环境
我正在尝试设置
- 用户-机器:dockerized VNC 连接容器(在 Docker 网络中虚拟机网络)用于不同目的
用户应使用以下方式连接这些
- 鳄梨酱:Apache Guacamole Web 前端(在 Docker 网络中web_network和虚拟机网络)
- 瓜德:Apache Guacamole 后端(在 Docker 网络中虚拟机网络)
- Nginx 远程控制:在 Nginx 反向代理后面(在 Docker 网络中web_network)。
工作中
一切都很好,除了一个问题,鳄梨酱/瓜德等着瞧用户-机器如果使用容器构建从 docker 启动,则从 Web 前端webhacking_webhacking:最新webhacking_2这是使用主机名和 IP进行 docker-compose 构建的结果172.29.0.6:
$ docker run --rm --name "webhacking_2" --hostname "webhacking_2" --expose 5900 --network vm_network -e VNC_PASSWORD="start123" -it webhacking_webhacking:latest /bin/bash
2020-05-28 08:57:04,664 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2020-05-28 08:57:04,664 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-05-28 08:57:04,671 INFO RPC interface 'supervisor' initialized
2020-05-28 08:57:04,671 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2020-05-28 08:57:04,672 INFO supervisord started with pid 11
2020-05-28 08:57:05,675 INFO spawned: 'xvfb' with pid 13
2020-05-28 08:57:05,679 INFO spawned: 'wm' with pid 14
2020-05-28 08:57:05,682 INFO spawned: 'lxpanel' with pid 15
2020-05-28 08:57:05,685 INFO spawned: 'pcmanfm' with pid 16
2020-05-28 08:57:05,688 INFO spawned: 'x11vnc' with pid 17
2020-05-28 08:57:06,714 INFO success: xvfb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: wm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: lxpanel entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: pcmanfm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: x11vnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
鳄梨酱
guacd_1 | guacd[7]: INFO: Creating new client for protocol "vnc"
guacd_1 | guacd[7]: INFO: Connection ID is "$67034bb0-91a7-48d6-b336-beb46fabfb22"
guacd_1 | guacd[9]: INFO: Cursor rendering: local
guacd_1 | guacd[9]: INFO: User "@3194c5cb-4a14-4e65-a874-e865ea75d558" joined connection "$67034bb0-91a7-48d6-b336-beb46fabfb22" (1 users now present)
guac_1 | 10:42:55.802 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "3".
不起作用
webhacking_webhacking_1当使用主机名和 IP通过 docker-compose 运行时,Guacamole Web Frontend 看不到机器172.29.0.5:
$ docker-compose up
Recreating webhacking_webhacking_1 ... done
Attaching to webhacking_webhacking_1
webhacking_1 | stored passwd in file: /.password2
webhacking_1 | 2020-05-28 08:54:58,448 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
webhacking_1 | 2020-05-28 08:54:58,448 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
webhacking_1 | 2020-05-28 08:54:58,455 INFO RPC interface 'supervisor' initialized
webhacking_1 | 2020-05-28 08:54:58,455 CRIT Server 'unix_http_server' running without any HTTP authentication checking
webhacking_1 | 2020-05-28 08:54:58,456 INFO supervisord started with pid 15
webhacking_1 | 2020-05-28 08:54:59,460 INFO spawned: 'xvfb' with pid 17
webhacking_1 | 2020-05-28 08:54:59,464 INFO spawned: 'wm' with pid 18
webhacking_1 | 2020-05-28 08:54:59,468 INFO spawned: 'lxpanel' with pid 19
webhacking_1 | 2020-05-28 08:54:59,475 INFO spawned: 'pcmanfm' with pid 20
webhacking_1 | 2020-05-28 08:54:59,479 INFO spawned: 'x11vnc' with pid 21
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: xvfb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: wm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: lxpanel entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: pcmanfm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: x11vnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
鳄梨酱
guacd_1 | guacd[7]: INFO: Creating new client for protocol "vnc"
guacd_1 | guacd[7]: INFO: Connection ID is "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d"
guacd_1 | guacd[9]: INFO: Cursor rendering: local
guacd_1 | guacd[9]: INFO: User "@9647b720-2c45-4922-9674-54d2e52a9c62" joined connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" (1 users now present)
guac_1 | 10:39:22.733 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "2".
guacd_1 | guacd[9]: ERROR: Unable to connect to VNC server.
guacd_1 | guacd[9]: INFO: User "@9647b720-2c45-4922-9674-54d2e52a9c62" disconnected (0 users remain)
guacd_1 | guacd[9]: INFO: Last user of connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" disconnected
guac_1 | Exception in thread "Thread-6" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:424)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
guac_1 | 10:39:22.961 [http-nio-8080-exec-2] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "2". Duration: 222 milliseconds
guacd_1 | guacd[7]: INFO: Connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" removed.
