无法从外部访问在docker swarm上运行的容器

时间:2019-11-23 12:45:36

标签: docker nginx networking docker-compose docker-swarm

我在Docker群上运行我的容器。 opsalliant-frontend 服务是我的前端应用程序,它在容器内运行Nginx并暴露端口80。

  

卷曲http://10.255.8.21:80

  

卷曲http://127.0.0.1:80

从运行这些容器的主机上

我可以看到我的 opsalliant-frontend 应用程序,但是在主机外部无法访问它。我无法从另一台计算机访问它,我的主机操作系统是centos 8。

这是我的docker-compose文件

version: "3.3"
networks:
  basic:
services:
  opsalliant-backend:
    image: opsalliant/asset-management-backend
    env_file: .env
    deploy:
      replicas: 1
    depends_on:
      - opsalliant-mongodb
      - opsalliant-postgres
    networks:
      - basic
  opsalliant-mongodb:
    image: mongo
    restart: always
    env_file: .env
    ports:
      - "27017:27017"
    volumes:
      - $HOME/opsalliant/mongodb:/data/db
    networks:
      - basic
  opsalliant-postgres:
    image: opsalliant/postgresql
    restart: always
    env_file: .env
    ports:
      - "5432:5432"
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=asset-management
    volumes:
      - $HOME/opsalliant/postgres:/var/lib/postgresql/data
    networks:
      - basic
  opsalliant-frontend:
    image: opsalliant/asset-management-frontend
    restart: always
    ports:
      - "80:80"
    environment:
      - ENV=dev
    depends_on:
      - opsalliant-backend
    deploy:
      replicas: 1
    networks:
      - basic
  opsalliant-autodiscovery-cron:
    image: opsalliant/auto-discovery-cron
    restart: always
    env_file: .env
    deploy:
      replicas: 1
    depends_on:
      - opsalliant-mongodb
      - opsalliant-postgres
    networks:
      - basic

这是我的docker服务ls 

ID                  NAME                                       MODE                REPLICAS            IMAGE                                         PORTS
auz640zl60bx        opsalliant_opsalliant-autodiscovery-cron   replicated          1/1                 opsalliant/auto-discovery-cron:latest         
g6poofhvmoal        opsalliant_opsalliant-backend              replicated          1/1                 opsalliant/asset-management-backend:latest    
brhq4g4mz7cf        opsalliant_opsalliant-frontend             replicated          1/1                 opsalliant/asset-management-frontend:latest   *:80->80/tcp
rmkncnsm2pjn        opsalliant_opsalliant-mongodb              replicated          1/1                 mongo:latest                                  *:27017->27017/tcp
rmlmdpa5fz69        opsalliant_opsalliant-postgres             replicated          1/1                 opsalliant/postgresql:latest                  *:5432->5432/tcp

我的80端口在防火墙中打开 以下是firewall-cmd --list-all

的输出 
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 22/tcp 2376/tcp 2377/tcp 7946/tcp 7946/udp 4789/udp 80/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

