简体繁体 English

将docker容器ip设置为全局ip

[英]set docker container ip to global ip

原文 2017-09-08 18:40:49 4 1 docker/ networking

I am currently trying to set a ip to container which can accessed by any other machine within the network. 我目前正在尝试将IP设置为容器，该容器可以被网络内的任何其他计算机访问。 The network in which my docker-host machine is 9.158.143.0/24 with a gateway 9.158.143.254. 我的docker-主机所在的网络是9.158.143.0/24，带有网关9.158.143.254。 Tried setting the ip(any free) within the subnet 9.158.143.0/24 with network type as bridge.It did not work(not even able to ping the container within docker host machine). 尝试在子网9.158.143.0/24中将ip（任何免费）设置为网络类型作为网桥。它不起作用（甚至无法ping通docker主机中的容器）。 Then created a user defined network with subnet 9.10.10.0/24 and network driver as bridge. 然后创建一个用户定义的网络，子网为9.10.10.0/24，网络驱动程序为网桥。 the container created is pingable but only within docker host machine. 创建的容器可ping通，但只能在docker主机内。 Is there any way that this container be accessible from all the machine within the network(not just docker host machine). 是否可以通过网络中的所有机器（不仅仅是docker主机）访问此容器。 PS: i do not want to expose the port.(Is changing routes helpful ..i know very little networking) PS：我不想暴露端口。（更改路由很有帮助..我知道很少联网）

I aso tried userdefined network with macvlan driver. 我也尝试了使用macvlan驱动程序的用户定义网络。 in this case i am able to ping container from other machines but not from docker host machine where container is present 在这种情况下，我可以从其他机器ping容器，但不能从存在容器的docker主机上ping

1 个解决方案

To do this, you need to: 为此，您需要：

1- dedicate a new address for this container, on your local network; 1-在您的本地网络上为此容器指定一个新地址；

2- configure this address as a secondary address on your docker engine host; 2-将此地址配置为docker引擎主机上的辅助地址;

3- enable routing between local interfaces on your docker engine host; 3-在docker引擎主机上的本地接口之间启用路由;

4- use iptables to redirect the connections to this new address to your container. 4-使用iptables将连接重定向到此新地址到您的容器。

Here is an example: 这是一个例子：

We suppose: 我们假设：

your container instance is named myinstance 您的容器实例名为myinstance
your LAN network interface is named eth0 您的LAN网络接口名为eth0
you have chosen the available network address 192.168.1.178 on your LAN 您已经在局域网上选择了可用的网络地址192.168.1.178

So, you need to do the following: 因此，您需要执行以下操作：

start your container (in this example, we start a web server): 启动您的容器（在此示例中，我们启动一个Web服务器）：
docker run --rm -t -i --name=mycontainer httpd:2.2-alpine
enable local IP routing: 启用本地IP路由：
sysctl -w net.ipv4.ip_forward=1
add a secondary address for your container: 为您的容器添加辅助地址：
ip addr add 192.168.1.178/24 dev eth0
redirect connections for this address to your container: 将此地址的连接重定向到您的容器：
First, find your container local address: 首先，找到您的容器本地地址：
% docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mycontainer ％docker inspect --format ='{{range .NetworkSettings.Networks}} {{。IPAddress}} {{end}}'mycontainer
172.17.0.2 172.17.0.2
Now, use this local address with iptables : 现在，将此本地地址与iptables ：
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.178/32 -j DNAT --to 172.17.0.2 iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.178/32 -j DNAT-至172.17.0.2

Finally, you can check it works by accessing http://192.168.1.178/ from any other host on your LAN. 最后，您可以通过从LAN上的任何其他主机访问http://192.168.1.178/来检查其是否有效。