我有3个服务(使用docker-compose)和以下端口映射的docker部署:
Python是在端口8000上提供的aiohttp演示应用程序(基于aiohttp)
节点应用程序是在端口3000上提供的简单ssr前端
Nginx充当反向代理,并具有此子句将流量路由到python应用程序:
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://python:8000;
}
然后将其路由到节点应用程序:
location / {
proxy_pass http://node:3000;
include /etc/nginx/node_params;
}
问题在于,其他两个容器都无法连接到python容器:
$ docker-compose exec nginx curl 'http://python:8000/api/'
curl: (7) Failed to connect to python port 8000: Connection refused
与直接使用IP相同:
$ docker-compose exec node curl 'http://172.18.0.5:8000/api/'
curl: (7) Failed to connect to 172.18.0.5 port 8000: Connection refused
检查打开的端口也失败:
$ docker-compose exec nginx nc -vz python 8000
$ <no response>
只有python容器可以连接到自身:
$ docker-compose exec python curl 'http://python:8000/api/'
Response ok
$ docker-compose exec python nc -vz python 8000
python (172.18.0.5:8000) open
可以正常访问其他服务(节点)。对容器执行Ping操作也可以。
唯一可以访问它的方法是通过映射端口(8001)从docker网络外部访问,即:
$ curl http://localhost:8001/api/
Response ok
它适用于任何IP,甚至可以通过互联网从其他主机使用:
$ curl http://my-app.mydomain.com:8001/api/
Response ok
我也无法重现此问题,因为在本地计算机上运行的同一项目可以正常工作。唯一的不同是,我尝试运行它的地方是使用docker 17(Docker版本17.06.0-ce,内部版本02c1d87),而我的本地计算机运行docker 18(Docker版本18.09.5,内部版本e8ff056)。服务器也在我的机器上运行fedora 24 vs fedora 29。
我在做什么错?
这是我的docker-compose.yml文件
version: '3.7'
services:
python:
build: api
ports:
- 8001:8000
networks:
default:
aliases:
- python
restart: always
volumes:
- cdn:/app/cdn
frontend:
build:
context: nuxt
ports:
- 3000:3000
networks:
default:
aliases:
- node
restart: always
nginx:
build:
context: nginx
ports:
- 90:80
restart: always
volumes:
- cdn:/app/cdn
volumes:
cdn:
编辑:
$ docker inspect project_python_1
[
{
"Id": "98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e",
"Created": "2019-05-07T14:03:17.714587695Z",
"Path": "/bin/sh",
"Args": [
"-c",
"cd src && python -m api"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 5268,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-05-07T14:03:18.860468562Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:6b9059304a2e0f5316204acaf37423a557dc8d14dbc3bc72e169430ff38df73c",
"ResolvConfPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/hostname",
"HostsPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/hosts",
"LogPath": "/var/lib/docker/containers/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e/98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e-json.log",
"Name": "/project_python_1",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"cdn:/app/cdn:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "project_default",
"PortBindings": {
"8000/tcp": [
{
"HostIp": "",
"HostPort": "8001"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9-init/diff:/var/lib/docker/overlay2/b1986769f12e6919ad34bb2184a4822a18d01c402b187d8caf7d1088f6020da1/diff:/var/lib/docker/overlay2/919b177579f26bde763973564af0a3762db5fb9d801b9804f5038fb9c60e4250/diff:/var/lib/docker/overlay2/22389c009280043fe76e9e2631e59aa3d6ee35a827613114e39db5f4d29783b7/diff:/var/lib/docker/overlay2/098414feeb05448f0b70dad272c9c81976171d7626e902c9325c5a454b666e59/diff:/var/lib/docker/overlay2/91cf4d7cef0ffb067991afc5b99ebb7ffee6fb02ce6e258304b23202a49d71a9/diff:/var/lib/docker/overlay2/7d13e7a43ebd06c9babf901e9630ff663c5036886df08038ccbda5f730e7c3a5/diff:/var/lib/docker/overlay2/f8db754b7d72fc8cd0fcfdd758a9491ffc1029e7cac0f5f884d8f0ca26aee253/diff:/var/lib/docker/overlay2/b0cb3c0f4b0d1eba56f353767142bdccbe08b9d15cddf0b52f2173cb771f850a/diff:/var/lib/docker/overlay2/228b0ee3f88b6b9ab9a436612f416acb02dd7196fb3870ba632c973f560ca75e/diff:/var/lib/docker/overlay2/ee2d7a211a67bc164f787443de343de51efc89e00592a7516acd26f1a02bf520/diff:/var/lib/docker/overlay2/40a529d74eb8c72cbc3e57db301678996e229b4b4de31a5b3f5642c44018c499/diff:/var/lib/docker/overlay2/95534c69b64738866cd6a87a73dda2f049a28745bea72dbd54c6fb6f662202e3/diff:/var/lib/docker/overlay2/69ce7a7e7ad79423e0abab05a3b4270a4a309686ab4410759e05248286799cb6/diff:/var/lib/docker/overlay2/6525630fd688dbae59699c3cf1246cc5a202e4a4265b6cc17e238cd90867ad54/diff:/var/lib/docker/overlay2/66f8ad83ba1c1bd4c719ebfc004b85f4b6aef9bb15fba5f5ea9b5a58f7eb198c/diff:/var/lib/docker/overlay2/a1ca64fad83b74d88984bd7378905308ed5e9bc142f9fb50392b4414b6076eb2/diff",
"MergedDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/merged",
"UpperDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/diff",
"WorkDir": "/var/lib/docker/overlay2/013c07caf2f6fd59e99a7ec626355e8820d7fe6c0d2f83d5ed0fd2a0c2688ea9/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "cdn",
"Source": "/var/lib/docker/volumes/cdn/_data",
"Destination": "/app/cdn",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "98f3624ea086",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"8000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"DEBUG=1",
"PATH=scripts:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D",
"PYTHON_VERSION=3.7.3",
"PYTHON_PIP_VERSION=19.1"
],
"Cmd": [
"/bin/sh",
"-c",
"cd src && python -m api"
],
"ArgsEscaped": true,
"Image": "project_python",
"Volumes": {
"/app/cdn": {}
},
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "0f0fe6053d92416fd77f6efba7e8282f385c447b8a8d40aa866554ee282896d7",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "project",
"com.docker.compose.service": "python",
"com.docker.compose.version": "1.24.0"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "397d60b1dbe4733910c9ae2c0dabc1bdb3046d784b25f8fb4f72c28f6d458ff2",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8001"
}
]
},
"SandboxKey": "/var/run/docker/netns/397d60b1dbe4",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"project_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"98f3624ea086",
"api",
"python"
],
"NetworkID": "4145a30ce48519a895707d607265635012341f73db63b9fedf6e86d68fad6641",
"EndpointID": "4b4bafed80cb88693e2c3f3c1b0268f95afefc3eb7e713ce88d20392d36fa85c",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:05",
"DriverOpts": null
}
}
}
}
]
答案 0 :(得分:0)
好吧,所以我找到了罪魁祸首,问题是我要部署的计算机通过eth0主界面上的firewalld 8000→80设置了端口映射,而docker在尝试访问该端口时正在使用该端口映射。容器。即当nginx容器尝试在端口8000上连接到python容器时,它实际上是使用80作为上游,因此失败了。一种解决方法是删除端口映射或使用未映射的端口。我不知道为什么码头工人会在其内部网络中应用系统防火墙的相同规则。
这是firewall-cmd --list-all的输出
FedoraServer (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client
ports: 22/tcp 9090/tcp 90/tcp 8001/tcp 3000/tcp
protocols:
masquerade: no
forward-ports: port=8000:proto=tcp:toport=80:toaddr=
source-ports:
icmp-blocks:
rich rules:
这是docker network inspect project_default的输出:
[
{
"Name": "project_default",
"Id": "4145a30ce48519a895707d607265635012341f73db63b9fedf6e86d68fad6641",
"Created": "2019-05-07T09:03:17.425575867-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"02f1f96b74eb292eeff1eb623e725a41c2a14aa0fc40f727ba78e0a620812254": {
"Name": "project_nginx_1",
"EndpointID": "68c3c7fb40d2e56d6601136a123fc8b7834c0503e3da99be56fac40750247a37",
"MacAddress": ...,
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"1e93a55f0d329f4cc8beb681c3e17c6aec1ded73de5dca2fc1eaf49dae788516": {
"Name": "project_mongo_1",
"EndpointID": "3a0a6ae0dfdc922b5fa6032c492376643e4b61415743af7afae2de33576f3acf",
"MacAddress": ...,
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"39ac596559da13506abcce9941a06441f42bd1c2d153d118bd13ff9a57f8c538": {
"Name": "project_node_1",
"EndpointID": "6753668d5fb20d908660b48bb757f9b6755c5f4f0bae69c7e02f5431c8f0e575",
"MacAddress": ...,
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"98f3624ea0866665204167d9975b050977836b843c8294639e245897c0c8e44e": {
"Name": "project_python_1",
"EndpointID": "4b4bafed80cb88693e2c3f3c1b0268f95afefc3eb7e713ce88d20392d36fa85c",
"MacAddress": ...,
"IPv4Address": "172.18.0.5/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "project",
"com.docker.compose.version": "1.24.0"
}
}
]
这是docker ps的剥离输出:
PORTS NAMES
0.0.0.0:8001->8000/tcp project_python_1
27017/tcp, 28017/tcp project_mongo_1
0.0.0.0:90->80/tcp project_nginx_1
0.0.0.0:3000->3000/tcp project_node_1