如果我检查创建的网络,则输出如下

[
    {
        "Name": "opsalliant_basic",
        "Id": "zw73vr9xigfx7hy16u1myw5gc",
        "Created": "2019-11-26T02:36:38.241352385-05:00",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.3.0/24",
                    "Gateway": "10.0.3.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "9348f4fc6bfc1b14b84570e205c88a67aba46f295a5e61bda301fdb3e55f3576": {
                "Name": "opsalliant_opsalliant-frontend.1.zew1obp21ozmg8r1tzmi5h8g8",
                "EndpointID": "27624fe2a7b282cef1762c4328ce0239dc70ebccba8e00d7a61595a7a1da2066",
                "MacAddress": "02:42:0a:00:03:08",
                "IPv4Address": "10.0.3.8/24",
                "IPv6Address": ""
            },
            "943895f12de86d85fd03d0ce77567ef88555cf4766fa50b2a8088e220fe1eafe": {
                "Name": "opsalliant_opsalliant-mongodb.1.ygswft1l34o5vfaxbzmnf0hrr",
                "EndpointID": "98fd1ce6e16ade2b165b11c8f2875a0bdd3bc326c807ba6a1eb3c92f4417feed",
                "MacAddress": "02:42:0a:00:03:04",
                "IPv4Address": "10.0.3.4/24",
                "IPv6Address": ""
            },
            "afab468aefab0689aa3488ee7f85dbc2cebe0202669ab4a58d570c12ee2bde21": {
                "Name": "opsalliant_opsalliant-autodiscovery-cron.1.5k23u87w7224mpuasiyakgbdx",
                "EndpointID": "d3d4c303e1bc665969ad9e4c9672e65a625fb71ed76e2423dca444a89779e4ee",
                "MacAddress": "02:42:0a:00:03:0a",
                "IPv4Address": "10.0.3.10/24",
                "IPv6Address": ""
            },
            "f0a768e5cb2f1f700ee39d94e380aeb4bab5fe477bd136fd0abfa776917e90c1": {
                "Name": "opsalliant_opsalliant-backend.1.8ql9t3qqt512etekjuntkft4q",
                "EndpointID": "41587022c339023f15c57a5efc5e5adf6e57dc173286753216f90a976741d292",
                "MacAddress": "02:42:0a:00:03:0c",
                "IPv4Address": "10.0.3.12/24",
                "IPv6Address": ""
            },
            "f577c539bbc3c06a501612d747f0d28d8a7994b843c6a37e18eeccb77717539e": {
                "Name": "opsalliant_opsalliant-postgres.1.ynrqbzvba9kvfdkek3hurs7hl",
                "EndpointID": "272d642a9e20e45f661ba01e8731f5256cef87898de7976f19577e16082c5854",
                "MacAddress": "02:42:0a:00:03:06",
                "IPv4Address": "10.0.3.6/24",
                "IPv6Address": ""
            },
            "lb-opsalliant_basic": {
                "Name": "opsalliant_basic-endpoint",
                "EndpointID": "142373fd9c0d56d5a633b640d1ec9e4248bac22fa383ba2f754c1ff567a3502e",
                "MacAddress": "02:42:0a:00:03:02",
                "IPv4Address": "10.0.3.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4100"
        },
        "Labels": {
            "com.docker.stack.namespace": "opsalliant"
        },
        "Peers": [
            {
                "Name": "8170c4487a4b",
                "IP": "10.255.8.21"
            }
        ]
    }
]

4 个答案:

答案 0 :(得分:0)

docker service update your-service --publish-add 80:80

您可以通过更新服务来发布端口。

答案 1 :(得分:0)

您可以尝试使用该网址代替ip adres吗? host.docker.internal类似于http://host.docker.internal:80

答案 2 :(得分:0)

我建议您首先使用docker-compose验证“正确”的行为。然后,尝试在没有网络规范的情况下使用docker swarm只是为了验证没有网络接口问题。

此外,您可以使用以下命令来验证您的LISTEN端口:

netstat -tulpn

编辑:我也遇到过同样的问题,但是我可以通过127.0.0.1访问我的服务

答案 3 :(得分:0)

遇到同样的问题,结果发现这是我的本地网络子网与自动创建的ingress网络的子网之间的冲突。可以使用docker network inspect ingress并检查IPAM.Config.Subnet的值是否与您的本地网络重叠进行验证。

要解决此问题,您可以按照Customize the default ingress network中的说明更新ingress网络的配置;总结:

  1. 删除发布端口的服务
  2. 删除现有网络:docker network rm ingress
  3. 使用不冲突的子网重新创建: 
    docker network create \
    --driver overlay \
    --ingress \
    --subnet 172.16.0.0/16 \ # Or whatever other subnet you want to use
    --gateway 172.16.0.1 \
    ingress
  4. 重新启动服务

使用--default-addr-pool选项初始化群组时,可以通过指定默认子网池来避免冲突。

相关问题
最新问题