如何从主机访问 Docker 容器的内部 IP 地址?
[英]How to access Docker container's internal IP address from host?
问题描述
I have 2 docker containers running on my Mac host - container 1 is Jenkins from Docker Hub and container 2 is SonarQube from Docker Hub .
我有 2 个 docker 容器在我的 Mac 主机上运行——容器 1 是来自 Docker Hub 的 Jenkins ,容器 2 是来自 Docker Hub 的 SonarQube 。 I have both containers running successfully.我的两个容器都运行成功。 I can access Jenkins from my host by going to http://localhost:8080/ and I can access my SonarQube by going to http://localhost:9000/ .我可以通过转到http://localhost:8080/从我的主机访问 Jenkins,我可以通过转到http://localhost:9000/访问我的 SonarQube。
The Jenkins container was started like this: Jenkins 容器是这样启动的:
docker run -d -p 8080:8080 -p 50000:50000 jenkins/jenkins:latest
The SonarQube container was started like this: SonarQube 容器是这样启动的:
docker run -d -p 9000:9000 sonarqube
Now I want to have each container communicate with each other so I need to provide the IP address of the other container to each container.现在我想让每个容器相互通信,所以我需要向每个容器提供另一个容器的 IP 地址。
I got the IP address of each container by executing this:我通过执行以下命令获得了每个容器的 IP 地址:
docker inspect --format '{{ .NetworkSettings.IPAddress }}' container_name_or_id
This returns an IP address of 172.17.0.2 for the Jenkins container and 172.17.0.3 for the SonarQube container.这将返回 Jenkins 容器的 IP 地址172.17.0.2和 SonarQube 容器的172.17.0.3 。 But when I try and access the Jenkins container from my host by going to http://172.17.0.2:8080 I get a request timeout.但是当我尝试通过转到http://172.17.0.2:8080从我的主机访问 Jenkins 容器时,我收到请求超时。 The same thing happens when I try and access the SonarQube container from my host by going to http://172.17.0.3:9000当我尝试通过转到http://172.17.0.3:9000从我的主机访问 SonarQube 容器时,也会发生同样的事情
Is this normal behavior?这是正常行为吗?
Shouldn't I be able to access each container from my host by their internal IP address?我不应该能够通过它们的内部 IP 地址从我的主机访问每个容器吗?
And how can I test that one container (eg Jenkins) can access the other container (eg SonarQube) by IP address?我如何测试一个容器(例如 Jenkins)可以通过 IP 地址访问另一个容器(例如 SonarQube)?
3 个解决方案
解决方案1
2 已采纳 2019-01-01 03:05:02
Looks like you are using default bridge network model.看起来您正在使用默认的bridge网络模型。 Internal IPs are meant for each container to talk to each other under bridge networking.内部 IP 用于每个容器在bridge网络下相互通信。 You cannot access them from host.您无法从主机访问它们。
There are multiple options for you.您有多种选择。
- You can configure
http://172.17.0.3:9000as your sonar endpoint in Jenkins.您可以将http://172.17.0.3:9000配置为 Jenkins 中的声纳端点。 - You can configure
http://172.17.0.2:8000as your jenkins endpoint in sonar.您可以将http://172.17.0.2:8000配置为声纳中的 jenkins 端点。 - If you don't want to hard code above Ips then both of your containers can talk to each using Docker Default GatewayIp(
172.17.0.1) and theirinternalport.如果您不想在 Ips 之上进行硬编码,那么您的两个容器都可以使用 Docker Default GatewayIp( 172.17.0.1)及其internal端口与每个容器进行通信。 so essentially you can configurehttp://172.17.0.1as well.所以基本上你也可以配置http://172.17.0.1。
Note - Default Gateway Ip change change if you define user defined bridge network .注意 - 如果您定义用户定义的桥接网络,则默认网关 Ip 更改会更改。
https://docs.docker.com/v17.09/engine/userguide/networking/#the-default-bridge-network https://docs.docker.com/v17.09/engine/userguide/networking/#the-default-bridge-network
https://docs.docker.com/network/network-tutorial-standalone/https://docs.docker.com/network/network-tutorial-standalone/
If you want to spin up both containers using docker-compose, then you can link both containers using service name.如果你想使用 docker-compose 启动两个容器,那么你可以使用服务名称链接两个容器。 Just follow Networking in Compose .只需遵循Compose 中的 Networking 即可。
解决方案2
2 2019-01-01 12:05:02
Is this normal behavior?
