10 robertoandrade