码头工人打开错误的端口

时间:2019-10-04 16:46:15

标签: docker docker-compose dockerfile wildfly

我有一个带有wildfly服务器的docker映像,该映像绑定到0.0.0.0接口上的端口8080、8443、8787和9990(用于开发和远程调试)。

Dockerfile本身不包含任何EXPOSE语句,因为我想使用docker-compose.yml有选择地公开端口。

Dockerfile(缩短)

FROM ubuntu:bionic
ARG DEBIAN_FRONTEND=noninteractive
RUN     apt-get update && \
        apt-get install -y -q some,packages,here
        && apt-get clean \
        && apt-get autoclean \
        && apt-get --purge -y autoremove \
        && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ENV WILDFLY_VERSION 16.0.0.Final
ENV WFLY_DIR /wildfly-$WILDFLY_VERSION
ENV JBOSS_HOME $WFLY_DIR
ADD /wildfly-$WILDFLY_VERSION 
RUN groupadd -g 999 wildfly && useradd -r -u 999 -g wildfly --home= --shell=/bin/bash wildfly
RUN chown -R wildfly:wildfly /wildfly-$WILDFLY_VERSION 
RUN chmod 755  $WFLY_DIR/bin/*.sh 
USER wildfly

docker-compose.yml文件实质上包含以下内容:

version: "3.5"
services:
  appsvr:
    build: ../../images/myimage/
    command: ["/bin/bash", "/start.sh"]
    expose:
      - 8443
      - 8787

我以docker-compose up -d开始容器,并且按预期出现了wildfly。现在,我检查哪些端口已暴露并获取容器的ip:

 bash% docker inspect --format=" {{ .NetworkSettings.Ports }} " containername
 map[8443/tcp:[] 8787/tcp:[]]
 bash% docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'  containername
172.20.0.10

这似乎是正确的。我可以连接到8443,但是我不能连接到8787,进一步使用nmap进行IP收益分析:

 bash% nmap -p8000-10000 172.20.0.10

Starting Nmap 6.40 ( http://nmap.org ) at 2019-10-04 16:33 UTC
Nmap scan report for ip-172-20-0-10.eu-central-1.compute.internal (172.20.0.10)
Host is up (0.00029s latency).
Not shown: 1998 closed ports
PORT     STATE SERVICE
8080/tcp open  http-proxy
8443/tcp open  https-alt
9990/tcp open  osm-appsrvr

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

这很奇怪,因为我没有公开8080或9990(我检查了一下,在响应请求的8080上确实是野蝇)。而8787-尽管是通过docker-compose暴露的(并且在轰击入容器后也可以在容器内打开!)-却不是。

我的docker-engine和docker-compose版本

bash% docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a215d7133c34aa18e3b72b4a21fd0c6136
 Built:             Fri Jun 28 23:16:08 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a/18.06.1-ce
  Built:            Fri Jun 28 23:17:39 2019
  OS/Arch:          linux/amd64
  Experimental:     false

bash% docker-compose version
docker-compose version 1.21.2, build a133471
docker-py version: 3.3.0
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

这是意料之中的吗?我认为不是。还是我在概念上误解了EXPOSE应该如何工作(我假设未暴露的端口不可见,反之亦然?)

0 个答案:

没有答案