[英]Connecting to host from inside a docker container on linux requires opening firewall port
Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine).背景:我试图让 XDebug 从 docker 容器内连接到我的 IDE(我的 php 应用程序正在我的开发机器上的容器内运行)。 On my Macbook, it has no issue doing this.在我的 Macbook 上,这样做没有问题。 However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1
where 172.20.0.1 is my host gateway in docker).但是,在 linux 上,我发现在容器内,我使用的端口 (9000) 在主机网关上不可见(使用sudo nmap -sT -p- 172.20.0.1
其中 172.20.0.1 是我在 docker 中的主机网关)。
I was able to fix this issue by opening port 9000 on my development machine ( sudo ufw allow 9000/tcp
).我可以通过在我的开发机器上打开端口 9000 ( sudo ufw allow 9000/tcp
) 来解决这个问题。 Once I did this, the container could see port 9000 on the host gateway.一旦我这样做了,容器就可以在主机网关上看到端口 9000。
My Question: Is this completely necessary?我的问题:这完全有必要吗? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it.我不喜欢打开防火墙端口的想法,以便在我的机器上运行的 docker 容器可以连接到它。 Is there a more secure alternative to this?有没有更安全的替代方案?
From what you've told us, opening the port does sound necessary.从你告诉我们的情况来看,打开端口听起来确实很有必要。 If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.如果防火墙阻止了某个端口,则该端口上的所有流量都会被阻止,您将无法从主机使用容器上的应用程序。
What you can do to make this more secure is to specify a specific interface to open the port for as specified here :为了使这更安全,您可以做的是指定一个特定的接口来打开端口,如下所示:
ufw allow in on docker0 port 9000 proto tcp
Obviously replace docker0
with the docker interface on your machine.显然用你机器上的 docker 接口替换docker0
。 You can find this by looking at the output of ip address show
or by following the steps here if the interface name is not obvious.您可以通过查看ip address show
的 output 或如果接口名称不明显则按照此处的步骤找到此内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.