其他标题可能是:
- Docker 现在没有设置端口转发。
- 刷新 iptables 并重新安装 Docker 后,我丢失了端口转发。
我无法从 127.0.0.1、主机 IP 以及除端口 80 上的 Docker 容器之外的任何其他地方访问我的 Docker 容器。我也尝试了其他端口,但端口 80 未被使用。
也就是说,Docker 容器的 IP 地址在端口 80 上返回正确的服务,但并没有转发到外部世界。
另一件需要注意的事情是,这是一个 Ubuntu Server 19.04 版本,我在开始时启用了 Kubernetes(Snap mini K8 版本),此后我做了许多事情试图修复端口转发。其中之一是从 snap 中完全卸载 Kubernetes 和 Docker,删除它们留下的所有 iptables 规则,并将 iptables 设置为允许所有 INPUT、OUTPUT 和 FORWARD。然后,我从 canonical 重新安装了 Docker 18.06.1-ce stable 的 snap 版本。我想弄清楚如何让 snap 与我的版本配合良好。
这是我的docker_compose.yml:
version: '3.7'
volumes:
mysql:
driver: local
backup:
driver: local
redis:
driver: local
files:
driver_opts:
type: "nfs"
o: "addr=192.168.1.81,nolock,soft,rw"
device: ":/volume1/fileserver"
services:
owncloud:
image: owncloud:${OWNCLOUD_VERSION}
restart: always
ports:
- ${HTTP_PORT}:8080
depends_on:
- db
- redis
environment:
- OWNCLOUD_DOMAIN=${OWNCLOUD_DOMAIN}
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_NAME=owncloud
- OWNCLOUD_DB_USERNAME=owncloud
- OWNCLOUD_DB_PASSWORD=owncloud
- OWNCLOUD_DB_HOST=db
- OWNCLOUD_ADMIN_USERNAME=${ADMIN_USERNAME}
- OWNCLOUD_ADMIN_PASSWORD=${ADMIN_PASSWORD}
- OWNCLOUD_MYSQL_UTF8MB4=true
- OWNCLOUD_REDIS_ENABLED=true
- OWNCLOUD_REDIS_HOST=redis
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- files:/mnt/data
hostname: "extrahost1"
extra_hosts:
- "extrahost1:192.168.1.61"
- "extrahost2:127.0.0.1"
db:
image: webhippie/mariadb:latest
restart: always
environment:
- MARIADB_ROOT_PASSWORD=owncloud
- MARIADB_USERNAME=owncloud
- MARIADB_PASSWORD=owncloud
- MARIADB_DATABASE=owncloud
- MARIADB_MAX_ALLOWED_PACKET=128M
- MARIADB_INNODB_LOG_FILE_SIZE=64M
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- mysql:/var/lib/mysql
- backup:/var/lib/backup
redis:
image: webhippie/redis:latest
restart: always
environment:
- REDIS_DATABASES=1
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- redis:/var/lib/redis
安装和加载容器后,我的 iptables 输出。看起来隔离不允许任何流量进出。
iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 DOCKER-USER all -- anywhere anywhere
2 DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
4 DOCKER all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere
6 ACCEPT all -- anywhere anywhere
7 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
8 DOCKER all -- anywhere anywhere
9 ACCEPT all -- anywhere anywhere
10 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain DOCKER (2 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:http-alt
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num target prot opt source destination
1 DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
2 DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
3 RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 DROP all -- anywhere anywhere
3 RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
答案1
有趣的技术问题,我正在寻找解决方案并发现了以下信息:
https://fralef.me/docker-and-iptables.html
该文件解释说,对于一些为 docker 容器使用而预先设定的 ip 表规则,必须将其设置为 false 才能使用 docker 默认使用的规则。此外,还必须检查一些网络问题以改善互联网功能,有时网络故障会导致端口转发功能不稳定。也许这会有所帮助。