无法连接到本地 dockerized devpi 容器以在没有“--net=host”的情况下在另一个容器中安装 pip
[英]unable to connect to local dockerized devpi container for pip install in another container without "--net=host"
问题描述
I am running devpi in a docker container like so:
我在 docker 容器中运行 devpi,如下所示:
[Unit]
Description=devpi docker-container
Requires=docker.service
After=docker.service
[Service]
Restart=always
RestartSec=3
ExecStart=/usr/bin/docker run --rm -p 3141:3141 --name devpi -v /devpi_data:/data -e DEVPI_PASSWORD='********' akailash/docker-devpi
ExecStop=/usr/bin/docker stop -t 2 devpi
[Install]
WantedBy=multi-user.target
It runs fine.它运行良好。 I can access it via URL on the host as well as install packages from it as expected.我可以通过主机上的 URL 访问它,也可以按预期安装包。
6f663ba131a1 akailash/docker-devpi "/docker-entrypoint.…" 3 hours ago Up 3 hours 0.0.0.0:3141->3141/tcp devpi
However, if I want to build another docker image installing packages from this container there is a ConnectTimeout.但是,如果我想从这个容器构建另一个 docker 镜像安装包,有一个 ConnectTimeout。 If I try a curl the connection times out after a while.如果我尝试 curl 连接会在一段时间后超时。
I can do a pip install if I use --net=host option as described in this issue .如果我使用 --net=host 选项,如本期所述,我可以进行 pip 安装。 However, I don't want to have to use host networking.但是,我不想必须使用主机网络。 I have tried 0.0.0.0:3141 as well as 172.17.0.1:3141 and I have the same results.我已经尝试过 0.0.0.0:3141 和 172.17.0.1:3141 并且我得到了相同的结果。 Adding --ip=0.0.0.0 in the docker daemon service doesn't work for me.在 docker daemon 服务中添加 --ip=0.0.0.0 对我不起作用。 How can I access the devpi container from another container without having to use --net=host every time?如何从另一个容器访问 devpi 容器而不必每次都使用 --net=host ?
2 个解决方案
解决方案1
0 2020-01-20 12:22:42
If you don't want to use the --net=host then you need to open the ports on the machine that is running devpi to allow external clients to connect and use it.如果您不想使用--net=host那么您需要打开运行 devpi 的机器上的端口,以允许外部客户端连接并使用它。
The point is that, when you set the host network to docker it takes their own IP address and then it can bind as many ports you need on that IP address, but if you are not using it your computer is acting as a router for the container and applying a NAT to allow access the internet for outgoing traffic but denying incoming traffic.关键是,当您将主机网络设置为 docker 时,它会使用自己的 IP 地址,然后它可以在该 IP 地址上绑定您需要的任意数量的端口,但是如果您不使用它,您的计算机将充当路由器的容器并应用NAT以允许访问 Internet 的传出流量,但拒绝传入流量。
Because of that if you don't want to use the host network you have to modify the firewall to add a destination NAT rule and allow the traffic to reach the service.因此,如果您不想使用主机网络,则必须修改防火墙以添加目标 NAT 规则并允许流量到达服务。
You have some good examples on how to allow ports on iptables here您对如何允许在iptables的端口一些很好的例子在这里
解决方案2
0 已采纳 2020-04-01 04:22:21
Since I need access to devpi only which building the docker images required in my docker-compose file, I used the host networking within the build context:由于我只需要访问 devpi 来构建我的 docker-compose 文件中所需的 docker 图像,因此我在构建上下文中使用了主机网络:
build:
network: host
context: .
dockerfile: Dockerfile.local
This helps access devpi correctly.这有助于正确访问 devpi。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.