Docker on OSX: Port Forwarding

If you’ve tried to run Docker 0.8 on OSX, you know that everything works great except for port forwarding. Have no fear, here is your guide to getting port forwarding working for Docker on OSX:

Step 1. Export the port in your container

First, you should make sure to expose the port in the image you are running. If you are using a pre-built image this is usually taken care of for you, but if you are building an image yourself from a Dockerfile you need to add the following line near the end:


The EXPOSE command exposes port 80 to the external of the container (If you need to expose a different port just use that instead of 80). Then, when launching the container based on this image be sure to specify the port binding you would like to use:

docker run -n -p 80:80 -d YOUR_IMAGE

The -p option tells docker to bind port 80 on the host (your laptop) to port 80 in the container (which we exposed in the image).

Normally, on pure linux systems, you would now be able to connect to the container on port 80. On OSX this isn’t the case.

Step 2. Configure VirtualBox 

Docker 0.8 for OSX relies on boot2docker which in turn uses VirtualBox to host the VM that runs the linux OS to run the containers. Unfortunately, despite the fact that you have told Docker to forward ports, VirtualBox doesn’t know about your port forwarding intentions and is blocking connections. You need to open up port forwarding in VirtualBox as well by running the following command:

VBoxManage modifyvm "boot2docker-vm" --natpf1 "guestnginx,tcp,,80,,80"

This uses the VirtualBox command line interface to update the boot2docker virtual machine to forward everything from port 80 on your laptop to port 80 in the virtual machine which will then, in turn, be available to your containers. –natpf1 specifies the first virtual network device of the VM handles the forwarding, but that is not an important detail.

Now you should be able to reach your container on port 80!


While this does work, it is very inconvenient if you run many containers using many different ports. It is a side effect of OSX not supporting containers natively, requiring another OS layer between you and your containers. Unfortunately boot2docker cannot take care of this for you since it doesn’t know what ports you need when you are getting started and once the Docker daemon is running in the virtual machine it cannot be modified.

Until there is a better solution, I recommend using a linux machine for most of your container testing and only using your OSX laptop for development testing.

Docker on OSX: Client Connection Error

If you have installed Docker 0.8 and set it up on OSX, you’ll notice it’s a bit rough. One issue you might run into is the following error:

$ docker version
Client version: 0.8.0
Go version (client): go1.2
Git commit (client): cc3a8c8
2014/02/06 22:50:31 dial unix /var/run/docker.sock: no such file or directory

The issue here is that you followed the installation instructions literally and ran export DOCKER_HOST=tcp:// in your shell. Unfortunately, that export does not persist so the next time you open a console the DOCKER_HOST variable is not set so the docker client does not know how to reach the server. If you either add it to your .bash_profile or run it again in the current shell you will see it work as expected:

$ docker version
Client version: 0.8.0
Go version (client): go1.2
Git commit (client): cc3a8c8
Server version: 0.8.0
Git commit (server): cc3a8c8
Go version (server): go1.2

Generating a build.xml for an Android project

If you want to automate builds of your Android applications, you will need to generate a build.xml file for your project for use with Ant. While it’s not clear from the Android Dev docs how to do this, it is actually very simple:

$ ANDROID_SDK/tools/android update project -p DIR_OF_PROJECT -n "NAME_OF_APP" -s -t ANDROID_TARGET_ID

Where ANDROID_SDK is the location of your Android SDK installation, DIR_OF_PROJECT is the path to your project folder and NAME_OF_APP is the name of your app. ANDROID_TARGET_ID is the identifier of one of the Android versions you have installed as part of your SDK, but note that the target ID is not the same as the Android version you are targeting. You can view the target IDs for all the installed Android versions using the list command: 

$ ANDROID_SDK/tools/android list targets

A successful run generates a build.xml file (and supporting properties files) in your project folder that you can now use to build your APK using:

$ ant release

This creates an unsigned APK that you will still need to sign before releasing but luckily you can also automate that. If you would like to only create a debug build, use ant debug instead.

The full list of options available for android update project are:

  -l --library    : Directory of an Android library to add, relative to this project's directory.
  -p --path       : The project's directory. [required]
  -n --name       : Project name.
  -t --target     : Target ID to set for the project.
  -s --subprojects: Also updates any projects in sub-folders, such as test projects.

Adding Routes in OSX

It’s surprisingly frustrating to add new routes to your networking configuration on OSX as the syntax is similar but slightly different from Linux. The correct format for OSX is:

sudo route -n add -net <range> <gateway> <mask>

so, for example:

sudo route -n add -net

To make sure your changes took effect print the entire routing table:

netstat -rn

Backup MySQL to S3 in 30 seconds

One of the most tedious parts of setting up a database for your new app is backing it up. So much so that you will almost always leave it for last if you remember to do it at all. However, with the risk of data corruption, server corruption or simple server failure looming it’s an important part of service continuity.

The good news is that there is a 30 second way to set up regular backups of your MySQL database into Amazon S3. This assumes you already have a MySQL database set up and an S3 account with a bundle created for your backups.

Step 1. Install s3cmd

s3cmd is a set of easy tools for working with S3 from the shell. If you are using Ubuntu it’s as easy as:

$sudo apt-get install s3cmd

Step 2. Create a script 

Create an executable script with the following contents:

export BACKUP_FILE=my_db.backup.sql.gz
export DATABASE_SCHEMA_NAME=my_schema
export S3_BUNDLE=myBundle
mysqldump -uroot $DATABASE_SCHEMA_NAME > temp.sql
gzip temp.sql
mv temp.sql.gz $BACKUP_FILE

This uses mysqldump to dump the database contents to a temporary SQL file, gzip compresses it and uploads it to S3 using the s3cmd put. Note that you should change DATABASE_SCHEMA_NAME, S3_BUNDLE and BACKUP_FILE to the values specific to your application.

Step 3. Set up Cron

Finally, just use <code>crontab -e</code> to create a cron entry to run this script every night. An example that runs it everynight at midnight:

# m h  dom mon dow   command
0  0  *  *  *  /home/ubuntu/backup/

You’re Done!

Congratulations, your database will be backed up to S3 every night for you.

To Err Is Human

brain Forbes has a profile of a stealth software company called Pramana which is looking to replace the ubiquitous CAPTCHA with something better. Pramana analyzes your behavior when you browse a website to decide if you are human or not and then uses that to allow/prevent access to human-only actions. While there aren’t too many details they might be using mouse movements, click times and other indicators of human reaction time.

CAPTCHAs are notoriously inadequate for preventing spam as OCR technology continues to improve. Tesseract is one popular tool that is supposedly used by spammers. Forbes also points out that most of the companies that suffer from CAPTCHA breakage fund the projects and research that lead to the OCR tools to break their CAPTCHAs.

I’ve always thought a fun solution to this problem is to include a fake ad in your advertisement space that asks “If you’re a human, click here”. Most spam bots won’t be sophisticated enough to find a randomly placed animated image and click on it. Then again, humans don’t click on ads very much either. Even I would be afraid of admitting I was human, fearing being sold some kind of “humanity enhancement” pill.

It makes you taller, you know.

Who are we?

Here at Fogstack, we believe that the next wave of technology will do more than just provide tools for people – it will do things for you. Imagine that your finance website does more than just let you trade stocks, it adjusts your portofolio for you based on market events. Imagine that instead of just a check engine light your car tells you when it’s developing problems that need to be fixed. Imagine a world where technology takes off some of the burden of everyday life so you have more time to do the things you love.

That’s the world we see and what we’re working to help make happen. Visit us at

This blog, however, is just our random thoughts on technology.