一、docker网络访问的方式
随机映射: - docker run -P 指定映射: 1. -p hostPort:containerPort 2. -p ip:hostPort:containerPort 3. -p ip::containerPort 4. -p hostPort:containerPort 5. -p hostPort:containerPort:udp
1、环境准备
环境准备
IP 主机名 操作系统 192.168.56.11 linux-node1 centos7 注意:我这里使用的是centos7,如果是使用centos5或者centos6,需要升级操作系统内核,否则Docker的许多新功能都无法使用
2、随机映射
优点: 不会发生端口冲突
[[email protected] ~]# docker run -d -P nginx 4d5a21ea94e0df102198812fd899d8293198a2376dd5d952642113b76448ca65 [[email protected] ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4d5a21ea94e0 nginx "nginx -g ‘daemon off" 7 seconds ago Up 4 seconds 0.0.0.0:10001->80/tcp, 0.0.0.0:10000->443/tcp evil_murdock c627741a7dc1 centos "/bin/bash" 13 days ago Up 2 hours mydocker [[email protected] ~]# 本地的10001端口映射到80,10000端口映射到443 访问本地的端口 在url中输入192.168.56.11:10001,可以进入到nginx的欢迎界面 查看端口占用情况 [[email protected] ~]# netstat -lnpt|grep 10001 tcp6 0 0 :::10001 :::* LISTEN 6800/docker-proxy
查询nat的详细信息 -nvL 这其实是三个参数,等效于 -n -v -L -n 不解析主机名和端口名,也就是全部主机和端口都用数字表示 -v 详细信息列表 -L 列表 [[email protected] ~]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 7 packets, 855 bytes) pkts bytes target prot opt in out source destination 2 104 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 7 packets, 855 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 959 packets, 57540 bytes) pkts bytes target prot opt in out source destination 12949 777K DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 960 packets, 57592 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24 0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255 0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:443 0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:80 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 to:172.17.0.3:443 1 52 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 to:172.17.0.3:80
使用之前写的进入docker的脚本,进入docker,查看进程 [[email protected] ~]# ./docker_in.sh 4d5a21ea94e0 [email protected]:/# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 31724 2840 ? Ss 05:58 0:00 nginx: master process nginx -g daemon off; nginx 8 0.0 0.0 32116 1936 ? S 05:58 0:00 nginx: worker process root 9 0.2 0.0 20256 1956 ? S 06:13 0:00 -bash root 22 0.0 0.0 17492 1156 ? R+ 06:13 0:00 ps aux [email protected]:/# docker运行的第一进程的PID是1 [email protected]:/# ip ad li 1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 18: [email protected]:mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3/64 scope link valid_lft forever preferred_lft forever [email protected]:/# 这个IP地址是通过DHCP获取的
我们可以使用docker logs查看nginx的访问日志
[[email protected] ~]# docker logs 4d5a21ea94e0 192.168.56.1 - - [19/Sep/2016:06:01:04 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36" "-" 192.168.56.1 - - [19/Sep/2016:06:01:06 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.56.11:10001/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36" "-" 2016/09/19 06:01:06 [error] 8#8: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.56.11:10001", referrer: "http://192.168.56.11:10001/"
3、指定端口映射:
(1)将本地的81端口映射到docker容器的80端口
[[email protected] ~]# docker run -d -p 192.168.56.11:81:80 --name mynginx nginx 17df7e2a56678e60e18a6cb1d5d9197b031f922dc8a18f045296dcab30d60f76 [[email protected] ~]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 17df7e2a5667 nginx "nginx -g ‘daemon off" 10 seconds ago Up 9 seconds 443/tcp, 192.168.56.11:81->80/tcp mynginx 通过端口映射的方式,我们可以很方便的访问docker容器内的服务
可以使用docker port命令查看端口映射情况
[[email protected] ~]# docker port mynginx 80/tcp -> 192.168.56.11:81 查看docker容器端口映射
(2)多个端口的映射
[[email protected] ~]# docker run -d -p 443:443 -p 82:80 --name nginx2 nginx c4c9b4947e613e15f84bfaa9233116377f2608796de8f824285360c6aeddc028 [[email protected] ~]# docker port nginx2 80/tcp -> 0.0.0.0:82 443/tcp -> 0.0.0.0:443 [[email protected] ~]# 缺点:由于端口映射的方式是经过NAT的,所以会影响系统的性能。
时间: 2024-08-03 07:03:16