编辑#3:
通过禁用 FirewallD 来修复。原来是因为我对 CentOS 缺乏了解。我之前没有遇到过这个问题,因为阿里云认为最好先禁用防火墙。
Docker 使用 iptables,而 CentOS 有自己的 iptables 版本,即 firewalld,但有趣的是 firewalld 仍然使用 iptables 命令与 netfilter 内核钩子进行通信。
$ systemctl stop firewalld
$ systemctl disable firewalld
$ systemctl mask firewalld
$ yum install iptables-services
编辑#2:
不要遵循这个快速解决方法
这破坏了 NGINX 代理 IP 地址日志(而不是真实 IP 地址,NGINX 日志 172.21.0.1)。
卷/nginx/proxy.conf
proxy_set_header X-Real-IP $remote_addr;
编辑:
快速修复,您觉得怎么样?
$ firewall-cmd --zone=public --add-masquerade --permanent && firewall-cmd --reload
该问题与 UpCloud centos 8.0 发行版有关。
我对 UpCloud 和 Cloudflare 都很陌生。我决定使用 Cloudflare 而不是阿里云 DNS(高延迟会减慢 TTFB),并计划使用 UpCloud 托管较小的项目,因为 UpCloud 的出口定价比阿里云便宜 10 倍,因此我可以接触到较小的客户。
我以前使用过阿里云及其 DNS 产品,没有遇到过这个问题,ACME 挑战失败,所以我使用快速修复来解决docker no route to host的问题。
预期行为
ACME 挑战成功
当前行为
来自 docker 容器的 ping 请求
$ ping acme-v02.api.letsencrypt.org
ping: bad address 'acme-v02.api.letsencrypt.org'
$ ping google.com
ping: bad address 'google.com'
ACME 挑战失败。
letsencrypt | An unexpected error occurred:
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt | conn = connection.create_connection(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt | for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt | File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt | for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt | socket.gaierror: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt | httplib_response = self._make_request(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt | self._validate_conn(conn)
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt | conn.connect()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt | conn = self._new_conn()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt | raise NewConnectionError(
letsencrypt | urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt | resp = conn.urlopen(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt | retries = retries.increment(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt | raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
重现步骤
- git 克隆https://github.com/tempatkerja/docker-odoo
- 按照说明操作
- 快速修复 Docker 没有路由到主机的问题“我使用云提供商阿里云,我从来不用这样做”
我不知道为什么,但是 UpCloud 的 centos 发行版与 Docker 的行为很奇怪,我的意思是 Docker 容器无法在容器之间通信,尽管端口已暴露或容器已链接。
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 4 -i docker0 -j ACCEPT && firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=172.17.0.0/16 accept' && firewall-cmd --reload
sysctl net.bridge.bridge-nf-call-iptables=0
sysctl net.bridge.bridge-nf-call-arptables=0
sysctl net.bridge.bridge-nf-call-ip6tables=0
systemctl restart docker
环境
操作系统:Centos 8.0
CPU 架构:我不知道。
如何安装docker服务: https://github.com/jasononggo/docs/blob/master/DOCKER.md
用于创建 docker 容器的命令(run/create/compose/screenshot)
我更改了 URL、DNSPLUGIN 和 EMAIL 参数。 docker-compose.yml
Docker 日志
letsencrypt | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
letsencrypt | [s6-init] ensuring user provided files have correct perms...exited 0.
letsencrypt | [fix-attrs.d] applying ownership & permissions fixes...
letsencrypt | [fix-attrs.d] done.
letsencrypt | [cont-init.d] executing container initialization scripts...
letsencrypt | [cont-init.d] 01-envfile: executing...
letsencrypt | [cont-init.d] 01-envfile: exited 0.
letsencrypt | [cont-init.d] 10-adduser: executing...
letsencrypt | usermod: no changes
letsencrypt |
letsencrypt | -------------------------------------
letsencrypt | _ ()
letsencrypt | | | ___ _ __
letsencrypt | | | / __| | | / \
letsencrypt | | | \__ \ | | | () |
letsencrypt | |_| |___/ |_| \__/
letsencrypt |
letsencrypt |
letsencrypt | Brought to you by linuxserver.io
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | To support the app dev(s) visit:
letsencrypt | Let's Encrypt: https://letsencrypt.org/donate/
letsencrypt |
letsencrypt | To support LSIO projects visit:
letsencrypt | https://www.linuxserver.io/donate/
letsencrypt | -------------------------------------
letsencrypt | GID/UID
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | User uid: 1000
letsencrypt | User gid: 1000
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | [cont-init.d] 10-adduser: exited 0.
letsencrypt | [cont-init.d] 20-config: executing...
letsencrypt | [cont-init.d] 20-config: exited 0.
letsencrypt | [cont-init.d] 30-keygen: executing...
letsencrypt | using keys found in /config/keys
letsencrypt | [cont-init.d] 30-keygen: exited 0.
letsencrypt | [cont-init.d] 50-config: executing...
letsencrypt | Variables set:
letsencrypt | PUID=1000
letsencrypt | PGID=1000
letsencrypt | TZ=UTC
letsencrypt | SUBDOMAINS=www,
letsencrypt | EXTRA_DOMAINS=
letsencrypt | ONLY_SUBDOMAINS=false
letsencrypt | DHLEVEL=4096
letsencrypt | VALIDATION=dns
letsencrypt | DNSPLUGIN=cloudflare
letsencrypt | STAGING=
letsencrypt |
letsencrypt | 4096 bit DH parameters present
letsencrypt | SUBDOMAINS entered, processing
letsencrypt | SUBDOMAINS entered, processing
letsencrypt | dns validation via cloudflare plugin is selected
letsencrypt | Generating new certificate
letsencrypt | Saving debug log to /var/log/letsencrypt/letsencrypt.log
letsencrypt | Plugins selected: Authenticator dns-cloudflare, Installer None
letsencrypt | An unexpected error occurred:
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt | conn = connection.create_connection(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt | for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt | File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt | for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt | socket.gaierror: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt | httplib_response = self._make_request(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt | self._validate_conn(conn)
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt | conn.connect()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt | conn = self._new_conn()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt | raise NewConnectionError(
letsencrypt | urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt | resp = conn.urlopen(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt | retries = retries.increment(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt | raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
诚挚的,杰森