Docker-2.网络访问

Docker网络访问

docker在安装完成之后会创建一个docker0的网卡。此网卡的功能与libvert的网络virbr0的功能类似,是一个nat模式网卡,可以让启动的docker实例通过docker0访问外网,也可以让外网用户访问docker实例

具体配置如下:

随机映射端口并访问web:

启动容器并实际映射端口:

1
2
3
4
5
[root@docker-server1 ~]# docker run  -d -P nginx
bc815d851546e0126cab3867ce01d11e5b9231f5c6776148f7630ae6043a0567
[root@docker-server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc815d851546 nginx "nginx -g 'daemon off" 6 seconds ago Up 5 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp desperate_lovelace

web访问映射的端口:

映射实例

查看防火墙nat表的设置:

防火墙设置

进入到容器进行操作:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@docker-server1 ~]# ./docker.sh  bc815d851546
root@bc815d851546:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 08:28 ? 00:00:00 nginx: master process nginx -g daemon off;
nginx 5 1 0 08:28 ? 00:00:00 nginx: worker process
root 6 0 0 08:38 ? 00:00:00 -bash
root 10 6 0 08:38 ? 00:00:00 ps -ef
root@bc815d851546:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0 #容器通过DHCP获取到的IP地址
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever

查看实例的日志:

[root@docker-server1 ~]# docker logs bc815d851546 192.168.10.1 - - [06/Feb/2017:08:30:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" "-" 192.168.10.1 - - [06/Feb/2017:08:30:52 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.10.101:32769/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" "-" 2017/02/06 08:30:52 [error] 5#5: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.10.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.10.101:32769", referrer: "http://192.168.10.101:32769/" 192.168.10.1 - - [06/Feb/2017:08:31:00 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0" "-"

指定端口映射,即指定本地的端口和容器的端口,也可以指定IP地址:

指定映射的几种方式:

方式一:本地端口81映射到容器的80端口

1
2
[root@docker-server1 ~]# docker run -d -p 81:80 --name testnginx1 nginx
d1cb06c8054aeb07a57b49c8403e9d251e65d335de92166f7e7d53c4cdfc4226

方式二:本地IP:本地端口:容器端口

1
2
[root@docker-server1 ~]# docker run -d -p 192.168.10.101:82:80 --name testnginx2 nginx
a44deb3fea390349ab4e1425bfc4613384b2ce1f89388f3b7bc88397cb89ee70

方式三:本地IP:本地随机端口:容器端口

1
2
[root@docker-server1 ~]# docker run -d -p 192.168.10.101::80 --name testnginx3 nginx
c6decbad5d08fb53e86700d80ec15c4aeed56062d9e0e957b776f4bf22764b0d

方式四:本机ip:本地端口:容器端口/协议,默认为tcp协议

1
[root@docker-server1 ~]# docker run -d -p 192.168.10.101:85:80/udp  --name testnginx5 nginx

方式五:一次性映射多个端口:

1
2
[root@docker-server1 ~]# docker run -d -p 86:80  -p 445:443  --name testnginx nginx
9a104c2f39ac4d33039bb0339b6d3526b920cab4b9863e1b542f739fb0346e2e

查看映射的端口:

1
2
3
4
5
6
[root@docker-server1 ~]# docker port    testnginx1
80/tcp -> 0.0.0.0:81
[root@docker-server1 ~]# docker port testnginx2
80/tcp -> 192.168.10.101:82
[root@docker-server1 ~]# docker port testnginx3
80/tcp -> 192.168.10.101:32770

最终的映射结果:

1
2
3
4
5
6
7
[root@docker-server1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a104c2f39ac nginx "nginx -g 'daemon off" About a minute ago Up About a minute 0.0.0.0:86->80/tcp, 0.0.0.0:445->443/tcp testnginx
c6decbad5d08 nginx "nginx -g 'daemon off" 13 minutes ago Up 13 minutes 443/tcp, 192.168.10.101:32770->80/tcp testnginx3
a44deb3fea39 nginx "nginx -g 'daemon off" 15 minutes ago Up 15 minutes 443/tcp, 192.168.10.101:82->80/tcp testnginx2
d1cb06c8054a nginx "nginx -g 'daemon off" 16 minutes ago Up 16 minutes 443/tcp, 0.0.0.0:81->80/tcp testnginx1
bc815d851546 nginx "nginx -g 'daemon off" 39 minutes ago Up 39 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp desperate_lovelace
0%