What you describe is normal behavior: you can't directly reach the Docker-internal IP addresses from a MacOS host.您所描述的是正常行为:您无法直接从 MacOS 主机访问 Docker 内部 IP 地址。 See "Per-container IP addressing is not possible" in the Docker for Mac docs .请参阅适用于 Mac 的 Docker 文档中的“每个容器的 IP 寻址是不可能的” 。
How can I test that one container (eg Jenkins) can access the other container (eg SonarQube) by IP address?
This isn't something I normally "test" per se .这不是我通常“测试”的东西。 Start up both processes and have them make their normal (HTTP) connections;启动两个进程并让它们建立正常的(HTTP)连接; if it works you'll see appropriate log messages, and if it doesn't work you'll see complaints.如果有效,您将看到相应的日志消息,如果无效,您将看到投诉。 (Getting a root shell in a container to send ICMP packets from one container to another seems to be a popular option but doesn't prove much.) (在容器中获取根 shell 以将 ICMP 数据包从一个容器发送到另一个容器似乎是一种流行的选择,但并不能证明什么。)
Also: don't make this connection by explicit IP address .另外:不要通过显式 IP 地址建立此连接。 As you've noticed already the Docker-internal IP addresses aren't usable in some contexts, and they'll change whenever you restart containers.正如您已经注意到的,Docker 内部 IP 地址在某些情况下不可用,并且它们会在您重新启动容器时发生变化。 Instead, Docker provides an internal DNS service that can resolve host names when communicating between containers, but you need to explicitly set up a non-default bridge network .相反,Docker 提供了一个内部 DNS 服务,可以在容器之间通信时解析主机名,但你需要显式设置一个非默认的桥接网络。 That setup would look like:该设置如下所示:
docker network create jenkinsnet
docker run --name sonarqube -d --net jenkinsnet \
-p 9000:9000 \
sonarqube
docker run --name jenkins -d --net jenkinsnet \
-p 8080:8080 -p 50000:50000 \
-e SONARQUBE_URL=http://sonarqube:9000 \
jenkins/jenkins:latest
So I've explicitly created a network;所以我明确地创建了一个网络; started both containers connected to it;启动连接到它的两个容器; and told the client container (via an environment variable) where the server container is.并告诉客户端容器(通过环境变量)服务器容器的位置。 You don't have to publish ports with docker run -p to reach them this way;您不必使用docker run -p发布端口以这种方式访问它们; whether you do or not, use the port the server process is listening on (the second port number in the docker run -p option).无论您是否这样做,请使用服务器进程正在侦听的端口( docker run -p选项中的第二个端口号)。
From the host, your only (portable, reliable) path to reach the container is via its published ports.从主机,您到达容器的唯一(可移植、可靠)路径是通过其发布的端口。
解决方案3
2 2020-07-13 21:38:09
The accepted answer ( https://stackoverflow.com/a/53992787/7730554 ) already provides valid options of which I personally usually prefer using docker compose.接受的答案 ( https://stackoverflow.com/a/53992787/7730554 ) 已经提供了有效的选项,我个人通常更喜欢使用 docker compose。
But as you are running Docker on Mac you could also use host.docker.internal in combination with the defined forwarding host port.但是当您在 Mac 上运行 Docker 时,您也可以将host.docker.internal与定义的转发主机端口结合使用。 So Docker will take care that host.docker.internal is resolved to the corresponding IP even if your Host IP changes.因此,即使您的主机 IP 发生变化,Docker 也会注意将 host.docker.internal 解析为相应的 IP。
See https://docs.docker.com/desktop/mac/networking/ .请参阅https://docs.docker.com/desktop/mac/networking/ 。 Note that this is for development mode only and works when you use Docker Desktop.请注意,这仅适用于开发模式,并且在您使用 Docker Desktop 时有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.