开放容器端口
执行docker run的时候有个-p选项,可以将容器中的应用端口映射到宿主机中,从而实现让外部主机可以通过访问宿主机的某端口来访问容器内应用的目的。
-p选项能够使用多次,其所能够暴露的端口必须是容器确实在监听的端口。
-p选项的使用格式:
动态端口指的是随机端口,具体的映射结果可使用docker port命令查看。
[root@localhost ~]
a71a96e98b5e2ff3c68ba535658fa3d61a2fe147bccb48d74cdbf8d070c8b6f2
[root@localhost ~]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a71a96e98b5e busybox "sh" 4 seconds ago Up 3 seconds 0.0.0.0:49155->80/tcp, :::49155->80/tcp frosty_beaver
[root@localhost ~]
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:49155 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:49155 [::]:*
[root@localhost ~]
80/tcp -> 0.0.0.0:49155
80/tcp -> :::49155
[root@localhost ~]
由此可见,容器的80端口被暴露到了宿主机的49155端口上,此时我们访问一下这个端口看是否能访问到容器内的站点
iptables防火墙规则将随容器的创建自动生成,随容器的删除自动删除规则。
将容器端口映射到指定IP的随机端口
[root@localhost ~]
ac24345517ffb80a469dc9022c1e86718665992a7825bf03409a502ba7cfa1ab
[root@localhost ~]
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac24345517ff httpd "httpd-foreground" 23 seconds ago Up 23 seconds 192.168.141.135:49153->80/tcp youthful_keller
在另一个终端上查看端口映射情况
[root@localhost ~]
80/tcp -> 192.168.141.135:49153
[root@localhost ~]
将容器端口映射到宿主机的指定端口
[root@localhost ~]
61597ab1e7d1ab568db6b5121b5168cfd84cb01fabf9dafba900deedcc99a803
在另一个终端上查看端口映射情况
[root@localhost ~]
80/tcp -> 0.0.0.0:80
80/tcp -> :::80
[root@localhost ~]
自定义docker0桥的网络属性信息
官方文档相关配置
自定义docker0桥的网络属性信息需要修改/etc/docker/daemon.json配置文件
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
{
"registry-mirrors": ["https://cns3xv60.mirror.aliyuncs.com"],
"bip": "192.168.135.1/24"
}
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ae:b0:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.141.135/24 brd 192.168.141.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::b2dd:4066:a098:25d1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:16:70:a5:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.135.1/24 brd 192.168.135.255 scope global docker0
valid_lft forever preferred_lft forever
[root@localhost ~]
核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其它选项可通过此地址计算得出。
docker创建自定义桥
创建一个额外的自定义桥,区别于docker0
[root@localhost ~]
NETWORK ID NAME DRIVER SCOPE
9e3a71f10307 bridge bridge local
66047d5040c1 host host local
d1e9a6d46b69 none null local
[root@localhost ~]
2298df7f824a5e2be861a8bdc3a74145eda6ff1587081b3a25ee2ca69c3cbca1
[root@localhost ~]
NETWORK ID NAME DRIVER SCOPE
2298df7f824a br0 bridge local
9e3a71f10307 bridge bridge local
66047d5040c1 host host local
d1e9a6d46b69 none null local
[root@localhost ~]
使用新创建的自定义桥来创建容器:
[root@localhost ~]
/
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:9D:02
inet addr:192.168.157.2 Bcast:192.168.157.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/
再创建一个容器,使用默认的bridge桥:
[root@localhost ~]
/
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:87:02
inet addr:192.168.135.2 Bcast:192.168.135.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/
试想一下,此时的b2与b1能否互相通信?如果不能该如何实现通信?
b1和b2不相互通信,因为不是相同的网关,如果想实现通信需要搭建网桥
[root@localhost ~]
/
c91feb46889f
[root@localhost ~]
/
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:87:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.135.2/24 brd 192.168.135.255 scope global eth0
valid_lft forever preferred_lft forever
/
PING 192.168.157.2 (192.168.157.2): 56 data bytes
64 bytes from 192.168.157.2: seq=0 ttl=64 time=0.079 ms
64 bytes from 192.168.157.2: seq=1 ttl=64 time=0.085 ms
^C
--- 192.168.157.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.079/0.082/0.085 ms
/
[root@localhost ~]
/
79a3ae835a1c
/
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:9d:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.157.2/24 brd 192.168.157.255 scope global eth0
valid_lft forever preferred_lft forever
/
PING 192.168.135.2 (192.168.135.2): 56 data bytes
^C
--- 192.168.135.2 ping statistics ---
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)