我们有一个运行 Photon OS 3.0 并托管多个 Docker 容器的 Linux 服务器。 IP 表已强制执行。升级到 Photon OS 4.0 后,我们似乎无法通过互联网连接到该服务器上运行的 docker 容器。
我们的第一步是检查容器和图像是否有任何问题。我们能够在运行 Photon OS 3.0 的测试服务器中重新创建此容器,并且它运行时没有任何问题。
接下来我们查看了 ip 表,看起来似乎是正确的。
Chain INPUT (policy DROP 122 packets, 13607 bytes)
num pkts bytes target prot opt in out source destination
1 26 2515 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 3446 524K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 171 20326 LIGHTWAVE all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 294 15852 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
2 294 15852 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
5 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- * br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8 270 14040 DOCKER all -- * br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0
9 24 1812 ACCEPT all -- br-54495f9a6e79 !br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT all -- br-54495f9a6e79 br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0
11 0 0 ACCEPT all -- * br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
12 0 0 DOCKER all -- * br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0
13 0 0 ACCEPT all -- br-1fce5c4b82f2 !br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0
14 0 0 ACCEPT all -- br-1fce5c4b82f2 br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 2285 322K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (3 references)
num pkts bytes target prot opt in out source destination
1 90 4680 ACCEPT tcp -- !br-54495f9a6e79 br-54495f9a6e79 0.0.0.0/0 172.18.0.2 tcp dpt:443
2 105 5460 ACCEPT tcp -- !br-54495f9a6e79 br-54495f9a6e79 0.0.0.0/0 172.18.0.2 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
2 24 1812 DOCKER-ISOLATION-STAGE-2 all -- br-54495f9a6e79 !br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0
3 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-1fce5c4b82f2 !br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0
4 294 15852 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
2 0 0 DROP all -- * br-54495f9a6e79 0.0.0.0/0 0.0.0.0/0
3 0 0 DROP all -- * br-1fce5c4b82f2 0.0.0.0/0 0.0.0.0/0
4 24 1812 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 294 15852 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LIGHTWAVE (1 references)
num pkts bytes target prot opt in out source destination
1 171 20326 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
我们验证了tls版本,Photon os 4.0有以下内容
SSLv3
TLSv1
TLSv1.2
TLSv1.3
而PhotonOS 3.0有以下内容
SSLv3
TLSv1.2
我正在使用的docker compose文件如下
version: '3.8'
services:
maximohomepage.dev:
image: maximohomepage:development
container_name: maximohomepage-dev
build:
context: .
environment:
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=webportal.pfx
ports:
- "80:80"
- "443:443"
networks:
- default
networks:
default:
external:
name: maximohomepage
检查docker网络,这就是我们看到的。
[
{
"Name": "maximohomepage",
"Id": "54495f9a6e79b0f62e622c8138dbfa6d1e4de2a0faa5cb6afb637c54b8a6385e",
"Created": "2021-08-05T15:05:23.996371864-06:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"54f7ca97ed2da87db565c6a355a3b6edd5da8a86134558d9e15cc470e017b17d": {
"Name": "maximohomepage-dev",
"EndpointID": "60c035267b76134f578f0e72e7178663261ce3e43c73003508d9d8464a7e0823",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
我想知道是否有人可以告诉我下一步应该寻找什么?我在服务器端不是很有经验,所以任何帮助将不胜感激。
谢谢