我在同一个桥接网络中有 2 个容器,但它们不通信,我也找不到原因。
事实上,我有一个 nginx 容器,用于将代理传递给另一个容器“gogs”,但找不到代理,我收到错误“无路由”
这是我的网络:
[root@pc-59 _data]# docker inspect nginxnet
[
{
"Name": "nginxnet",
"Id": "f00a094d2dcd15d3a42e142b46245f41408f6d4013b17cf7992d0b573f3d07a4",
"Created": "2019-12-27T20:17:37.878562424+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.3.27.0/24",
"Gateway": "172.3.27.2"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"253bd8d76090cb170d25ac1eb84cd411ea8d9c92f5dca7bfbb0133934c4be355": {
"Name": "nginx",
"EndpointID": "6bd16e068e16cd1ee060b00c6150bc9f1f579f9b17518e90f603ad64a099cf52",
"MacAddress": "02:42:ac:03:1b:04",
"IPv4Address": "172.3.27.4/24",
"IPv6Address": ""
},
"53bf139329162bedb94a89bdfcc6c308684e923e3b825e7a5cb377f5a30ca71c": {
"Name": "mariadb",
"EndpointID": "6a4138a66f5b67cbae63a600532b80d51530da8bec867f250ed51d5a67bf3660",
"MacAddress": "02:42:ac:03:1b:06",
"IPv4Address": "172.3.27.6/24",
"IPv6Address": ""
},
"c44952cf1fb97cf03b39b56a6824b6a2cbcb4f5c2836e5834336fde17cf8ad1d": {
"Name": "gogs",
"EndpointID": "f1642c905b0343bbaf28db8286b06917155fe80a3bd7c1dcc6618ece1c5c865a",
"MacAddress": "02:42:ac:03:1b:05",
"IPv4Address": "172.3.27.5/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
这里是代理的 nginx 配置:
server {
listen 443 ssl;
server_name gogs.isin.party;
ssl_certificate /etc/nginx/gogs.fullchain.pem; # Localisation de certifcat
ssl_certificate_key /etc/nginx/gogs.privkey.pem; # Localisation de la clef
ssl_protocols TLSv1.2; # Protocole SSL/TLS autorisé
ssl_prefer_server_ciphers on; # Activation du chiffrement coté serveur
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
rewrite ^/?(.*)$ /$1 break;
proxy_pass http://172.3.27.5:3000;
}
}
以及当我尝试访问我的网站“gogs”时遇到的确切错误:
No route to host) while connecting to upstream, client: 192.168.1.11, server: gogs.fr, request: "GET / HTTP/1.1", upstream: "http://172.3.27.5:3000/"
仅供引用,主机是 centos 8,如果我在服务器主机上telnet localhost 3000 工作(它会监听)但是如果我从 nginx telnet 172.3.27.5 3000容器失败。
有什么帮助吗?
编辑 - 2019 年 12 月 28 日
这里是一些其他日志:
从我的 nginx 容器使用 DNS,按照评论中的建议对 ping 和 telnet gogs 容器:
root@253bd8d76090:/# ping gogs.nginxnet
PING gogs.nginxnet (172.3.27.5) 56(84) bytes of data.
64 bytes from gogs.nginxnet (172.3.27.5): icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from gogs.nginxnet (172.3.27.5): icmp_seq=2 ttl=64 time=0.089 ms
^C
--- gogs.nginxnet ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 49ms
rtt min/avg/max/mdev = 0.087/0.092/0.102/0.012 ms
root@253bd8d76090:/# telnet gogs.nginxnet 3000
Trying 172.3.27.5...
telnet: Unable to connect to remote host: No route to host
从gogs容器为了ping和telnet nginx容器
bash-5.0# ping nginx
PING nginx (172.3.27.4): 56 data bytes
64 bytes from 172.3.27.4: seq=0 ttl=64 time=0.070 ms
64 bytes from 172.3.27.4: seq=1 ttl=64 time=0.087 ms
^C
--- nginx ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.092/0.125 ms
bash-5.0# telnet nginx 80
telnet: can't connect to remote host (172.3.27.4): Host is unreachable
似乎所有端口都被禁止了,但它不应该因为所有容器都在同一个网络中。
最佳答案
回答我自己的问题:
这里的问题是 Centos 8,而不是 docker。事实上,是 firewalld 阻止了容器之间的任何连接。完全禁用 firewalld 将使容器再次通信 :) 但停止 firewalld 不是一个好主意,我的意思是安全性。
这就是我所做的:
- 删除 firewalld 中的所有现有规则(关于端口/接口(interface))
- 执行以下命令行以打开容器工作所需的一切:
外壳
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload
systemctl restart docker
firewall-cmd --zone=public --add-masquerade --permanent 这样做吧。
关于同一网络中的 Docker 容器不通信,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59506056/