bitcoinbitcoind

Can't connect to Bitcoin RPC from Docker Container

I'm trying to install bitfeed via docker and have it connect to bitcoin core running on the same host (on bare metal; outside of docker).

No matter what I try, bitfeed's "api" container gives me "connection refused" errors when trying to connect to bitcoin RPC and I'm trying to figure out how to allow RPC connections to the host from docker. Below is my bitcoin config as well as the docker-compose for the application i'm trying to get to talk to bitcoin--along with a bit more commentary on each.

Any help would be much appreciated!

Here is my bitcoin.conf. The starting point was a copypasta from the Raspibolt guide. As you can see my 'rpcallow...' is a bit of a mess as I keep trying to add more and more stuff to get this working!

# RaspiBolt: bitcoind configuration
# /home/bitcoin/.bitcoin/bitcoin.conf

# Bitcoin daemon
server=1
txindex=1

# Network
listen=1
listenonion=1
proxy=127.0.0.1:9050
bind=127.0.0.1


# Connections
rpcport=8332
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
rpcallowip=192.168.50.11 #trying the machine's IP address
rpcallowip=172.17.0.1/16 #the IP range for my docker0 network interface
rpcallowip=172.18.0.1/16 #the IP range for the bitfeed_default docker network
rpcauth=[user:passwordhash]
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
zmqpubsequence=tcp://127.0.0.1:28334
whitelist=download@127.0.0.1          # for Electrs

# Raspberry Pi optimizations
maxconnections=40
maxuploadtarget=5000

# Initial block download optimizations
#dbcache=2000
#blocksonly=1

And here is my docker-compose.yml for bitfeed. Note how network_mode: host is commented out. When I run this stack in host mode, I am indeed able to connect to bitcoin's RPC service on 8332... but I can't make it work when I let docker handle networking, which is preferable because I'd like to keep bitcoin core isolated from as much other stuff as possible.

version: "2.1"

services:
  web:
    image: ghcr.io/bitfeed-project/bitfeed-client:v2.3.4
    restart: on-failure
    stop_grace_period: 1m
    depends_on:
      - 'api'
    environment:
      TARGET: 'docker'
      BACKEND_HOST: 'api'
      BACKEND_PORT: '6000' 
    expose:
      - '3080:80' 

  api:
    image: ghcr.io/bitfeed-project/bitfeed-server:v2.3.4
    user: '1001:1001'
    restart: on-failure
    stop_grace_period: 1m
    volumes:
      - '/home/bitcoin/.bitcoin:/bitcoin:ro'
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    #network_mode: host 
    environment:
      PORT: '6000' 
      BITCOIN_HOST: 'host.docker.internal' 
      BITCOIN_ZMQ_RAWBLOCK_PORT: '28332'
      BITCOIN_ZMQ_RAWTX_PORT: '28333'
      BITCOIN_ZMQ_SEQUENCE_PORT: '28334'
      BITCOIN_RPC_PORT: '8332' 
      BITCOIN_RPC_COOKIE: /bitcoin/.cookie

Tried running the bitfeed stack in host networking mode, which did work, but is not my preferred setup.

Tried googling a bunch and adding various rules to bitcoin.conf and ufw but I feel like I'm trying the same stuff over and over, so I'm dropping back to punt!

Expected result: 'api' container of bitfeed app successfully connects to bitcoin RPC and syncs mempool Actual result: 'api' container throws error: connection refused when attempting the RPC connection

Solution

  • So it turns out this was an issue with my bitcoin.conf as I suspected. Below are my updated bitcoin.conf and the docker-compose.yml for the Bitfeed application.

    TL;DR I needed to rpcbind to 0.0.0.0 instead of 127.0.0.1. Feels pretty silly in hindsight! I'm not 100% sure that this is the optimal way to do it from a security standpoint, so if anyone out there sees me doing something dumb, please do comment.

    bitcoin.conf:

    # Bitcoin daemon
server=1
txindex=1

# Network
listen=1
listenonion=1
proxy=127.0.0.1:9050
bind=127.0.0.1


# Connections
rpcport=8332
rpcbind=0.0.0.0     #is this safe? reckless!
rpcallowip=127.0.0.1     #allow RPC connections from localhost
rpcallowip=172.18.0.1/16     #allow RPC connections from the docker network on which the containers I'm trying to connect are running
rpcauth=user:passwordhash
zmqpubrawblock=tcp://0.0.0.0:28332     #need to accept zmq connections on 0.0.0.0 instead of 127.0.0.1
zmqpubrawtx=tcp://0.0.0.0:28333     #ditto
zmqpubsequence=tcp://0.0.0.0:28334     #ditto again
whitelist=download@127.0.0.1          # for Electrs

# Raspberry Pi optimizations
maxconnections=40
maxuploadtarget=5000

    And docker-compose.yml for the Bitfeed stack:

        version: "2.1"

    services:
      web:
        image: ghcr.io/bitfeed-project/bitfeed-client:v2.3.4
        restart: on-failure
        stop_grace_period: 1m
        depends_on:
          - 'api'
        environment:
          TARGET: 'docker'
          BACKEND_HOST: 'api'
          BACKEND_PORT: '6000'  
        ports:
          - '3080:80' 
    
      api:
        image: ghcr.io/bitfeed-project/bitfeed-server:v2.3.4
        user: '1001:1001' #running as the bitcoin user (same user that runs bitcoind on the host)
        restart: on-failure
        stop_grace_period: 1m
        volumes:
          - '/home/bitcoin/.bitcoin:/bitcoin:ro'
        extra_hosts:
          - 'host.docker.internal:host-gateway'
        environment:
          PORT: '6000'  
          BITCOIN_HOST: 'host.docker.internal' 
          BITCOIN_ZMQ_RAWBLOCK_PORT: '28332'
          BITCOIN_ZMQ_RAWTX_PORT: '28333'
          BITCOIN_ZMQ_SEQUENCE_PORT: '28334'
          BITCOIN_RPC_PORT: '8332' #8332
          BITCOIN_RPC_COOKIE: /bitcoin/.cookie
          TARGET: personal