SSH隧道到远程docker服务
[英]SSH tunnel to remote docker service
问题描述
I have a server with several Docker services ran by docker-compose . 
我有一台服务器,其中有多个由docker-compose运行的Docker服务。 Database service looks like this: 数据库服务如下所示:
myproject_influxdb:
container_name: myproject_influxdb
image: 'influxdb:alpine'
volumes:
- '/var/lib/influxdb:/var/lib/influxdb'
- './influxdb.conf:/etc/influxdb/influxdb.conf'
ports:
- '8086:8086'
It can be accessed by myproject_influxdb:8086 from other containers. myproject_influxdb:8086从其他容器中访问它。
Now I want to connect to that database from my local docker service. 现在,我想从本地docker服务连接到该数据库。 I run ssh -L 8086:localhost:8086 user@host in a new terminal. 我在新终端中运行ssh -L 8086:localhost:8086 user@host 。 Then I try to connect to remote myproject_influxdb service but no matter what host I enter ( localhost , myproject_influxdb , 0.0.0.0 ) I get same error: [Errno 111] Connection refused . 然后,我尝试连接到远程myproject_influxdb服务,但是无论我输入什么主机( localhost , myproject_influxdb , 0.0.0.0 ),我都会遇到相同的错误: [Errno 111] Connection refused 。
Is it because both remote and host services are not using network_mode: "host" ? 是因为远程服务和主机服务都没有使用network_mode: "host"吗?
2 个解决方案
解决方案1
1 2018-02-09 17:39:50
docker-compose services are on different network than standard docker run containers. docker-compose服务与标准docker run容器位于不同的网络上。
That is why the myproject_influxdb wont work. 这就是为什么myproject_influxdb无法正常工作的原因。 If you are inside docker container and try to access something with localhost you are just inside the same container (not the host). 如果您位于docker容器中并尝试使用localhost访问某些内容,则您位于同一容器(而不是主机)中。 With that being said you can access the influxdb via the exposed port on host with 话虽如此,您可以通过主机上的暴露端口访问influxdb
host_ip:8086
to get the ip address of host you can use this bash command 要获取主机的IP地址,可以使用此bash命令
/sbin/ip route|awk '/default/ { print $3 }'
解决方案2
1 2018-11-09 17:21:28
Two option: 两种选择:
1) Use --network=host to run your container locally like so 1)使用--network=host像这样在本地运行容器
docker run -it --rm --network=host -p 8888:8888 chronograf --influxdb-url=http://localhost:8086
However this does give your container access to your entire host network, which raises security vulnerabilities. 但是,这确实使您的容器可以访问整个主机网络,从而增加了安全漏洞。
2) You could to connect the tunnel to your local Docker bridge network and then tell your local docker container to use the bridge's IP as well. 2)您可以将隧道连接到本地Docker桥网络,然后告诉本地Docker容器也使用桥的IP。
You can get your local bridge IP address with either ip addr or docker network inspect bridge 您可以使用ip addr或docker network inspect bridge获取本地网桥IP地址
After that your ssh command would be 之后,您的ssh命令将是
ssh -L <bridge-ip>:8086:localhost:8086 user@host
If, like me, you were trying to run chronograf locally, this shell script would do it for you. 如果像我一样,您尝试在本地运行chronograf,则此shell脚本将为您完成此操作。
#! /usr/bin/env sh
echo "Retrieving BRIDGE IP"
BRIDGE_IP=$(docker network inspect --format '{{(index .IPAM.Config 0).Gateway}}' bridge)
echo "Found BRIDGE_IP: ${BRIDGE_IP}"
ssh -NL ${BRIDGE_IP}:8086:127.0.0.1:8086 <user>@<host> &
PID=$!
echo "Saved SSH PID: ${PID}"
docker run -it --rm -p 8888:8888 chronograf --influxdb-url=http://${BRIDGE_IP}:8086
kill $PID
echo "Done ..."
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.