这是一次家庭实验,Docker、pi-hole(容器)和 wormhole proxy(容器)在同一台主机上运行。我的 docker 主机的操作系统是 RHEL 7.x。
我原本的意图是了解有关 pi-hole 的更多信息,因此我将服务作为容器托管在 VMWare ESXI 中托管的 VM 上。在我的某些 Linux VM 上,我能够通过编辑文件/etc/resolv.conf指向 pi-hole 来将 pi-hole 用作我的 DNS 服务器。那里一切都运行良好。
因此,当我想在我的物理主桌面(Windows 10)上测试它时,我认为不是通过网络适配器设置更改 DNS 服务器,而是可以在同一台 docker 主机上与 pi-hole 容器一起托管正向代理服务器(wormhole-proxy)容器。然后我可以简单地告诉正向代理服务器使用 pi-hole 作为 DNS 服务器。
当正向代理服务器使用 pi-hole 作为 DNS 服务器时,会出现问题。我会在正向代理服务器日志中看到以下错误消息。
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,528 wormhole[5]: [691dd8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,692 wormhole[5]: [643358][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,693 wormhole[5]: [654eb8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
当在同一台 docker 主机上同时托管正向代理服务器容器和 pi-hole 容器时,如果我没有明确告诉代理服务器使用 pi-hole 作为 DNS,那么它就可以正常工作。如果我在不同的 VM 上托管正向代理服务器容器,然后指定代理服务器使用 pi-hole 作为 DNS 服务器,那么它也可以正常工作。这让我相信存在某种形式的冲突,但我不确定会是什么,因为它们没有共享任何端口。
为了轻松复制我的问题,以下是docker-compose.yml我使用的。
下面是docker-compose.yml虫洞代理(Forward Proxy)服务器。 dns:指向docker主机。
version: "3"
services:
wormhole:
image: bashell/wormhole:latest
ports:
- "8888:8800/tcp"
- "8888:8800/udp"
environment:
TZ: "America/New_York"
restart: always
dns:
- 192.168.10.120
以下是docker-compose.ymlpi-hole。您需要更改卷的主机安装点。
version: "3"
services:
pihole:
image: pihole/pihole:v4.0_amd64
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
# enter your docker host IP here
ServerIP: 192.168.10.120
# IPv6 Address if your network supports it
# ServerIPv6:
# jwilder/proxy envs, see readme for more info
PROXY_LOCATION: pihole
VIRTUAL_HOST: pihole.local
VIRTUAL_PORT: 80
TZ: "America/New_York"
DNS1: 208.67.222.222
DNS2: 1.1.1.1
WEBPASSWORD: stackexchange
# Add your own custom hostnames you need for your domain
# extra_hosts:
# Point any of the jwilder virtual_host addresses
# to your docker host ip address
# - 'pihole.yourdomain.local:192.168.1.55'
volumes:
- '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
# WARNING: if this log don't exist as a file on the host already
# docker will try to create a directory in it's place making for lots of errors
- '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
- '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
restart: always
答案1
我建议将这两个 docker-compose.yml 文件合并为一个:
version: "3"
services:
wormhole:
image: bashell/wormhole:latest
link: pihole:dns.local
ports:
- "8888:8800/tcp"
- "8888:8800/udp"
environment:
TZ: "America/New_York"
restart: always
dns:
- dns.local
pihole:
image: pihole/pihole:v4.0_amd64
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
# enter your docker host IP here
ServerIP: 192.168.10.120
# IPv6 Address if your network supports it
# ServerIPv6:
# jwilder/proxy envs, see readme for more info
PROXY_LOCATION: pihole
VIRTUAL_HOST: pihole.local
VIRTUAL_PORT: 80
TZ: "America/New_York"
DNS1: 208.67.222.222
DNS2: 1.1.1.1
WEBPASSWORD: stackexchange
# Add your own custom hostnames you need for your domain
# extra_hosts:
# Point any of the jwilder virtual_host addresses
# to your docker host ip address
# - 'pihole.yourdomain.local:192.168.1.55'
volumes:
- '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
# WARNING: if this log don't exist as a file on the host already
# docker will try to create a directory in it's place making for lots of errors
- '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
- '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
restart: always
这样做会自动将两个容器添加到同一个 docker 网络中,并允许链接容器(参见上面的虫洞服务,我将其指定dns.local为 pihole 容器的主机名,但仅限于虫洞容器的范围内。这句话有意义吗?)
答案2
我没有让转发代理服务器指向 Docker 主机作为 DNS 服务器,而是确保转发代理服务器和 DNS 服务器都位于同一个 Docker 网络上,并让转发代理服务器指向 Docker 分配的 DNS 服务器 IP 地址。
以下是docker-compose.yml正向代理服务器
version: "3"
services:
wormhole:
image: bashell/wormhole:latest
ports:
- "8888:8800/tcp"
- "8888:8800/udp"
environment:
TZ: "America/New_York"
restart: always
dns:
- 172.20.0.99
networks:
- beyonddc
networks:
beyonddc:
external: true
以下是docker-compose.yml我的 DNS 服务器
version: "3.5"
services:
pihole:
image: pihole/pihole:v4.0_amd64
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
networks:
beyonddc:
ipv4_address: 172.20.0.99
environment:
# enter your docker host IP here
ServerIP: 192.168.10.120
# IPv6 Address if your network supports it
ServerIPv6: 2601:189:4200:eb2:250:56ff:febf:d245
# jwilder/proxy envs, see readme for more info
PROXY_LOCATION: pihole
VIRTUAL_HOST: pihole.local
VIRTUAL_PORT: 80
TZ: "America/New_York"
DNS1: 208.67.222.222
DNS2: 1.1.1.1
WEBPASSWORD: stackexchange
# Add your own custom hostnames you need for your domain
# extra_hosts:
# Point any of the jwilder virtual_host addresses
# to your docker host ip address
# - 'pihole.yourdomain.local:192.168.1.55'
volumes:
- '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
# WARNING: if this log don't exist as a file on the host already
# docker will try to create a directory in it's place making for lots of errors
- '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
- '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
restart: always
networks:
beyonddc:
driver: bridge
# Must specify the name for the network again otherwise by default
# Docker will use the folder name as prefix of the network.
# The name field is only available in version 3.5 and beyond
name: beyonddc
ipam:
config:
- subnet: 172.20.0.0/16