Docker、Ubuntu和Apache:可以从container ping主机,但使用nc -vz“连接被拒绝”

ifmq2ha2  于 2022-12-03  发布在  Docker
关注(0)|答案(1)|浏览(205)

我的最终目标是允许运行FastAPI应用程序的容器与主机上的MySQL数据库通信。
首先我尝试使用host.docker.internal

停靠文件

FROM debian:latest

RUN apt update && apt install -y \
    netcat \
    iputils-ping

CMD echo "tailing /dev/null" && tail -f /dev/null

停靠-撰写.yml

version: "3.2"

services:
  test:
    build:
      context: "."
    extra_hosts:
      - "host.docker.internal:host-gateway"

预期行为:ping工程,nc -vz工程

特别是,使用nc-vz时,我希望看到类似以下的内容:

root@9fe8de220d44:/# nc -vz host.docker.internal 80
Connection to host.docker.internal (172.17.0.1) port 80 (tcp) succeeded!

实际行为:ping可以工作,nc -vz不能

root@5981bcfbf598:/# ping host.docker.internal
PING host.docker.internal (172.17.0.1) 56(84) bytes of data.
64 bytes from host.docker.internal (172.17.0.1): icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from host.docker.internal (172.17.0.1): icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from host.docker.internal (172.17.0.1): icmp_seq=3 ttl=64 time=0.068 ms
^C
--- host.docker.internal ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2013ms
rtt min/avg/max/mdev = 0.067/0.071/0.079/0.005 ms
root@5981bcfbf598:/# nc -vz host.docker.internal 80
nc: connect to host.docker.internal (172.17.0.1) port 80 (tcp) failed: Connection refused

在主机上

我在端口80上运行Apache

$ netstat -tulpn
...
tcp6       0      0 :::80                   :::*                    LISTEN      1258/apache2

此外,我的防火墙配置为允许所有入站请求到达端口80:firewall says http port 80 allows all ipv4 and ipv6
操作系统和Docker版本:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.6 LTS
Release:    18.04
Codename:   bionic
$ docker --version
Docker version 20.10.21, build baeda1f

手动指定网络也失败

host.docker.internal失败后,我按照下面的说明使用手动指定的网络从容器连接到Linux主机(在我的例子中是Ubuntu 18.04):https://stackoverflow.com/a/70725882
我的设置如下:

停靠文件

FROM debian:latest

RUN apt update && apt install -y \
    netcat \
    iputils-ping

CMD echo "tailing /dev/null" && tail -f /dev/null

停靠-撰写.yml

version: "3.2"

networks:
  test:
    name: test-network
    attachable: true
    ipam:
      driver: default
      config:
        - subnet: 172.42.0.0/16
          ip_range: 172.42.5.0/24
          gateway: 172.42.0.1

services:
  test:
    build:
      context: "."
    networks:
      - test

确认网关

$ docker inspect test-test-1  -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}'
172.42.0.1

ping有效

root@07f81c211a0c:/# ping 172.42.0.1
PING 172.42.0.1 (172.42.0.1) 56(84) bytes of data.
64 bytes from 172.42.0.1: icmp_seq=1 ttl=64 time=0.056 ms
64 bytes from 172.42.0.1: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 172.42.0.1: icmp_seq=3 ttl=64 time=0.065 ms

预期行为:nc -vz成功

根据https://stackoverflow.com/a/70725882处的说明:

root@9fe8de220d44:/# nc -vz 172.18.0.1 80
Connection to 172.18.0.1 80 port [tcp/http] succeeded!

实际行为:nc-vz失败

root@07f81c211a0c:/# nc -vz 172.42.0.1 80
nc: connect to 172.42.0.1 port 80 (tcp) failed: Connection refused

我做错了什么?

提前感谢您的帮助!

mklgxw1f

mklgxw1f1#

多亏了https://forums.docker.com/t/how-to-connect-from-docker-container-to-the-host/123318,我才能解决这个问题。
我跑了

$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet XXX.XXX.XXX.XXX  netmask ...

并复制了地址XXX.XXX.XXX.XXX,并在我的docker-compose.yml中用它替换了host-gateway

version: "3.2"

services:
  test:
    build:
      context: "."
    extra_hosts:
      - "host.docker.internal:XXX.XXX.XXX.XXX"

现在,从容器内:

root@f5836a37815a:/# nc -vz host.docker.internal 80
Connection to host.docker.internal (104.248.221.215) 80 port [tcp/*] succeeded!

我不知道为什么所有使用host-gateway的建议都不起作用,我的印象是它应该对我的docker(compose)版本起作用。

$ docker version
Client: Docker Engine - Community
 Version:           20.10.21
...
$ docker compose version
Docker Compose version v2.12.2

相关问题