我严格按照 Linode 的指南 [1] 操作,ERR_CONNECTION_REFUSED并且<server-address>:8080/guacamole
运行 Docker 的机器是 Almalinux 8.5 最小版本,因此我无法在机器本身上打开浏览器访问本地主机,我必须从另一台机器进行连接。
不存在防火墙问题,因为通过 tcpdump 我可以看到 TCP 握手 [2]
我还使用一个简单的 http 服务器运行了另一个 docker 示例,并且它运行成功了。
这是输出docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
62eb7fe99f15 guacamole/guacamole "/opt/guacamole/bin/…" 15 minutes ago Up 15 minutes 127.0.0.1:8080->8080/tcp example-guacamole
e67dbb2b3273 guacamole/guacd "/bin/sh -c '/usr/lo…" 15 minutes ago Up 15 minutes (healthy) 4822/tcp example-guacd
cb03bd35d482 mysql/mysql-server "/entrypoint.sh mysq…" 23 minutes ago Up 23 minutes (healthy) 3306/tcp, 33060-33061/tcp example-mysql
SELinux 已在 [3] 中被禁用setenforce 0,防火墙已在systemctl stop firewalld[4]中被停止
我怀疑这与网络有关,就好像主机没有将传入的连接转发到 docker 容器。我应该通过 docker-compose 运行这个环境。几年前我运行过类似的设置 (chirpstack),我记得摆弄过 docker-compose.yml 的“网络”属性,但我没有任何备份,也不记得是怎么做的了。
我该如何调试?我遗漏了什么?
[1]https://www.linode.com/docs/guides/installing-apache-guacamole-through-docker/
[2]
[root@localhost guacamole]# tcpdump -nni ens192 port 8080
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
10:53:57.059020 IP 172.30.254.254.53121 > 172.30.5.50.8080: Flags [SEW], seq 4213614549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.059163 IP 172.30.5.50.8080 > 172.30.254.254.53121: Flags [R.], seq 0, ack 4213614550, win 0, length 0
10:53:57.059411 IP 172.30.254.254.53122 > 172.30.5.50.8080: Flags [SEW], seq 1710300584, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.059471 IP 172.30.5.50.8080 > 172.30.254.254.53122: Flags [R.], seq 0, ack 1710300585, win 0, length 0
10:53:57.309756 IP 172.30.254.254.53124 > 172.30.5.50.8080: Flags [SEW], seq 103230931, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.309823 IP 172.30.5.50.8080 > 172.30.254.254.53124: Flags [R.], seq 0, ack 103230932, win 0, length 0
10:53:57.559317 IP 172.30.254.254.53121 > 172.30.5.50.8080: Flags [S], seq 4213614549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.559410 IP 172.30.5.50.8080 > 172.30.254.254.53121: Flags [R.], seq 0, ack 1, win 0, length 0
10:53:57.560156 IP 172.30.254.254.53122 > 172.30.5.50.8080: Flags [S], seq 1710300584, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.560236 IP 172.30.5.50.8080 > 172.30.254.254.53122: Flags [R.], seq 0, ack 1, win 0, length 0
10:53:57.810286 IP 172.30.254.254.53124 > 172.30.5.50.8080: Flags [S], seq 103230931, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:53:57.810355 IP 172.30.5.50.8080 > 172.30.254.254.53124: Flags [R.], seq 0, ack 1, win 0, length 0
10:53:58.060306 IP 172.30.254.254.53122 > 172.30.5.50.8080: Flags [S], seq 1710300584, win 8192, options [mss 1460,nop,nop,sackOK], length 0
10:53:58.060377 IP 172.30.5.50.8080 > 172.30.254.254.53122: Flags [R.], seq 0, ack 1, win 0, length 0
10:53:58.060434 IP 172.30.254.254.53121 > 172.30.5.50.8080: Flags [S], seq 4213614549, win 8192, options [mss 1460,nop,nop,sackOK], length 0
10:53:58.060475 IP 172.30.5.50.8080 > 172.30.254.254.53121: Flags [R.], seq 0, ack 1, win 0, length 0
10:53:58.310360 IP 172.30.254.254.53124 > 172.30.5.50.8080: Flags [S], seq 103230931, win 8192, options [mss 1460,nop,nop,sackOK], length 0
10:53:58.310458 IP 172.30.5.50.8080 > 172.30.254.254.53124: Flags [R.], seq 0, ack 1, win 0, length 0
[3]
[root@localhost guacamole]# getenforce
Permissive
[root@localhost guacamole]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[4]
[root@localhost guacamole]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2022-07-21 16:56:20 CEST; 18h ago
答案1
问题就出在这里:
PORTS
127.0.0.1:8080->8080/tcp
如果我从另一台机器连接,应该是
PORTS
0.0.0.0:8080->8080/tcp
因此,对于 Linode 指南,我从此进行了更改
docker run --name example-guacamole --link example-guacd:guacd --link example-mysql:mysql -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=guacamole_user_password -d -p 127.0.0.1:8080:8080 guacamole/guacamole
对此
docker run --name example-guacamole --link example-guacd:guacd --link example-mysql:mysql -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=guacamole_user_password -d -p 0.0.0.0:8080:8080 guacamole/guacamole
现在我可以连接到 Apache Guacamole 主页了