我正在运行Ubuntu 18.04
$ uname -r
5.3.0-46-generic
我已经安装了docker
$ docker --version
Docker version 19.03.8, build afacb8b7f0
我有一个暴露端口80的简单docker镜像。生成它的Dockerfile是
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
COPY publish .
EXPOSE 80
ENTRYPOINT ["dotnet", "SampleWebApp.dll"]
为该图像运行容器时,我可以看到以下内容:
$ docker run myimage:latest -p 8080:80
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://[::]:80
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
Content root path: /
如果我看到容器正在运行:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6f5bea7b329d registry.gitlab.com/whatever/myimage:latest "dotnet SampleWebApp…" 4 seconds ago Up 2 seconds 80/tcp dreamy_leavitt
所以我可以看到它正在端口80 / tcp上运行。 不知道为什么它不能在我要映射的端口8080上运行。
此外,http://[::]:80似乎令人困惑。我已经读过有关IPv6的内容。不知道这会带来什么后果,或者为什么普通的IPv4无法正常工作。
我的界面信息:
$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:71ff:fe7f:305 prefixlen 64 scopeid 0x20<link>
ether 02:42:71:7f:03:05 txqueuelen 0 (Ethernet)
RX packets 131843 bytes 105630866 (105.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 201439 bytes 268197990 (268.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 1c:1b:0d:a4:83:16 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 118628 bytes 17999594 (17.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118628 bytes 17999594 (17.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethca5fd09: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3c56:d6ff:fe0c:846 prefixlen 64 scopeid 0x20<link>
ether 3e:56:d6:0c:08:46 txqueuelen 0 (Ethernet)
RX packets 7 bytes 533 (533.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52 bytes 7342 (7.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.135 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::8a58:c682:3833:3bb1 prefixlen 64 scopeid 0x20<link>
ether e4:be:ed:4f:0f:21 txqueuelen 1000 (Ethernet)
RX packets 519710 bytes 524989683 (524.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 439859 bytes 165781721 (165.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
所以.. docker接口似乎具有地址172.17.0.1
。
但是我无法使用以下网址访问我的容器:
$ curl http://localhost:8080
curl: (7) Failed to connect to localhost port 8080: Connection refused
$ curl http://localhost:80
curl: (7) Failed to connect to localhost port 80: Connection refused
$ curl http://0.0.0.0:80
curl: (7) Failed to connect to 0.0.0.0 port 80: Connection refused
$ curl http://0.0.0.0:8080
curl: (7) Failed to connect to 0.0.0.0 port 8080: Connection refused
$ curl http://172.17.0.1:8080
curl: (7) Failed to connect to 172.17.0.1 port 8080: Connection refused
$ curl http://172.17.0.1:80
curl: (7) Failed to connect to 172.17.0.1 port 80: Connection refused
$ curl http://127.0.0.1:8080
curl: (7) Failed to connect to 127.0.0.1 port 8080: Connection refused
$ curl http://127.0.0.1:80
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
因此无法使用localhost
,127.0.0.1
或docker接口IP进行访问。
如果我检查容器,
sasw@Z3:~$ docker inspect 6f5bea7b329d
[
{
"Id": "6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a",
"Created": "2020-04-20T13:06:37.883347676Z",
"Path": "dotnet",
"Args": [
"SampleWebApp.dll",
"-p",
"8080:80"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 30636,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-04-20T13:06:38.295411125Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:e00403d6c5eb3ccbe3c5c7b6ec8cf8289158e4c9fbe6ff5872ea932e69d60f38",
"ResolvConfPath": "/var/lib/docker/containers/6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a/hostname",
"HostsPath": "/var/lib/docker/containers/6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a/hosts",
"LogPath": "/var/lib/docker/containers/6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a/6f5bea7b329d05bcb534953745f376da9c7efbe54de5532f8648b618152b722a-json.log",
"Name": "/dreamy_leavitt",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/8f56c544522ccb6556358601706cb900c405c19b47e54c25d8b3dac979100e5b-init/diff:/var/lib/docker/overlay2/81bfee49e33d9761a6ca78dfd6f3f9a54a9333b4d4fc9986e8084f6b45232f04/diff:/var/lib/docker/overlay2/c2add2cb2d687126c6826c7dd9e1c85be1473a53d6b878554aa87615701344a0/diff:/var/lib/docker/overlay2/ebd0b92c5111423fb8d1219f757e41013a1473bdbe5cf3553cecbd4337f76766/diff:/var/lib/docker/overlay2/9197af6ebe4c70f0a84c7c267b1ba069aa710d917abe9fb3fee13320a17ab765/diff:/var/lib/docker/overlay2/1f463e8667b6eecc7c251ac05316b8d5d32840bff13d9f5cb7853c88e6f1f40e/diff:/var/lib/docker/overlay2/b7c9450f53334bef02f50cc854b33140b97f4ff3d2343b3fcac7b20f647c454e/diff",
"MergedDir": "/var/lib/docker/overlay2/8f56c544522ccb6556358601706cb900c405c19b47e54c25d8b3dac979100e5b/merged",
"UpperDir": "/var/lib/docker/overlay2/8f56c544522ccb6556358601706cb900c405c19b47e54c25d8b3dac979100e5b/diff",
"WorkDir": "/var/lib/docker/overlay2/8f56c544522ccb6556358601706cb900c405c19b47e54c25d8b3dac979100e5b/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "6f5bea7b329d",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"ASPNETCORE_URLS=http://+:80",
"DOTNET_RUNNING_IN_CONTAINER=true"
],
"Cmd": [
"-p",
"8080:80"
],
"Image": "registry.gitlab.com/ddd-malaga/continuous-deployment-gitlab-docker-dotnet:latest",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"dotnet",
"SampleWebApp.dll"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "4e53bd2bc6cb83b7c0cba9fcdf07eb564a11ca6b955514670ba3f464aa0a96b7",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/4e53bd2bc6cb",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "83976112bb202b79880777563cd1b06ef27781fd288b210b19fb499e3bf51c90",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "7589efd57cea8d2b04823657fcfc54225991bc58c93ff0e463b6f12acb28b853",
"EndpointID": "83976112bb202b79880777563cd1b06ef27781fd288b210b19fb499e3bf51c90",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
我可以看到IP地址172.17.0.2
。再次,我不知道这是哪里来的。
但是现在我可以尝试在我告诉它映射的端口上访问容器IP:
$ curl http://172.17.0.2:8080
curl: (7) Failed to connect to 172.17.0.2 port 8080: Connection refused
令人惊讶的是,如果我访问相同的容器IP,但其暴露的端口80起作用
sasw@Z3:/$ curl http://172.17.0.2:80
Hello World!
如果我停止并删除完整的容器和图像,然后使用以下随机端口重试:
$ docker run myimage:latest -p 1234:1234
Status: Downloaded newer image for registry.gitlab.com/myimage:latest
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://[::]:80
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
Content root path: /
似乎这些端口已被完全忽略,并且仍在侦听容器ip和端口80
$ curl http://172.17.0.2:80
Hello World!
很明显,我在这里缺少一些知识,我发现的链接不是很有用,或者将我引向诸如https://docs.docker.com/config/daemon/ipv6/之类的IPv6的事情,其中提到了关于/etc/docker/daemon.json
的一些事情,但我没有甚至有。
有人能指出我正确的方向以了解发生了什么以及为什么吗?谢谢!
答案 0 :(得分:0)
问题似乎是我对docker run
的论点都没有生效,因为我将它们放在图像之后。疯了!
所以这个:
docker run myimage:latest -p 8080:80 --name whatever
将完全忽略端口映射和容器分配的名称来运行容器。
但是,这是
docker run -p 8080:80 --name whatever myimage:latest
将端口80映射到我的本地主机:8080,以便可以在https://localhost:8080上使用该Web应用程序