dockerdrupalmariadbfirewalld

Drupal Container not connecting to MariaDB container

OS: CentOS 8

Docker Containers: drupal:latest & mariadb:latest

I've been trying to learn Docker containerization by making a Drupal container connect to a MariaDB container for almost two weeks now, and couldn't figure out what was wrong.

I just ran: systemctl stop firewalld and it finally worked! Yes, I know this is a bad thing to do, which is why I'm here. None of the tutorials I've found said anything about opening firewall ports for docker.

I did find a few online tutorials, specifically for opening docker services, but none of them worked. Most of them told me to run: firewall-cmd --permanent --zone=trusted --add-interface=docker0, but that didn't work. It was only when I shut down the firewall completely that the install actually started working.

Can any one please explain what I need to run to keep the firewall running, but allowing the containers to communicate with each other? It would also help if you gave a brief explanation as to what each command is doing, as firewall rules are still kind of cryptic to me.

Here's what I've run to set this up:

docker network create -d bridge meow

docker run \
-e MYSQL_ROOT_PASSWORD=admin \
-e MYSQL_DATABASE=drupal \
-e MYSQL_USER=drupal \
-e MYSQL_PASSWORD=drupal \
--network meow \
--name mariadb \
-d mariadb:latest

docker run \
-p 80:80 \
--network meow \
--name drupal \
-d drupal:latest

systemctl stop firewalld

Please note, I want to learn how docker works before I add new tools like docker-compose. So I may be trying to do this the hard way (I don't know yet), but I would just like to figure this out before I learn new things.

Thanks.

Solution

  • OK, for some reason this worked.

    firewall-cmd --permanent --zone=trusted --change-interface=docker0

    firewall-cmd --permanent --zone=public --add-masquerade

    firewall-cmd --reload

    systemctl restart docker

    UPDATE: I found some more information that helped explain why this worked:

    Docker and Fedora 32

    The first command will add the Docker-interface to the trusted environment which allows Docker to make remote connections. The second command will allow docker to make local connections. This is particularly useful when multiple Docker containers are in as a development environment.