question

Mathieu Deletrain avatar image
Mathieu Deletrain asked

Private access to container's network from VM

Hi !

First some context:

We are developing a multiplayer game and we use PlayFab Multiplayer Servers 2.0.

When we encounter issues on deployed servers, our only solution until now to debug them was to kill them (when they did not crash), grab the logs and try to fix the issue based on what could be analysed.

For sure we could attach a debugger but we never got it working on deployed servers and sometimes this isn't practical anyway (ex: trying to analyse what is happening dynamically, without triggering a break point that would hang / kill connections with clients).

To work around that, we made our servers be able to respond to simple http queries, giving us some details about their internal state and possibly giving us the opportunity alter it remotely.

When we deploy the servers, we configure the build so that it opens a port dedicated to that http tool, allowing us to inspect deployed servers. This is working great and proved to be very useful in some situations.

Now about my question:

Would it be possible to query those server from the VM they are running on, without exposing the tool's port in build's configuration.

That would allow us to keep it running even on production servers, without the port being reported by the matchmaker to the clients, and without a way for a hacker to try and connect to our instances.

Thank you !

multiplayer
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Mathieu Deletrain avatar image
Mathieu Deletrain answered

I ended up doing things like

docker exec -t [Container ID] curl http://127.0.0.1/[End point]

Probably not the most elegant solution, but it works enough for our needs.

Thanks for your help !

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Sarah Zhang avatar image
Sarah Zhang answered

Yes, you can query the containers that running in the VM using PowerShell. For example, you can use this PowerShell command to query all container Ids.

PS C:\windows\system32> docker ps  -q -a

Then you can open one container’s PowerShell according to the container Id.

PS C:\windows\system32> docker exec -it [Container ID] powershell.exe

After you open the container’s Powershell, the command path would become “C:\Assets>”. Then you can enter your server’s executable name to open your server and check the real-time logs.

PS C:\Assets> ./[YourServerName].exe

For more information about docker commands, please refer to the docker CLI reference -- https://docs.docker.com/engine/reference/run/.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Mathieu Deletrain avatar image Mathieu Deletrain commented ·

Thank you for this answer.

Anyway, my question was more about how to access a container's network port from within the VM, without us having to declare that port in build's settings in order to keep it private.

Let say :

  • The server listens for http connections on port xxxx
  • I am logged into the VM

Is there a way I can connect to the server from VM's browser ?

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.