无法从一个Docker容器通信到同一台机器上的裸露容器
目前,我正在尝试使一个容器与另一个在同一台计算机上暴露和运行的容器进行通信。
假设外部IP地址是123.123.123.123,我通过ports属性在端口8080上公开了一个基本的nginx docker容器。 > docker-compose.yaml ,我执行curl http://123.123.123.123:8080。从外部计算机中,它成功地获得了响应,从主机计算机执行命令也是如此。但是,当我从同一台计算机上的另一个容器中执行此卷发时,它会超时退出。
我不确定原因,我尝试通过
对我而言,重要的是能够使用外部路由,尤其是因为在生产中,jwilder/nginx-proxy与HTTPS证书一起使用。
该机器正在运行Ubuntu 20.04,我没有更改Iptables提供的任何防火墙设置。
UFW状态输出:
Status: active
To Action From
-- ------ ----
22/tcp LIMIT Anywhere
2375/tcp ALLOW Anywhere
2376/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
2375/tcp (v6) ALLOW Anywhere (v6)
2376/tcp (v6) ALLOW Anywhere (v6)
可能是iptables -L的最相关部分:
Chain DOCKER (6 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:9000
ACCEPT tcp -- anywhere 172.20.0.2 tcp dpt:http
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:https
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:http
ACCEPT tcp -- anywhere 172.19.0.6 tcp dpt:mysql
好奇如何解决此问题。当然,将两个容器添加到相同的内部网络上可以解决此问题,但是由于端口8080已经接触到了世界,因此我也希望它也包括内部流量。我正在使用Docker组合,这两个容器都不是相同的docker-compose.yaml
Currently I'm trying to make one container communicate with another one that is exposed and running on the same machine.
Lets say the external IP address is 123.123.123.123 and I exposed a basic NGINX Docker container on port 8080 via the ports property inside my docker-compose.yaml and I execute curl http://123.123.123.123:8080. From an external machine it successfully gets a response back, same goes for executing the command from the host machine. However when I execute this curl from another container on the same machine it exits with a timeout.
I'm unsure of the cause, I have tried temporarily exposing all ports via https://serverfault.com/a/129087 and this did actually allow communication from one container to the exposed container (Of course I restored the previous configuration afterwards).
It is important for me to be able to use the external routing, especially since in production jwilder/nginx-proxy is used with HTTPS certificates.
The machine is running Ubuntu 20.04, I haven't altered any firewall settings provided by iptables.
ufw status output:
Status: active
To Action From
-- ------ ----
22/tcp LIMIT Anywhere
2375/tcp ALLOW Anywhere
2376/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
2375/tcp (v6) ALLOW Anywhere (v6)
2376/tcp (v6) ALLOW Anywhere (v6)
Probably the most relevant part of iptables -L:
Chain DOCKER (6 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:9000
ACCEPT tcp -- anywhere 172.20.0.2 tcp dpt:http
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:https
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:http
ACCEPT tcp -- anywhere 172.19.0.6 tcp dpt:mysql
Curious how this issue could be fixed. Of course adding both containers to the same internal network fixes this, but since port 8080 is already exposed to the world I would like this to include internal traffic as well. I'm using Docker Compose, both of these containers are not apart of the same docker-compose.yaml
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
解决方案一直在我的脸上盯着我。基本上,使用 digitalocean提供的此图像同时启用了iptables和ufw。但是,每当您将一个端口添加到Docker配置中时,Docker都无法公开端口。
显然,对于外部流量而言,这主要不是问题,因为在这种情况下,UFW显然无法处理外部流量,这取决于Iptables。添加
UFW允许HTTP和UFW允许https修复它!The solution was staring in my face all this time. Basically with this image provided by DigitalOcean both iptables and UFW are enabled at the same time. However Docker is not able to expose ports whenever you add one to your Docker configuration.
Apparently that mostly isn't a problem for external traffic since in this scenario UFW apparently does not handle external traffic, that is all up to iptables. Adding
ufw allow httpandufw allow httpsfixes it!