Docker:从容器内部到localhost:port的连接被拒绝
[英]Docker: Connection from inside the container to localhost:port Refused
问题描述
I'm trying to insure the connection between the different containers and the localhost address ( 127.0.0.1 ) used with port 8040 .( My web application container run using this port.) 
我正在尝试确保不同容器与端口8040所使用的localhost地址( 127.0.0.1 )之间的连接(我的Web应用程序容器使用此端口运行)。
root@a70b20fbda00:~# curl -v http://127.0.0.1
* Rebuilt URL to: http://127.0.0.1/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to 127.0.0.1 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
This is what I get when I want to connect to localhost from inside the container 这是我想从容器内部连接到本地主机时得到的
root@a70b20fbda00:~# curl -v http://127.0.0.1:8040
* Rebuilt URL to: http://127.0.0.1:8040/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* connect to 127.0.0.1 port 8040 failed: Connection refused
* Failed to connect to 127.0.0.1 port 8040: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 8040: Connection refused
About iptables in each container: 关于每个容器中的iptables :
root@a70b20fbda00:~# iptables
bash: iptables: command not found
Connection between the container is good 容器之间的连接良好
root@635114ca18b7:~# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.253 ms
--- 172.17.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
root@635114ca18b7:~# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.100 ms
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
root@635114ca18b7:~# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.149 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.180 ms
--- 172.17.0.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.149/0.164/0.180/0.020 ms
Ping the 127.0.0.1:8040 ping 127.0.0.1:8040
root@635114ca18b7:~# ping 127.0.01:8040
ping: unknown host 127.0.0.1:8040
What I need to do in this case? 在这种情况下我需要做什么?
So the Global image that there is two containers , 因此,全球形象有两个容器,
- The first container contains a tomcat server that deploy my web application and it turnes perfectly. 第一个容器包含一个部署我的Web应用程序的tomcat服务器 ,它运行正常。
- The second is a container that need to connect to the web application URL. 第二个是需要连接到Web应用程序URL的容器。 http://127.0.0.1:8040/my_app http://127.0.0.1:8040/my_app
2 个解决方案
解决方案1
2 已采纳 2018-05-15 11:20:03
you will have to use docker run --network host IMAGE:TAG for achieving the desired connection 您将必须使用docker run --network host IMAGE:TAG来实现所需的连接
example:- 例:-
docker run --network host --name CONTAINER1 IMAGE:tag
docker run --network host --name CONTAINER2 IMAGE:tag
inside container - CONTAINER2 you will be able to access other container as host CONTAINER1 内部容器-CONTAINER2,您将可以作为主机CONTAINER1访问其他容器
And for accessing the service you will have to do CONTAINER: 要访问该服务,您必须要做的是CONTAINER:
解决方案2
0 2018-05-15 17:10:20
Based on the information provided, looks like there are two containers. 根据提供的信息,看起来有两个容器。 If these two containers are started by docker without --net=host then each of them get two different IP addresses. 如果这两个容器是由不带--net=host启动的,则它们每个都将获得两个不同的IP地址。 Say your first container got 172.17.0.2 and the second one 172.17.0.3 . 假设您的第一个容器为172.17.0.2 ,第二个容器为172.17.0.3 。
In this scenario each container gets it's own networking stack. 在这种情况下,每个容器都具有自己的网络堆栈。 So 127.0.0.1 refers to it's own networking stack not the same. 因此127.0.0.1指的是它自己的网络堆栈不相同。
As pointed out by @kakabali, it's possible to run the containers with host network, sharing the networking stack of the host. 正如@kakabali指出的那样,可以通过主机网络运行容器,共享主机的网络堆栈。
One of the other options is to use the actual IP address of the first container in the second one. 其他选项之一是使用第二个容器中第一个容器的实际IP地址。
second-container# curl http://172.17.0.2
Or another option is to run the second container as the sidekick/sidecar container sharing the networking stack of the first one. 另一个选择是运行第二个容器,作为共享第一个容器的网络堆栈的sidekick / sidecar容器。
docker run --net=container:${ID_OF_FIRST_CONTAINER} ${IMAGE_SECOND}:${IMAGE_TAG_SECOND}
Or if you use links correctly: docker run --name web -itd ${IMAGE_FIRST}:${TAG_FIRST} docker run --link web -itd ${IMAGE_SECOND}:${TAG_SECOND} 或者,如果您正确使用了links : docker run --name web -itd ${IMAGE_FIRST}:${TAG_FIRST} docker run --link web -itd ${IMAGE_SECOND}:${TAG_SECOND}
Note: docker --link feature is deprecated. 注意:不推荐使用--link功能。
Another option is to use container management platforms which take care of service discovery for you automatically. 另一个选择是使用容器管理平台,该平台会自动为您进行服务发现。
PS: You cannot ping an IP address on a different port. PS:您不能ping其他端口上的IP地址。 For more info, click here . 有关更多信息,请单击此处 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.