我们最近将我们的基础设施升级到了新的 Strato KVM VPS。在我们设置了我们的 dockerized 服务之后,我们注意到我们的任何服务都无法通过其定义的端口访问。无论是从本地主机还是从外部。这种情况发生在 podman 和 docker 上。我们的图像工作正常。如果我们使用该--net host标志,一切都会正常工作并且可以访问,但这不是我们想要的,也不应该是必要的。如果您需要更多信息,请随时询问。
我们非常感激任何帮助。
附加信息:
os: ubuntu 22.04
podman: 3.4.4
cat /proc/sys/net/ipv6/conf/all/forwarding 1
cat /proc/sys/net/ipv4/ip_forward 1
cat /sys/module/ipv6/parameters/disable 0
接口(podman)
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
6: veth0b47ca4c@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether xx:xx:xx:xx:xx:xxbrd ff:ff:ff:ff:ff:ff link-netns cni-3b592073-b05b-6473-f81c-23018ac36950
inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
Podman 检查
[
{
"Id": "c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2",
"Created": "2023-06-23T07:40:22.316742043Z",
"Path": "docker-entrypoint.sh",
"Args": [
"node",
"server.js"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 13418,
"ConmonPid": 13415,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-06-23T07:40:22.546936291Z",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
},
"CgroupPath": "/machine.slice/libpod-c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2.scope"
},
"Image": "71c248232ca5eaf774116371245d524516a6fcf46abd2f99fe2c4b721eed77c9",
"ImageName": "nextjs-docker-test:main",
"Rootfs": "",
"Pod": "",
"ResolvConfPath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/resolv.conf",
"HostnamePath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/hostname",
"HostsPath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/hosts",
"StaticDir": "/var/lib/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata",
"OCIConfigPath": "/var/lib/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/config.json",
"OCIRuntime": "crun",
"ConmonPidFile": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/conmon.pid",
"PidFile": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/pidfile",
"Name": "nextjs-docker-test",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "containers-default-0.44.4",
"EffectiveCaps": null,
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/var/lib/containers/storage/overlay/ef964276b39d5c231f0bc8930d37d390edfc0ac85979882c76ea8f11afb2ed97/diff:/var/lib/containers/storage/overlay/2f321646b65a22c485d662a660fe1d4ca0af09e05bd69e886264db5375f4b592/diff:/var/lib/containers/storage/overlay/4ed7439a59a6561844e6e59ae14b20f3a9175cce3cc8973714f8816da94422e2/diff:/var/lib/containers/storage/overlay/fb3e6189305043478f27f86f34cfdcd77a0913bf31adea6b44c7d5c3252ed5bb/diff:/var/lib/containers/storage/overlay/dabf1d2858b89bf69c1b98e85b661abe837a7af196cf9f655426a12a32147e58/diff:/var/lib/containers/storage/overlay/027e7695d766dfd80b221dd37accdea27dd790ebe9ed059c52a8929fed1f9b94/diff:/var/lib/containers/storage/overlay/406c6f7fd87fd2cfd1f33236a8cb68449860265a170ea8a2713625809ec9355e/diff:/var/lib/containers/storage/overlay/739b7c1d47c50966c7056fa3cd650cf2c4acff257645c3dc6bdc0be4b3eb53c3/diff:/var/lib/containers/storage/overlay/58cafb3f4cd1cb8956b4a925072c958e57765037b7bc5d2e9b443530f7744600/diff:/var/lib/containers/storage/overlay/408c359632854f654eb3648038eb6cc7508d9a102d6d233fc6db090ceff2e247/diff:/var/lib/containers/storage/overlay/78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/diff",
"MergedDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/merged",
"UpperDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/diff",
"WorkDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/work"
}
},
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "xx:xx:xx:xx:xx:xx",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"3000/tcp": [
{
"HostIp": "",
"HostPort": "3001"
}
]
},
"SandboxKey": "/run/netns/cni-3b592073-b05b-6473-f81c-23018ac36950",
"Networks": {
"podman": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "xx:xx:xx:xx:xx:xx",
"NetworkID": "podman",
"DriverOpts": null,
"IPAMConfig": null,
"Links": null
}
}
},
"ExitCommand": [
"/usr/bin/podman",
"--root",
"/var/lib/containers/storage",
"--runroot",
"/run/containers/storage",
"--log-level",
"warning",
"--cgroup-manager",
"systemd",
"--tmpdir",
"/run/libpod",
"--runtime",
"crun",
"--events-backend",
"journald",
"container",
"cleanup",
"c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2"
],
"Namespace": "",
"IsInfra": false,
"Config": {
"Hostname": "c999130c8645",
"Domainname": "",
"User": "nextjs",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=podman",
"NODE_VERSION=18.16.1",
"YARN_VERSION=1.22.19",
"NODE_ENV=production",
"PORT=3000",
"HOME=/home/nextjs",
"HOSTNAME=c999130c8645"
],
"Cmd": [
"node",
"server.js"
],
"Image": "nextjs-docker-test:main",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": "docker-entrypoint.sh",
"OnBuild": null,
"Labels": null,
"Annotations": {
"io.container.manager": "libpod",
"io.kubernetes.cri-o.Created": "2023-06-23T07:40:22.316742043Z",
"io.kubernetes.cri-o.TTY": "false",
"io.podman.annotations.autoremove": "FALSE",
"io.podman.annotations.init": "FALSE",
"io.podman.annotations.privileged": "FALSE",
"io.podman.annotations.publish-all": "FALSE",
"org.opencontainers.image.stopSignal": "15"
},
"StopSignal": 15,
"CreateCommand": [
"podman",
"run",
"-p",
"3001:3000",
"--network=bridge",
"-d",
"--restart",
"unless-stopped",
"--name",
"nextjs-docker-test",
"nextjs-docker-test:main"
],
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10
},
"HostConfig": {
"Binds": [],
"CgroupManager": "systemd",
"CgroupMode": "private",
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": null,
"Path": "",
"Tag": "",
"Size": "0B"
},
"NetworkMode": "bridge",
"PortBindings": {
"3000/tcp": [
{
"HostIp": "",
"HostPort": "3001"
}
]
},
"RestartPolicy": {
"Name": "unless-stopped",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [
"CAP_AUDIT_WRITE",
"CAP_MKNOD",
"CAP_NET_RAW"
],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode": "private",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode": "private",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 2048,
"Ulimits": [
{
"Name": "RLIMIT_NOFILE",
"Soft": 1048576,
"Hard": 1048576
},
{
"Name": "RLIMIT_NPROC",
"Soft": 4194304,
"Hard": 4194304
}
],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
答案1
在与 Strato 进行了长时间的交谈后,他们承认,正如或多或少隐藏的常见问题解答中所述,VPS 并不完全支持 Docker。标签“docker ready”仅表示 Docker 可以部分工作。只要您使用该--net host标志,Docker 就可以正常工作。