Node Client -> ES connection problem (docker)

Hi,

I’m currently trying to fix an issue that I have with my setup.
I have a node service (using node-eventstore-client v0.2.18, TCP) and the eventstore (v20), both running in separate docker containers (and both connected to a custom docker network “backends-docker-network”).

Unfortunately, the service does not connect to the eventstore.
When I start a docker container with some network tools (the same way I start the service container) and scan the ports of the eventstore with nmap, I only see the port 2113 as open. Port 1113 leads to the same nmap output as any port that does not listen.

nmap -p- eventstore
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-23 08:56 UTC
Nmap scan report for eventstore (172.19.0.2)
Host is up (0.000018s latency).
rDNS record for 172.19.0.2: eventstore.backends-docker-network
Not shown: 65534 closed ports
PORT     STATE SERVICE
2113/tcp open  hsl-storm
MAC Address: 02:42:AC:13:00:02 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.90 seconds

With netstat on the host I can see both ports 1113 and 2113 on localhost.

tcp        0      0 127.0.0.1:1112          0.0.0.0:*               LISTEN      0          1841059
tcp        0      0 127.0.0.1:1113          0.0.0.0:*               LISTEN      0          1843452
tcp        0      0 127.0.0.1:2112          0.0.0.0:*               LISTEN      0          1841790
tcp        0      0 127.0.0.1:2113          0.0.0.0:*               LISTEN      0          1843427

docker run of the service
docker run -d --name adb-service --network=backends-docker-network --restart=unless-stopped <adb-service-image>

The only thing a currently override in terms of the eventstore config ist
EVENTSTORE_INSECURE: “true” (this is ansible syntax)

Any idea of how to proceed?
Thanks Andy

Hi Andy

I spent quite a bit of time on that as well – back on 5.x it worked out of the box, I think. With 20.x we set (among others)

      - EVENTSTORE_DEV=True
      - EVENTSTORE_EXT_IP=0.0.0.0
      - EVENTSTORE_DISABLE_EXTERNAL_TCP_TLS=True
      - EVENTSTORE_ENABLE_EXTERNAL_TCP=True

for our local dev environment using docker compose and

            - name: EVENTSTORE_EXT_IP
              value: 0.0.0.0
            - name: EVENTSTORE_ENABLE_EXTERNAL_TCP
              value: "True"
            - name: EVENTSTORE_CERTIFICATE_FILE
              value: /opt/eventstore/eventstore.p12
            - name: EVENTSTORE_TRUSTED_ROOT_CERTIFICATES_PATH
              value: /usr/local/share/ca-certificates

for our k8s environments.

Not sure if all of them are needed, but I remember spending quite some time to get my client to connect properly. I think it was EVENTSTORE_ENABLE_EXTERNAL_TCP and/or EVENTSTORE_EXT_IP that did the trick.

Kind regards
Björn

Thanks a lot, bjoern, that helped!!

And it’s both, EVENTSTORE_ENABLE_EXTERNAL_TCP AND EVENTSTORE_EXT_IP that is needed. I guess EXT_IP is necessary so the port is bound to a network interface that can be exposed to the outside by docker, and ENABLE… is necessary because …let me copy the log of my es instance:

"The Legacy TCP Client Interface has been deprecated as of version 20.6.0. The External TCP Interface can be re-enabled with the 'EnableExternalTCP' option. It is recommended to use gRPC instead."

One problem remains. It seems like my plan does not work. I wanted to have no secured connection on the ES. I thought I can proxy the admin gui over my existing nginx and let the tcp connection unsecured as I don’t expose the port to the web (ES and its using service are on the same server).

But I will write a new Post for that…

Thanks a lot again Bjoern for getting me half the way already :slightly_smiling_face:

Hi Andy, glad to hear it helped. I think starting from 20.x ESDB enforces encrypted connections in non-dev mode, no way around it. Since you are using nodejs be sure to watch https://github.com/EventStore/EventStore-Client-NodeJS.

Kind regards, Björn

Thanks again for that link Bjoern, seems like a lot has happened since I have built that service.