我正在尝试在我的服务器上安装 mailcow-dockerized,但我遇到了 Docker 网络问题。我尝试了几种方法,但容器中的连接超时次数很多。
为了解决这个问题,我决定放弃 Mailcow,只安装 Docker 来尝试找出这些连接超时的来源。
因此,我从我的 VPS 供应商处安装了一个新的 Ubuntu 20.04 映像,并像这样设置了 ufw 防火墙:
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw limit ssh
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow smtp
sudo ufw allow submission
sudo ufw allow submissions
sudo ufw allow pop3
sudo ufw allow pop3s
sudo ufw allow imap2
sudo ufw allow imaps
sudo ufw allow 4190/tcp
sudo ufw allow 8080/tcp
sudo systemctl enable ufw
sudo ufw enable
get-docker.sh我使用以下脚本安装了 Dockerhttps://get.docker.com
然后我在文件 /etc/docker/daemon.json 中启用了 IPV6:
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
重新启动服务器并创建docker-compose.yaml:
version: '2.1'
services:
S2:
image: nginx:latest
ports:
- 80:80
restart: always
networks:
n1:
ipv4_address: 172.22.1.254
aliases:
- s2
S3:
image: nginx:latest
ports:
- 8080:80
restart: always
networks:
n1:
ipv4_address: 172.22.1.248
aliases:
- s3
networks:
n1:
driver: bridge
driver_opts:
com.docker.network.bridge.name: n1
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.22.1.0/24
- subnet: fd4d:6169:6c63:6f77::/64
我从 Mailcow git 中的 docker-compose.yaml 中获得了此网络配置,并对其进行了更改以适应我的测试。
我使用 运行容器docker-compose up -d。
curl localhost 80当我在主机服务器上执行操作时,它返回 Nginx 的默认 index.html 内容,但是...连接暂停了几分钟然后 shell 最后显示以下消息:
curl: (28) Failed to connect to 80 port 80: Connection timed out
当我在本地计算机上运行时curl <myservername.com> 80,它也返回来自默认 Nginx 的 index.html 内容,但末尾带有以下消息:
curl: (7) Failed to connect to 0.0.0.80 port 80 after 0 ms: Network unreachable
关于我为什么会收到这些错误,有什么线索吗?
PS:我的ufw状态:
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
25/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
465/tcp ALLOW IN Anywhere
110/tcp ALLOW IN Anywhere
995/tcp ALLOW IN Anywhere
143/tcp ALLOW IN Anywhere
993/tcp ALLOW IN Anywhere
4190/tcp ALLOW IN Anywhere
8080/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
25/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
465/tcp (v6) ALLOW IN Anywhere (v6)
110/tcp (v6) ALLOW IN Anywhere (v6)
995/tcp (v6) ALLOW IN Anywhere (v6)
143/tcp (v6) ALLOW IN Anywhere (v6)
993/tcp (v6) ALLOW IN Anywhere (v6)
4190/tcp (v6) ALLOW IN Anywhere (v6)
8080/tcp (v6) ALLOW IN Anywhere (v6)
lsof 的结果如下:
# lsof -i -P -n | grep LISTEN
sshd 967 root 3u IPv4 35459 0t0 TCP *:22 (LISTEN)
sshd 967 root 4u IPv6 35461 0t0 TCP *:22 (LISTEN)
docker-pr 1290 root 4u IPv4 39102 0t0 TCP *:80 (LISTEN)
docker-pr 1308 root 4u IPv6 38124 0t0 TCP *:80 (LISTEN)
docker-pr 1322 root 4u IPv4 38165 0t0 TCP *:8080 (LISTEN)
docker-pr 1328 root 4u IPv6 38172 0t0 TCP *:8080 (LISTEN)
curl localhost 80在主机中运行时Termshark监控:
No. - Time - Source - Destination - Protocol - Length - Info -
1 0.000000 fd4d:6169:6c63 fd4d:6169:6c63 TCP 94 39946 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=
2 0.000047 fd4d:6169:6c63 fd4d:6169:6c63 TCP 94 80 → 39946 [SYN, ACK] Seq=0 Ack=1 Win=64260
3 0.000088 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=
4 0.000516 fd4d:6169:6c63 fd4d:6169:6c63 HTTP 159 GET / HTTP/1.1
5 0.000544 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 80 → 39946 [ACK] Seq=1 Ack=74 Win=64256 Len
6 0.000765 fd4d:6169:6c63 fd4d:6169:6c63 TCP 324 HTTP/1.1 200 OK [TCP segment of a reassemb
7 0.000791 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=239 Win=64768 L
8 0.000821 fd4d:6169:6c63 fd4d:6169:6c63 HTTP 701 HTTP/1.1 200 OK (text/html)
9 0.000829 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=854 Win=64256 L
10 65.01291 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 80 → 39946 [FIN, ACK] Seq=854 Ack=74 Win=64
11 65.05677 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=855 Win=64256 L
12 130.8576 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [FIN, ACK] Seq=74 Ack=855 Win=64
13 130.8577 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
14 131.0647 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
15 131.0648 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
16 131.2727 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
17 131.2728 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
18 131.6888 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
19 131.6888 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
20 132.5208 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
21 132.5209 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
22 134.1847 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
23 134.1850 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
24 137.5129 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
25 137.5131 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
curl <myserver.com> 80在我的计算机上运行时 Termshark 的结果
No. - Time - Source - Destination - Protocol - Length - Info -
1 0.000000 170.78.36.7 172.22.1.254 TCP 66 62787 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=
2 0.000063 172.22.1.254 170.78.36.7 TCP 66 80 → 62787 [SYN, ACK] Seq=0 Ack=1 Win=64240
3 0.007119 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=1 Ack=1 Win=131840 Len
4 0.009563 170.78.36.7 172.22.1.254 HTTP 133 GET / HTTP/1.1
5 0.009628 172.22.1.254 170.78.36.7 TCP 54 80 → 62787 [ACK] Seq=1 Ack=80 Win=64256 Len
6 0.009884 172.22.1.254 170.78.36.7 TCP 292 HTTP/1.1 200 OK [TCP segment of a reassemb
7 0.010001 172.22.1.254 170.78.36.7 HTTP 669 HTTP/1.1 200 OK (text/html)
8 0.019889 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=80 Ack=854 Win=130816
9 0.039001 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [FIN, ACK] Seq=80 Ack=854 Win=13
10 0.039211 172.22.1.254 170.78.36.7 TCP 54 80 → 62787 [FIN, ACK] Seq=854 Ack=81 Win=64
11 0.046453 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=81 Ack=855 Win=130816
答案1
请注意,某些防火墙会添加特定规则以使其正常运行。我不确定这是否也与 UFW 有关,但可能是这样的。
当我使用 Iptables 时发生这种情况时,我不得不添加一些规则来将特定端口上的传入连接转发到 Docker 网络上我的服务的特定端口。因此,如果我在端口 80 上接收连接,但我的 dockerized 服务公开端口 8080,在某些情况下,即使您指定映射:“80:8080”,仍然需要向防火墙添加一些转发规则。
您可以仔细检查的另一件事是主机服务器是否可以“调用”自身。
可以帮助您排除故障的一个命令是:
curl -Ivvv host port
答案2
我将测试范围改为安装了 NGinx 的简单 VPS 服务器,没有安装 Docker,http 超时问题仍然存在,所以......我发现问题是由我本地 VPS 供应商的基础设施引起的......
我将服务器更换为另一个供应商,一切都运行正常......