我在同一个桥接网络中有2个容器,但它们无法通信,我也找不到原因。
事实上,我有一个 nginx 容器,用于将代理传递给另一个容器“ gos ”,但是找不到代理,并且出现错误“无路线”
这是我的网络:
[root@pc-59 _data]# docker inspect nginxnet
[
{
"Name": "nginxnet",
"Id": "f00a094d2dcd15d3a42e142b46245f41408f6d4013b17cf7992d0b573f3d07a4",
"Created": "2019-12-27T20:17:37.878562424+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.3.27.0/24",
"Gateway": "172.3.27.2"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"253bd8d76090cb170d25ac1eb84cd411ea8d9c92f5dca7bfbb0133934c4be355": {
"Name": "nginx",
"EndpointID": "6bd16e068e16cd1ee060b00c6150bc9f1f579f9b17518e90f603ad64a099cf52",
"MacAddress": "02:42:ac:03:1b:04",
"IPv4Address": "172.3.27.4/24",
"IPv6Address": ""
},
"53bf139329162bedb94a89bdfcc6c308684e923e3b825e7a5cb377f5a30ca71c": {
"Name": "mariadb",
"EndpointID": "6a4138a66f5b67cbae63a600532b80d51530da8bec867f250ed51d5a67bf3660",
"MacAddress": "02:42:ac:03:1b:06",
"IPv4Address": "172.3.27.6/24",
"IPv6Address": ""
},
"c44952cf1fb97cf03b39b56a6824b6a2cbcb4f5c2836e5834336fde17cf8ad1d": {
"Name": "gogs",
"EndpointID": "f1642c905b0343bbaf28db8286b06917155fe80a3bd7c1dcc6618ece1c5c865a",
"MacAddress": "02:42:ac:03:1b:05",
"IPv4Address": "172.3.27.5/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
这是代理的nginx配置:
server {
listen 443 ssl;
server_name gogs.isin.party;
ssl_certificate /etc/nginx/gogs.fullchain.pem; # Localisation de certifcat
ssl_certificate_key /etc/nginx/gogs.privkey.pem; # Localisation de la clef
ssl_protocols TLSv1.2; # Protocole SSL/TLS autorisé
ssl_prefer_server_ciphers on; # Activation du chiffrement coté serveur
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
rewrite ^/?(.*)$ /$1 break;
proxy_pass http://172.3.27.5:3000;
}
}
以及当我尝试访问我的网站“ gogs”时得到的确切错误:
No route to host) while connecting to upstream, client: 192.168.1.11, server: gogs.fr, request: "GET / HTTP/1.1", upstream: "http://172.3.27.5:3000/"
仅供参考,主机为centos 8,并且如果我在服务器主机上的 telnet localhost 3000 工作(监听),但如果我从nginx做
有什么帮助的想法吗?
编辑-2019年12月28日
这里还有一些其他日志:
从我的nginx容器中,按照对ping和telnet gogs容器的注释中的建议使用DNS:
root@253bd8d76090:/# ping gogs.nginxnet
PING gogs.nginxnet (172.3.27.5) 56(84) bytes of data.
64 bytes from gogs.nginxnet (172.3.27.5): icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from gogs.nginxnet (172.3.27.5): icmp_seq=2 ttl=64 time=0.089 ms
^C
--- gogs.nginxnet ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 49ms
rtt min/avg/max/mdev = 0.087/0.092/0.102/0.012 ms
root@253bd8d76090:/# telnet gogs.nginxnet 3000
Trying 172.3.27.5...
telnet: Unable to connect to remote host: No route to host
从gogs容器到ping和telnet nginx容器
bash-5.0# ping nginx
PING nginx (172.3.27.4): 56 data bytes
64 bytes from 172.3.27.4: seq=0 ttl=64 time=0.070 ms
64 bytes from 172.3.27.4: seq=1 ttl=64 time=0.087 ms
^C
--- nginx ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.092/0.125 ms
bash-5.0# telnet nginx 80
telnet: can't connect to remote host (172.3.27.4): Host is unreachable
似乎所有端口都被禁止了,但是由于所有容器都在同一个网络中,所以不应该这样做。
答案 0 :(得分:0)
回答我自己的问题:
这里的问题出在Centos 8,而不是docker。实际上,防火墙阻止了容器之间的任何连接。完全禁用firewalld将使容器再次通信:),但是停止firewalld不是一个好主意,我的意思是关于安全性。
这就是我所做的:
外壳
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload
systemctl restart docker
firewall-cmd --zone = public --add-masquerade --permanent 。