我在我的主机web1和web2上运行了2个docker容器。容器web1将端口8080映射到主机端口18080,web2将端口8080映射到主机端口28080.主机的IP地址是192.168.20.111(是的它是LAN)。我可以从同一局域网中的其他机器访问192.168.20.111:18080和192.168.20.111:28080。
当我尝试从web1 / web2容器中访问192.168.20.111:18080(卷曲192.168.20.111:18080)或192.168.20.111:28080时,我收到超时错误。
但是,在主机的端口8080上运行的Apache服务器可以通过192.168.20.111:8080从web1 / web2容器中访问,这意味着从容器到主机的路由是明确的。
所以我的问题是:为什么发生超时错误以及如何从docker容器访问192.168.20.111:18080?
这是我用来启动web2的docker-compose文件(web1几乎相同):
version: '2'
services:
web:
build: .
ports:
- "28080:8080"
expose:
- "8080"
environment:
- TALENTS_AUTH_HOST=192.168.20.111
- TALENTS_AUTH_PORT=18080
- TALENTS_ANALYSIS_HOST=192.168.20.111
- TALENTS_ANALYSIS_PORT=18082
这是curl的输出:
root@ea49393e56a4:/# curl -v http://192.168.20.111:28080
* Rebuilt URL to: http://192.168.20.111:28080/
* Trying 192.168.20.111...
* TCP_NODELAY set
* connect to 192.168.20.111 port 28080 failed: Connection timed out
* Failed to connect to 192.168.20.111 port 28080: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to 192.168.20.111 port 28080: Connection timed out
root@ea49393e56a4:/#
这是容器web2的ip路由:
root@ea49393e56a4:/# ip route
default via 172.25.0.1 dev eth0
172.25.0.0/16 dev eth0 proto kernel scope link src 172.25.0.2
root@ea49393e56a4:/#
这是使用网关ip的curl输出:
root@ea49393e56a4:/# curl -v http://172.25.0.1:28080
* Rebuilt URL to: http://172.25.0.1:28080/
* Trying 172.25.0.1...
* TCP_NODELAY set
* connect to 172.25.0.1 port 28080 failed: Connection timed out
* Failed to connect to 172.25.0.1 port 28080: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to 172.25.0.1 port 28080: Connection timed out
root@ea49393e56a4:/#
顺便说一下,主机(192.168.20.111)是运行Ubuntu-16.04的VirtualBox虚拟机,它托管在windows-10桌面上,使用网桥连接到局域网。
非常感谢@atline
从容器内ping主机IP是可以的:
root@ea49393e56a4:/# ping 192.168.20.111
PING 192.168.20.111 (192.168.20.111) 56(84) bytes of data.
64 bytes from 192.168.20.111: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 192.168.20.111: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 192.168.20.111: icmp_seq=3 ttl=64 time=0.036 ms
64 bytes from 192.168.20.111: icmp_seq=4 ttl=64 time=0.036 ms
64 bytes from 192.168.20.111: icmp_seq=5 ttl=64 time=0.036 ms
64 bytes from 192.168.20.111: icmp_seq=6 ttl=64 time=0.039 ms
64 bytes from 192.168.20.111: icmp_seq=7 ttl=64 time=0.038 ms
^C
--- 192.168.20.111 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6000ms
rtt min/avg/max/mdev = 0.036/0.038/0.046/0.006 ms
这意味着路线清晰。正如@atline所建议的那样,我通过“sudo service ufw stop”在主机上停止ufw,然后一切正常。
我想问题是ufw范围被设置为允许LAN请求,但容器在“172.25.0.0/16”子网中,与主机(192.168.0.0/16)不同的LAN,所以请求被ufw阻止了。