[SOLVED] Cannot access Grafana (Docker image) using port 3000 from non-local server

Issue

I'm working on a Ubuntu server with Docker, in which I ran the Grafana Docker Image using the following commands (based on documentation: href="https://grafana.com/docs/grafana/latest/installation/docker" rel="nofollow noreferrer">https://grafana.com/docs/grafana/latest/installation/docker):

docker volume create grafana-storage
docker run -d -p 3000:3000 --name=grafana -v grafana-storage:/var/lib/grafana grafana/grafana-oss

I can access to my Grafana instance successfully using localhost:3000, but the issue is that I cannot access from any external server x.x.x.x:3000. Not even locally unless I use localhost.

Nevertheless, I can access from an external server to x.x.x.x (port 80, which is being used by another process) from an external device.

I proceeded to check port configuration details:

netstat -an | grep "3000"

tcp        0      0 yy.yy.yy.yy:53596        yy.yy.yy.yy:3000        ESTABLISHED
tcp        0      0 yy.yy.yy.yy:53716        yy.yy.yy.yy:3000        ESTABLISHED
tcp        0      0 yy.yy.yy.yy:53700        yy.yy.yy.yy:3000        ESTABLISHED
tcp6       0      0 :::3000                 :::*                    LISTEN     
tcp6       0      0 ::1:3000                ::1:50602               ESTABLISHED
tcp6       0      0 ::1:50706               ::1:3000                ESTABLISHED
tcp6       0      0 ::1:3000                ::1:50706               ESTABLISHED
tcp6       0      0 ::1:50602               ::1:3000                ESTABLISHED

iptables -S | grep "3000"

-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3000 -j ACCEPT
-A DOCKER -d yy.yy.yy.yy/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3000 -j ACCEPT

iptables -L INPUT -nvx

Chain INPUT (policy ACCEPT 659 packets, 98721 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     136     8160 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000

And noted that firewall was inactive, then I enable it and put a rule: sudo ufw enable sudo ufw allow 3000/tcp comment 'grafana-port' sudo ufw reload sudo ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 3000/tcp                   ALLOW IN    Anywhere                   # grafana-port
[ 2] 3000/tcp (v6)              ALLOW IN    Anywhere (v6)              # grafana-port

Applying this change did not make x.x.x.x:3000 work. However, port 80 is still working normally as I mentioned. Maybe I am missing something else.

More info: I tried using domain = x.x.x.x and serve_from_subpath = true in grafana.ini, defaults.ini and custom.ini files. It did not work.

Have you any advice or contribution in order to solve this issue? Thank you in advance!

Solution

Issue was solved letting the firewall inactive, and connecting to the server's router at tplinkwifi.net. There I put this router configuration on advanced > NAT forwarding > Port forwarding:

Device IP Address: 192.168.x.x
External Port: 3000
Internal Port: 3000
Protocol: TCP

Then restarted the docker container and got access from non-local server. Thank you for your suggestions.

Answered By - LMigMa49

Answer Checked By - Marilyn (WPSolving Volunteer)