堆栈内存溢出
  简体   繁体   English

从 linux 上的 docker 容器内部连接到主机需要打开防火墙端口

[英]Connecting to host from inside a docker container on linux requires opening firewall port

 原文  2021-11-19 17:56:04       linux/ docker/ xdebug/ firewall

问题描述

Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine).背景:我试图让 XDebug 从 docker 容器内连接到我的 IDE(我的 php 应用程序正在我的开发机器上的容器内运行)。 On my Macbook, it has no issue doing this.在我的 Macbook 上,这样做没有问题。 However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1 where 172.20.0.1 is my host gateway in docker).但是,在 linux 上,我发现在容器内,我使用的端口 (9000) 在主机网关上不可见(使用sudo nmap -sT -p- 172.20.0.1其中 172.20.0.1 是我在 docker 中的主机网关)。

I was able to fix this issue by opening port 9000 on my development machine ( sudo ufw allow 9000/tcp ).我可以通过在我的开发机器上打开端口 9000 ( sudo ufw allow 9000/tcp ) 来解决这个问题。 Once I did this, the container could see port 9000 on the host gateway.一旦我这样做了,容器就可以在主机网关上看到端口 9000。

My Question: Is this completely necessary?我的问题:这完全有必要吗? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it.我不喜欢打开防火墙端口的想法,以便在我的机器上运行的 docker 容器可以连接到它。 Is there a more secure alternative to this?有没有更安全的替代方案?

1 个解决方案

解决方案1
 0  2021-11-19 18:10:55

From what you've told us, opening the port does sound necessary.从你告诉我们的情况来看,打开端口听起来确实很有必要。 If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.如果防火墙阻止了某个端口,则该端口上的所有流量都会被阻止,您将无法从主机使用容器上的应用程序。

What you can do to make this more secure is to specify a specific interface to open the port for as specified here :为了使这更安全,您可以做的是指定一个特定的接口来打开端口,如下所示

ufw allow in on docker0 port 9000 proto tcp

Obviously replace docker0 with the docker interface on your machine.显然用你机器上的 docker 接口替换docker0 You can find this by looking at the output of ip address show or by following the steps here if the interface name is not obvious.您可以通过查看ip address show的 output 或如果接口名称不明显则按照此处的步骤找到此内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从Windows 10主机访问Linux Docker Container的TCP端口 - How to access Linux Docker Container's TCP Port from windows 10 host Docker 容器未与主机 mariaDB 连接 - Docker Container not connecting with host mariaDB 将 docker 容器内的变量导出到主机 - Export a variable from inside the docker container to host 从 docker 容器内部访问主机 shell - Access host shell from inside the docker container 将主机端口转发到 docker 容器 - Forward host port to docker container DB到Docker容器的主机端口 - Host port with DB to Docker container 我如何从Docker容器中知道主机的映射端口? - How do I know mapped port of host from docker container? Docker 端口映射是主机到容器还是容器到主机? - Are Docker port mappings host-to-container or container-to-host? 从 Docker 容器 Web 应用程序内部在主机操作系统上触发事件 - Trigger event on host OS from inside a Docker container web app Windows Host和Linux Docker Container之间的通信 - Communication between Windows Host and Linux Docker Container
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM