Docker 容器没有互联网 Ubuntu 22 全新安装

问题描述 投票:0回答:1

问题:我的 docker-compose 脚本无法连接到出站互联网。 目前我使用的是 Ubuntu 22.04.2 系统。在我的另一台服务器 Ubuntu 20 上,相同的脚本可以运行。所以我的docker配置一定是错误的。

在我的 docker-compose 脚本中,我想使用 LetsEncrypt 创建一个新证书,但是在与 LetSEncrypt 通信时出现错误。

使用 ping 运行 buddybox:

docker run --rm -it busybox ping -c 3 acme-v02.api.letsencrypt.org

结果:

ping: bad address 'acme-v02.api.letsencrypt.org'

但是当我在网络主机中运行时它可以工作:

docker run --rm -it --network host busybox ping -c 3 acme-v02.api.letsencrypt.org

结果:

PING acme-v02.api.letsencrypt.org (172.65.32.248): 56 data bytes
64 bytes from 172.65.32.248: seq=0 ttl=58 time=0.859 ms
64 bytes from 172.65.32.248: seq=1 ttl=58 time=1.745 ms
^C
--- acme-v02.api.letsencrypt.org ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss

这是我的 docker-compose.yaml 文件:

version: '3'

services:

  outer:
    container_name: outer
    env_file: .env
    build: .
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    ports:
      - "80:80"
      - "443:443"
    restart: always
    environment:
      - DEFAULT_HOST=${MYHOST}
      - DHPARAM_GENERATION=false
    logging:
      driver: local #or "none" or "local"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro # allow to read running dockers
      - ./extraVolumes/certs:/etc/nginx/certs:rw
      - ./extraVolumes/vhosts:/etc/nginx/vhost.d:rw
      - ./extraVolumes/html:/usr/share/nginx/html:rw
    networks:
      - reverse-proxy

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    env_file: .env
    environment:
    ### ToDo: Change to your e-mail address
      - DEFAULT_EMAIL=${EMAIL}
      - NGINX_PROXY_CONTAINER=outer
    volumes_from:
      - outer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./extraVolumes/certs:/etc/nginx/certs:rw
      - ./extraVolumes/vhosts:/etc/nginx/vhost.d:rw
      - ./acme:/etc/acme.sh
    restart: always
    networks:
      - reverse-proxy

  app:
    container_name: outer_app
    image: jwilder/whoami
    env_file: .env
    environment:
      - VIRTUAL_HOST=${MYHOST}
      - LETSENCRYPT_HOST=${MYHOST}
      - VIRTUAL_PATH=/ping/
      - VIRTUAL_DEST=/
    networks:
      - reverse-proxy

  redirect:
    image: morbz/docker-web-redirect
    env_file: .env
    restart: always
    environment:
      - VIRTUAL_HOST=${MYHOST}
      - VIRTUAL_PATH=/
      - VIRTUAL_DEST=/
      - REDIRECT_TARGET=${MYHOST}/homepage/ # Just /homepage without ending with a / will result in infinite redirects
      # For more see: https://serverfault.com/questions/821997/nginx-reverse-proxy-too-many-redirections
      # Also the - VIRTUAL_PATH=/ping/ must end with a / too
    networks:
      - reverse-proxy

  redirect_catch:
    container_name: redirect_catch
    image: jwilder/whoami
    env_file: .env
    environment:
      - VIRTUAL_HOST=${MYHOST}
      - LETSENCRYPT_HOST=${MYHOST}
      - VIRTUAL_PATH=/homepage/homepage/
      - VIRTUAL_DEST=/
    networks:
      - reverse-proxy

networks:
  reverse-proxy:
    name: topDomainProxy

我相应地配置了我的 .env,用 OMITED 替换了值。

MYHOST=OMITED
EMAIL=OMITED
PATH_TO_CERT=./
PATH_TO_KEY=./

运行我的撰写文件时:

letsencrypt_1     | [Wed Jun 14 20:15:07 UTC 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
letsencrypt_1     | [Wed Jun 14 20:15:07 UTC 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
letsencrypt_1     | [Wed Jun 14 20:15:08 UTC 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
letsencrypt_1     | [Wed Jun 14 20:15:11 UTC 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
letsencrypt_1     | [Wed Jun 14 20:15:11 UTC 2023] Could not get nonce, let's try again.

我能做什么,我的问题出在哪里? 我无法改变我的 Ubuntu...

我已经尝试过:

  • 重新安装docker
  • IP转发
  • daemon.json 进行配置
  • 以及许多其他堆栈溢出的答案。

已经尝试过:Docker 容器内没有互联网连接

docker networking connection ubuntu-22.04
1个回答
0
投票

就我而言,它是 MTU。之后花了将近2天的时间。 “eth0”(主机的网络,也可以是“eno1”,具体取决于您的主机)的网络 mtu 设置为 1280,“docker0”(docker 网络)的 mtu 设置为 1400。

运行以下命令来找出系统上每个网络的 mtu 

nmcli dev show

“nmcli”是 ubuntu 上的命令行网络管理器。 这将显示类似这样的内容

GENERAL.DEVICE:                         docker0
GENERAL.TYPE:                           bridge
GENERAL.HWADDR:                         02:42:87:65:3D:1B
GENERAL.MTU:                            1400
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         172.17.0.1/16
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 172.17.0.0/16, nh = 0.0.0.0, mt = 0
IP6.GATEWAY:                            --

GENERAL.DEVICE:                         eno1
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         54:9F:35:00:16:2C
GENERAL.MTU:                            1280
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.10.125/24
IP4.GATEWAY:                            192.168.10.1
IP4.ROUTE[1]:                           dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.10.1/32, nh = 0.0.0.0, mt = 100
IP4.ROUTE[3]:                           dst = 0.0.0.0/0, nh = 192.168.10.1, mt = 100
IP4.ROUTE[4]:                           dst = 8.8.8.8/32, nh = 192.168.10.1, mt = 100
IP4.ROUTE[5]:                           dst = 8.8.4.4/32, nh = 192.168.10.1, mt = 100
IP6.ADDRESS[1]:                         fe80::569f:35ff:fe00:162c/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 256

规则是docker网络的mtu应该低于主机网络。我将 docker0 mtu 设置为 1200,它开始工作。

在/etc/docker/daemon.json中

{
    "dns":["8.8.8.8","8.8.4.4"],
    "mtu": 1200
}

我还在其中添加了 dns 配置,只是为了以防万一。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.