我正在使用 gitlab docker image 来部署服务,Web 端口是主机上的 8080。运行 gitlab 后,我可以看到端口正常:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b85d87da48df genezys/gitlab:7.5.2 "/bin/sh -c 'gitlab- 25 minutes ago Up 25 minutes 0.0.0.0:2222->22/tcp, 0.0.0.0:8080->80/tcp gitlab_app
netstat 命令也显示 OK:
[root@localhost backup]# netstat -nlp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 12489/docker-proxy
但是网络浏览器无法成功连接 8080 ( http://10.137.20.112:8080/ ),tcpdump 输出如下:
[root@localhost ~]# tcpdump -i enp2s0f1 port 8080 -vv
tcpdump: listening on enp2s0f1, link-type EN10MB (Ethernet), capture size 65535 bytes
02:40:00.808034 IP (tos 0x0, ttl 128, id 4031, offset 0, flags [DF], proto TCP (6), length 52)
perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
02:40:00.808141 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40)
10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 997417495, win 0, length 0
02:40:01.322048 IP (tos 0x0, ttl 128, id 4032, offset 0, flags [DF], proto TCP (6), length 52)
perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
02:40:01.322123 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40)
10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 1, win 0, length 0
02:40:01.821289 IP (tos 0x0, ttl 128, id 4033, offset 0, flags [DF], proto TCP (6), length 48)
......
我不明白为什么宿主总是响应RST,谁能提供一些调试线索?
最佳答案
检查“iptables -L -n”的输出。如果您在该输出中没有看到端口 8080 打开,您可能需要这样做
使用 RHEL7,你需要使用 firewall-cmd 如下所示
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
关于linux - 为什么主机总是响应 `RST` 虽然服务器正在监听端口?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30160901/