[英]SSH tunnel to remote docker service
I have a server with several Docker services ran by docker-compose
. 我有一台服务器,其中有多个由docker-compose
运行的Docker服务。 Database service looks like this: 数据库服务如下所示:
myproject_influxdb:
container_name: myproject_influxdb
image: 'influxdb:alpine'
volumes:
- '/var/lib/influxdb:/var/lib/influxdb'
- './influxdb.conf:/etc/influxdb/influxdb.conf'
ports:
- '8086:8086'
It can be accessed by myproject_influxdb:8086
from other containers. myproject_influxdb:8086
从其他容器中访问它。
Now I want to connect to that database from my local docker service. 现在,我想从本地docker服务连接到该数据库。 I run ssh -L 8086:localhost:8086 user@host
in a new terminal. 我在新终端中运行ssh -L 8086:localhost:8086 user@host
。 Then I try to connect to remote myproject_influxdb
service but no matter what host I enter ( localhost
, myproject_influxdb
, 0.0.0.0
) I get same error: [Errno 111] Connection refused
. 然后,我尝试连接到远程myproject_influxdb
服务,但是无论我输入什么主机( localhost
, myproject_influxdb
, 0.0.0.0
),我都会遇到相同的错误: [Errno 111] Connection refused
。
Is it because both remote and host services are not using network_mode: "host"
? 是因为远程服务和主机服务都没有使用network_mode: "host"
吗?
docker-compose
services are on different network than standard docker run
containers. docker-compose
服务与标准docker run
容器位于不同的网络上。
That is why the myproject_influxdb
wont work. 这就是为什么myproject_influxdb
无法正常工作的原因。 If you are inside docker container and try to access something with localhost
you are just inside the same container (not the host). 如果您位于docker容器中并尝试使用localhost
访问某些内容,则您位于同一容器(而不是主机)中。 With that being said you can access the influxdb via the exposed port on host with 话虽如此,您可以通过主机上的暴露端口访问influxdb
host_ip:8086
to get the ip address of host you can use this bash command 要获取主机的IP地址,可以使用此bash命令
/sbin/ip route|awk '/default/ { print $3 }'
Two option: 两种选择:
1) Use --network=host
to run your container locally like so 1)使用--network=host
像这样在本地运行容器
docker run -it --rm --network=host -p 8888:8888 chronograf --influxdb-url=http://localhost:8086
However this does give your container access to your entire host network, which raises security vulnerabilities. 但是,这确实使您的容器可以访问整个主机网络,从而增加了安全漏洞。
2) You could to connect the tunnel to your local Docker bridge network and then tell your local docker container to use the bridge's IP as well. 2)您可以将隧道连接到本地Docker桥网络,然后告诉本地Docker容器也使用桥的IP。
You can get your local bridge IP address with either ip addr
or docker network inspect bridge
您可以使用ip addr
或docker network inspect bridge
获取本地网桥IP地址
After that your ssh command would be 之后,您的ssh命令将是
ssh -L <bridge-ip>:8086:localhost:8086 user@host
If, like me, you were trying to run chronograf locally, this shell script would do it for you. 如果像我一样,您尝试在本地运行chronograf,则此shell脚本将为您完成此操作。
#! /usr/bin/env sh
echo "Retrieving BRIDGE IP"
BRIDGE_IP=$(docker network inspect --format '{{(index .IPAM.Config 0).Gateway}}' bridge)
echo "Found BRIDGE_IP: ${BRIDGE_IP}"
ssh -NL ${BRIDGE_IP}:8086:127.0.0.1:8086 <user>@<host> &
PID=$!
echo "Saved SSH PID: ${PID}"
docker run -it --rm -p 8888:8888 chronograf --influxdb-url=http://${BRIDGE_IP}:8086
kill $PID
echo "Done ..."
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.