打开(Bluemix)容器到所有传入连接

时间:2017-01-18 16:16:54

标签: docker containers ibm-cloud connection-close

2017年新年快乐!

各位大家好!

当我尝试在BlueMix容器(cf ic run = docker run)中部署docker镜像时出现问题 即使图像在内部运行良好,我也无法从Web访问容器。 我抓住了绑定的地址:

ping 169.46.18.91
PING 169.46.18.91 (169.46.18.91): 56 data bytes
64 bytes from 169.46.18.91: icmp_seq=0 ttl=48 time=124.247 ms
64 bytes from 169.46.18.91: icmp_seq=1 ttl=48 time=122.701 ms

图片在本地工作,但现在我给了它一个IP并将其托管在bluemix容器服务上,我在cf ic -v run命令后设置图像时报告了一个问题

以下是命令的日志:

cf ic -v run -p 3000 --name bootingtest 1ed1b527771b

DEMANDE : [2017-01-18T10:32:31+01:00]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [DONNEES PRIVEES MASQUEES]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.22.2+a95e24c / darwin

grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNzJlYTFmNy00NGRlLTRmYmYtODUxOS1lNmU0NmU2MTk1Y2ItciIsInN1YiI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInNjb3BlIjpbIm9wZW5pZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJjbG91ZF9jb250cm9sbGVyLndyaXRlIl0sImlhdCI6MTQ4NDczMTE3MSwiZXhwIjoxNDg3MzIzMTcxLCJjaWQiOiJjZiIsImNsaWVudF9pZCI6ImNmIiwiaXNzIjoiaHR0cHM6Ly91YWEubmcuYmx1ZW1peC5uZXQvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJlbW1hbnVlbC5zb2xvbUBmci5pYm0uY29tIiwib3JpZ2luIjoidWFhIiwidXNlcl9pZCI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInJldl9zaWciOiI2MWNkZjM4MiIsImF1ZCI6WyJjZiIsIm9wZW5pZCIsInVhYSIsImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCJdfQ._gxevCN9cCYX3Fw_FUEYvxFsRhHqfOT9KhjZFiHcNao&scope=

REPONSE : [2017-01-18T10:32:32+01:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store
Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline';
Content-Type: application/json;charset=UTF-8
Date: Wed, 18 Jan 2017 09:32:31 GMT
Expires: 0
Pragma: no-cache,no-cache
Server: Apache-Coyote/1.1
Strict-Transport-Security: max-age=2592000 ; includeSubDomains
X-Backside-Transport: OK OK,OK OK
X-Client-Ip: 91.151.65.169
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Global-Transaction-Id: 1804077409
X-Powered-By: Servlet/3.1
X-Vcap-Request-Id: e683d47d-28aa-43c1-6356-d5818dfd86f1
X-Xss-Protection: 1; mode=block

6f6
{"access_token":"[DONNEES PRIVEES MASQUEES]","token_type":"[DONNEES PRIVEES MASQUEES]","refresh_token":"[DONNEES PRIVEES MASQUEES]","expires_in":1209599,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"edcd9c51-4521-4f49-bf03-def030e81626"}
0


a9dc3ad4-1a34-4848-9b16-8d1410b79a06

当我正在运行或构建图像时,有没有办法建立从“关闭”状态到“等待传入连接”状态的连接?

类似于选项cf ic (docker) run -p 3000 --accept_all imageid cmd(我没有在--help菜单中看到它)  或者你在其他地方看到了什么问题?

我考虑过使用docker exec -it ID /bin/bash登录容器,但我不知道接受所有传入连接的bash命令......(而且我认为这是VM的bash而不是容器本身)< / p>

感谢您的回答,祝您有个美好的一天!

灵光

其他信息

Dockerfile

FROM ubuntu:14.04
RUN apt-get update && apt-get -y install python2.7
RUN apt-get -y install python-pip
RUN pip install Flask
RUN pip install ibmiotf
RUN pip install requests
RUN pip install flask-socketio
RUN pip install cloudant
ENV PORT=12345
EXPOSE 12345
ADD ./SIARA /opt/SIARA/
WORKDIR /opt/SIARA/
CMD sleep 80 && python testGUI.py

Flask服务器端口映射和运行:

if __name__ == '__main__':
    # Bind to PORT if defined, otherwise default to 5000.
    port = int(os.environ.get('PORT', 5000))
    socketio.run(app, host='0.0.0.0', port=port)

线索信息

当我以前在本地测试我的图像时,我有这个警告消息他们不对任何崩溃负责但是现在它可能在云上这种错误导致网络连接尝试失败?

tl; dr:显然SSH连接不可用,因为(显然)我的python(2.7)版本需要更新(??) 但是,只有在https:// connection?

的情况下,SSH不应该是相关的
cf ic logs -ft guiplay

2017-01-19T09:17:38.870006264Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
32017-01-19T09:17:38.870062551Z   SNIMissingWarning
�2017-01-19T09:17:38.870081733Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:38.870089026Z   InsecurePlatformWarning
�2017-01-19T09:17:39.145906849Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:39.145950355Z   InsecurePlatformWarning
�2017-01-19T09:17:39.186165706Z WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
Y2017-01-19T09:17:39.192990810Z  * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

2 个答案:

答案 0 :(得分:1)

嗯 - 我看到你发布了端口3000(运行命令中的-p 3000参数),但是默认端口是5000.在dockerfile中,你把它切换到12345,所以这可能是你实际上的在那里听猜猜你想打开所有端口的原因是什么?

Docker只公开您告诉它的端口 - 为该默认值添加额外的-p 5000,或者根据该Dockerfile添加-p 12345,或者两者都允许您在这些情况下连接到应用程序。或者,如果您只想通过Dockerfile发布EXPOSE的所有端口(在本例中为12345),请使用-P参数。

更多信息:在云端运行,还有一个额外的安全措施,即您的容器只能通过您想要发布的端口访问。在一个空间内(在同一空间中的其他容器的私有ips中,或者绝对来自容器内部),您仍然可以访问这些端口。但是,从外部来看,只有您发布的端口才可以访问。我没有看到有效发布*的方法(从安全的角度来看,这似乎是一个相当可疑的做法)

答案 1 :(得分:0)

看起来Bluemix单一容器服务有点敏感,直到我添加了一个&#34;可扩展的&#34;容器,询问所需的HTTP端口。

我认为问题是这个http端口没有曝光,但现在问题已经解决了我上面提到的方式。