堆栈内存溢出
  简体   繁体   English

带Docker的Windows容器:无法从主机到达容器中的httpd(Win2016 TP5)

[英]Windows Container with Docker: Cannot reach httpd in container from host (Win2016 TP5)

 原文  2016-05-09 08:56:36       windows/ docker/ containers

问题描述

I have a Windows Server 2016 TP5 machine that I use as a container host. 我有一台Windows Server 2016 TP5机器,我用它作为容器主机。

I have a Windows Container running that I manage with Docker . 我有一个运行的Windows容器 ,我使用Docker管理 Inside this container I have an Apache httpd running on port 88. 在这个容器里面,我有一个在端口88上运行的Apache httpd。

The port mapping when I start the container is: 0.0.0.0:80->88/tcp , so I map port 80 of my container host to port 88 of the container. 启动容器时的端口映射是: 0.0.0.0:80->88/tcp :80-> 88 / 0.0.0.0:80->88/tcp ,因此我将容器主机的端口80映射到容器的端口88。 This is the output from docker inspect : http://pastebin.com/AVem1eGV 这是docker inspect的输出: http//pastebin.com/AVem1eGV

I can now reach the Apache http start page from any other computer in the network through the DNS or IP. 我现在可以通过DNS或IP从网络中的任何其他计算机访问Apache http起始页面。

In my case: 就我而言:

But the same does not work when I try to call the same from the host system itself or from inside the container . 但是当我尝试从主机系统本身或从容器内部调用相同内容时同样不起作用 So, on the host system, I try to access the same URL via browser or wget, and getting: 因此,在主机系统上,我尝试通过浏览器或wget访问相同的URL,并获取: 

C:\> wget -UseBasicParsing http://documents.test2016-3.company.com/
wget : Unable to connect to the remote server

in both cases. 在这两种情况下。

But I can ping the host from both the host itself as well as the container. 但我可以从主机本身以及容器中ping主机。

From the host: 来自主持人: 

C:\>ping test2016-3.company.com    
Ping wird ausgeführt für TEST2016-3.company.com [fe80::847a:1430:8a10:b120%4] mit 32 Bytes Daten:

From the container: 从容器: 

PS C:\> ping documents.test2016-3.company.com
Pinging documents.test2016-3.company.com [10.10.1.162] with 32 bytes of data:

which seems to be able to resolve the name just fine. 这似乎能够很好地解决这个名字。

What does work though is to call the Apache default page via the container hostname (which is win-de6u4068naf) and its running port directly (not through the port mapping), both from the host as well as inside the container: 这是什么工作 ,虽然是直接(不通过端口映射)调用通过容器的主机端口运行Apache的默认页面(这是双赢的de6u4068naf)和,无论是从主机以及容器内:

http://win-de6u4068naf:88/ HTTP://共赢de6u4068naf:88 /

Just going the route through the container host hostname and mapped port from the host or container itself does not work properly! 只是从主机或容器本身通过容器主机主机名和映射端口的路径不能正常工作!

Firewall rules allow everything on port 80 from any remote address or to port 80 (=inbound and outbound rules are both set to "allow" for "any"). 防火墙规则允许来自任何远程地址或端口80的端口80上的所有内容(=入站和出站规则都设置为“允许”为“任何”)。

I know that Microsoft/Docker changed the networking code base of the container/docker support from Windows Server 2016 TP4 to TP5. 我知道Microsoft / Docker将容器/ docker支持的网络代码库从Windows Server 2016 TP4更改为TP5。 Not sure if that's related, or whether this is a bug or I'm having something not configured correctly yet. 不确定这是否相关,或者这是一个错误还是我还没有正确配置。

I made a test and left Docker/Container out of the picture above and installed a plain Apache httpd itself on the container host system on port 80 (and no Docker running at all) just to check whether such setup works or not, in order to be sure that it is actually somehow Docker/Container related and not a problem with my network/host configuration in general. 我做了一个测试,并将Docker / Container从上面的图片中删除,并在端口80上的容器主机系统上安装了一个普通的Apache httpd(并且根本没有运行Docker),只是为了检查这样的设置是否有效,以便确保它实际上与Docker / Container有关,而不是我的网络/主机配置问题。 And this works fine, I can reach the Apache from outside as well as from the host itself, thus it must be a Docker/Container related problem. 这工作正常,我可以从外部以及从主机本身到达Apache,因此它必须是与Docker / Container相关的问题。

Environment: 环境:

  • Windows Server 2016 TP5 Windows Server 2016 TP5
  • Docker version 1.12.0-dev, build 2b97201 Docker版本1.12.0-dev,build 2b97201

1 个解决方案

解决方案1
 1 已采纳  2016-05-10 05:48:00

Got a reply on Microsoft's Github: 得到了对微软的Github的回复:

https://github.com/Microsoft/Virtualization-Documentation/issues/253#issuecomment-217975932 https://github.com/Microsoft/Virtualization-Documentation/issues/253#issuecomment-217975932

This is a known limitation in our Windows NAT implementation (WinNAT) that you cannot access the external port in a static port mapping directly from the container (NAT) host. 这是我们的Windows NAT实现(WinNAT)中的一个已知限制,您无法直接从容器(NAT)主机访问静态端口映射中的外部端口。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Windows Server 2016 TP4 上的 Docker 通过 powershell 在容器中下载 git - Docker on Windows Server 2016 TP4 Downloading git in container through powershell Windows docker 容器无法 ping 主机 - Windows docker container cannot ping host Windows 2016:Docker容器错误 - Windows 2016: Docker container error 在Windows上的Docker容器中访问主机 - Access a host from within a Docker container on Windows 从远程计算机(而不是容器主机)建立到Windows docker容器的PSSession - Establish PSSession to Windows docker container from remote machine (not container host) Windows上的Docker:如何使用容器IP从主机连接到容器? - Docker on Windows: how to connect to container from host using container IP? 如何从 Windows 主机上的 docker 容器内部执行 docker 命令 - how to execute docker command from inside docker container on windows host 在 Windows Server 2016 TP4 上安装 Docker - Installing Docker on Windows Server 2016 TP4 Windows 10 Docker主机 - 从Linux容器中显示GUI应用程序 - Windows 10 Docker Host - Display GUI application from Linux Container 从另一台机器连接到 windows 主机上的 docker 容器 - Connect to docker container on windows host from another machine
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM