如何不暴露 docker 集群外的端口?
[英]How not to expose port outside docker swarm cluster?
问题描述
Hello how can I define in compose port only for communication inside cluster?
您好,如何在撰写端口中定义仅用于集群内的通信? I don't want to expose my application outside cluster?我不想在集群外公开我的应用程序?
version: "3.8"
services:
management:
image: ${IMAGE}
env_file:
- vars.env
networks:
- my-network
ports:
- 8080:80
deploy:
placement:
constraints: [node.role == manager]
replicas: 1
update_config:
parallelism: 2
restart_policy:
condition: on-failure
networks:
my-network:
external: true
ports:
- 8080:80
Will expose my app outside swarm cluster.将我的应用程序暴露在 swarm 集群之外。 Ho can I make my app accessible only inside cluster via port 80?我可以让我的应用程序只能通过端口 80 在集群内部访问吗?
1 个解决方案
解决方案1
0 2021-12-06 14:18:18
Just omit the port from the ports section that you do not wish to expose outside the ingress network.只需从ports部分中省略您不希望在入口网络之外公开的端口。 Example nginx.yaml:示例 nginx.yaml:
version: "3.9"
services:
nginx-1:
image: nginx:alpine
nginx-2:
image: nginx:alpine
docker stack deploy -c nginx.yaml nginx
docker stack ps nginx
docker exec -t <nginx-1 container ID> wget -qO- nginx-2
The command will print the response from nginx-2 to nginx-1 accordingly.该命令将相应地打印从 nginx-2 到 nginx-1 的响应。 It is not mandatory to list the port under ports section in order to access a container port within the Swarm network.为了访问 Swarm 网络中的容器端口,不必在ports部分列出端口。
For your case it means your sample spec do not need the ports section since you do not wish to expose 80 outside the Swarm network.对于您的情况,这意味着您的示例规范不需要ports部分,因为您不希望将 80 暴露在 Swarm 网络之外。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.