如何为Docker容器提供自己的可路由IP(与主机的IP不同)?
[英]How to give a docker container its own routable IP (different from the host's)?
问题描述
I am trying to give containers a routable IP. 
我正在尝试为容器提供可路由的IP。 My local network is 192.168.1.0/24 and I'd like to use 192.168.1.17/29 to give containers. 我的本地网络是192.168.1.0/24,我想使用192.168.1.17/29来提供容器。
The goal is to have each container have their own IP. 目标是使每个容器都有自己的IP。 This way if two containers run a webserver on port 80, I can reach them directly from any other host on the local network via their unique IP on port 80 instead of mapping them to different ports on the shared host's IP. 这样,如果两个容器在端口80上运行Web服务器,我可以通过端口80上的唯一IP从本地网络上的任何其他主机直接访问它们,而不必将它们映射到共享主机IP上的其他端口。
Similar to how a physical machine with its own network card would each have distinct 192.168.1.xxx IPs on the network. 与具有自己的网卡的物理机在网络上各自具有不同的192.168.1.xxx IP的方式类似。
I tried this: 我尝试了这个:
docker network create --subnet 192.168.1.0/24 --ip-range 192.168.1.17/29 --gateway 192.168.1.1 test_nw
which yields the following: 结果如下:
$ docker network inspect test_nw
[
{
"Name": "test_nw",
"Id": "96bd574300059ef3710527a9bd0b3010d3b3c22d8de321ff459697eda96ab5e6",
"Created": "2017-12-06T21:50:08.591070587-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.1.0/24",
"IPRange": "192.168.1.17/29",
"Gateway": "192.168.1.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
In this case from within a container, I can ping 192.168.1.1 but I can't ping anything on the internet (either by IP or by hostname.), and I can't even ping other devices on the local network (192.168.1.2 exists but is unreachable) 在这种情况下,我可以在容器内ping 192.168.1.1,但是无法ping通Internet上的任何内容(通过IP或主机名。),甚至无法ping通本地网络(192.168.0.0)上的其他设备。 1.2存在但无法访问)
The host (my laptop) is also unable to reach anything on the internet or on my local network anymore until I remove this network with docker network rm . 除非我使用docker network rm删除该网络,否则主机(我的笔记本电脑)也无法再访问Internet或本地网络上的任何内容。
I'm obviously missing something, but I can't understand what. 我显然缺少了一些东西,但是我不明白是什么。 Is there any way to achieve what I'm trying to do? 有什么方法可以实现我的目标?
1 个解决方案
解决方案1
0 2017-12-07 03:33:46
This way if two containers run a webserver on port 80, I can reach them directly from any other host on the local network via their unique IP on port 80 instead of mapping them to different ports on the shared host's IP.
I think maybe you are thinking about this problem wrong. 我认为也许您在想这个问题是错误的。 You don't have to map them to different ports on the shared host's IP. 您不必将它们映射到共享主机IP上的其他端口。 The most common way of solving this problem is to assign multiple ip addresses to the host. 解决此问题的最常见方法是将多个IP地址分配给主机。 For example, if my host is 192.168.1.100 , I might add some additional addresses: 例如,如果我的主机是192.168.1.100 ,我可能会添加一些其他地址:
ip addr add 192.168.1.200/24 dev eth0
ip addr add 192.168.1.201/24 dev eth0
Now I can start up one webserver and bind it to the first ip address: 现在,我可以启动一个网络服务器并将其绑定到第一个IP地址:
docker run -p 192.168.1.200:80:80 mywebserver1
And I can start another webserver and map that to port 80 on the other address: 我可以启动另一个Web服务器,并将其映射到另一个地址上的端口80:
docker run -p 192.168.1.201:80:80 mywebserver2
This seems to meet your goal. 这似乎满足您的目标。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.