机器防故障
- 两台机器都有正常运行的 VNC 服务并公开端口 5900。
- 两台机器都正在解析并 ping鳄梨酱/瓜德
$ docker exec -it guacamole_guac_1 /bin/bash
$ nmap -sV webhacking_webhacking_1 -p 5900
Starting Nmap 7.40 ( https://nmap.org ) at 2020-05-28 10:12 UTC
Nmap scan report for webhacking_webhacking_1 (172.29.0.5)
Host is up (0.00018s latency).
rDNS record for 172.29.0.5: webhacking_webhacking_1.vm_network
PORT STATE SERVICE VERSION
5900/tcp open vnc VNC (protocol 3.8)
MAC Address: 02:42:AC:1D:00:05 (Unknown)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
root@guac:/opt/guacamole# nmap -sV webhacking_2 -p 5900
Starting Nmap 7.40 ( https://nmap.org ) at 2020-05-28 10:13 UTC
Nmap scan report for webhacking_2 (172.29.0.6)
Host is up (0.00015s latency).
rDNS record for 172.29.0.6: webhacking_2.vm_network
PORT STATE SERVICE VERSION
5900/tcp open vnc VNC (protocol 3.8)
MAC Address: 02:42:AC:1D:00:06 (Unknown)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
问题
似乎使用 docker-compose 的 websocket 连接无法正常工作。有人知道或经历过类似的事情吗?谢谢。
配置
docker-compose 文件
$ cat docker-compose.yml
version: '3.5'
networks:
vm_network:
external:
name: vm_network
services:
webhacking:
build:
context: webhacking-build
hostname: webhacking_1
restart: always
volumes:
- ./data/root:/root
- ./data/home:/home
- /dev/shm:/dev/shm
env_file:
- secrets/webhacking.env
expose:
- "5900"
networks:
- vm_network
#secrets/webhacking.env
VNC_PASSWORD="start123"
虚拟机网络
# docker network inspect vm_network
[
{
"Name": "vm_network",
"Id": "e418112d4d58da6d376ef25cbf5677279ab499b2db1c2a5096c3d6e456f63087",
"Created": "2020-05-26T21:13:54.474337358+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.29.0.0/16",
"Gateway": "172.29.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"44e7ac918655bd441dd789c4fcc6b7c6c3d33603975e0034ae2fa75840bb488e": {
"Name": "webhacking_webhacking_1",
"EndpointID": "052d6f94785a52f2dc5f5ff59e1998cbcb21cfda4b9397de6333703ae71fd30d",
"MacAddress": "02:42:ac:1d:00:05",
"IPv4Address": "172.29.0.5/16",
"IPv6Address": ""
},
"5e392ff855e7504cb50f6315c93e045f7216654bad5f9230c5b6913763664202": {
"Name": "guacamole_postgres_1",
"EndpointID": "bcbef56dcade3bdd9663d68e73fbd5174287266b53eb8361cf053dfcb5889d29",
"MacAddress": "02:42:ac:1d:00:02",
"IPv4Address": "172.29.0.2/16",
"IPv6Address": ""
},
"92d1c06384a5cad66357b7c4de66115ed67f99b8bd4fa88b8ef8c73d31ec816e": {
"Name": "webhacking_2",
"EndpointID": "6940e7255536a8344fc503f06d6c3785a7a1d0f676ee2134bfb82a53231c9697",
"MacAddress": "02:42:ac:1d:00:06",
"IPv4Address": "172.29.0.6/16",
"IPv6Address": ""
},
"ce0b21324edb7cf2535724816d787836b8e66a8465027a7e2b055333ce4a3aa8": {
"Name": "guacamole_guac_1",
"EndpointID": "dad7c45b8482045e0066bddaaa364aed24fcf58751aa0ed59ba2e6a551c7c389",
"MacAddress": "02:42:ac:1d:00:04",
"IPv4Address": "172.29.0.4/16",
"IPv6Address": ""
},
"f4c0af6e0028113fc4dff56ee977a4ad7700d139cba5fe21f88257f2a5c4c391": {
"Name": "guacamole_guacd_1",
"EndpointID": "221bbf2229fd241026a07f8583000a64e8b5b10fd431ae7b8ba363c89a1f0921",
"MacAddress": "02:42:ac:1d:00:03",
"IPv4Address": "172.29.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
版本
$ docker-compose -v
docker-compose version 1.21.0, build unknown
$ docker -v
Docker version 18.09.1, build 4c52b90
$ uname -a
Linux <hostname> 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/Linux