乡下人产国偷v产偷v自拍,国产午夜片在线观看,婷婷成人亚洲综合国产麻豆,久久综合给合久久狠狠狠9

    • <output id="e9wm2"></output>
    <s id="e9wm2"><nobr id="e9wm2"><ins id="e9wm2"></ins></nobr></s> 
    

    • 
    
    
      



    
      
        
      
            
        
      
        
      
    
      
    
      
        
      
        
      
            
            
      
                
      
                    
                
      
                搜索
            
      

            分享
                
            

            
            
            
            
            
            
            
            

            
        
      
    
      
    
      

    
      

    
      
        
      
        
      
        
      
        
      
            
      
                
      
                    
      在CentOS 7 上為docker配置端口轉(zhuǎn)發(fā)以兼容firewall
      
                    
                    
                    
                    
      
                         新進(jìn)小設(shè)計
                        
                        
                        2022-06-12
                        
                             發(fā)布于北京
                        
                    
      
                    
      
                        
                        
      
                    
      
                    
                    
      
                        
      
                            
                        
      
                        
      
                            
                                
      
                                    
                                        
      

                                        
                                        

                                        
      在CentOS 7上當(dāng)我們以類似下列命令將主機(jī)端口與容器端口映射時可能遇到無法訪問容器服務(wù)的問題
      

      

      docker run --name web_a -p 192.168.1.250:803:80 -d web_a:beta1.0.0 .
      

      

      由于docker在執(zhí)行此命令時,是向iptables注入了一條規(guī)則將主機(jī)803映射到容器80端口,但是CentOS 7中以firewalld服務(wù)替代了iptables。因此,上述命令的端口映射不會生效。
      

      解決方法:首先觀察一下主機(jī)上的網(wǎng)卡信息,確認(rèn)增加了一個docker0的虛擬網(wǎng)卡:
      

      

      [root@localhost /home]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:5cff:fe0e:82f9  prefixlen 64  scopeid 0x20<link>
        ether 02:42:5c:0e:82:f9  txqueuelen 0  (Ethernet)
        RX packets 1288  bytes 1561177 (1.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1594  bytes 108755 (106.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.250  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::76f4:9aea:4973:ec6c  prefixlen 64  scopeid 0x20<link>
        inet6 240e:379:542:2800:8844:77ba:78dd:7  prefixlen 128  scopeid 0x0<global>
        inet6 240e:379:542:2811:3ead:218:ba68:38e6  prefixlen 64  scopeid 0x0<global>
        ether 74:d4:35:09:93:19  txqueuelen 1000  (Ethernet)
        RX packets 10166908  bytes 1221399579 (1.1 GiB)
        RX errors 0  dropped 3014  overruns 0  frame 0
        TX packets 982334  bytes 427296782 (407.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1833650  bytes 450567722 (429.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1833650  bytes 450567722 (429.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethecef228: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::f425:f1ff:fe82:9c19  prefixlen 64  scopeid 0x20<link>
        ether f6:25:f1:82:9c:19  txqueuelen 0  (Ethernet)
        RX packets 234  bytes 1520113 (1.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 613  bytes 39809 (38.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      

      使用如下命令確認(rèn)容器實例得到的虛擬ip:
      

      

      docker inspect web_a
      

      

      假設(shè)容器中的ip為172.17.0.2,接下來我們要為此IP做個NAT轉(zhuǎn)發(fā)規(guī)則,并讓firewalld服務(wù)處理此規(guī)則:
      

      

      #主機(jī)端口請求轉(zhuǎn)發(fā)到容器(容器中的服務(wù)不要監(jiān)聽localhost而要監(jiān)聽容器分配的虛擬IP或者以0.0.0.0替代)
firewall-cmd --permanent --zone=public --add-masquerade 啟用端口NAT轉(zhuǎn)發(fā)
#將主機(jī)803端口請求轉(zhuǎn)發(fā)到容器上的80端口
firewall-cmd --add-forward-port=port=803:proto=tcp:toaddr=172.17.0.2:toport=80 --permanent
#重載規(guī)則
firewall-cmd --reload
#列出所有規(guī)則
firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s0
  sources:
  services: ssh dhcpv6-client
  ports: 3306/tcp 80/tcp 21/tcp 5000/tcp 6379/tcp 900/tcp 801/tcp 802/tcp 6000/tcp 5002/tcp 90/tcp 9092/tcp 81/tcp 803/tcp
  protocols:
  masquerade: yes
  forward-ports: port=803:proto=tcp:toport=80:toaddr=172.17.0.2
  source-ports:
  icmp-blocks:
  rich rules:
      

      

      

      #重新啟動docker
systemctl restart docker
#重新啟動容器
docker start web_a
      

      

      經(jīng)上述操作,就能以主機(jī)IP:803訪問容器上的80端口的服務(wù),并不需要關(guān)閉firewalld(很多網(wǎng)上的結(jié)論是換成iptables服務(wù),實測不需要)。
      

                                          		
                                
      
                                  
                        
      
                    
      



                
      
                
      
                    
                    
                        
      
                            
                                
        
                                    		
                        
        
                            
                
        
                
        
                
                
                
        
                
        


                

                
        本站是提供個人知識管理的網(wǎng)絡(luò)存儲空間,所有內(nèi)容均由用戶發(fā)布,不代表本站觀點。請注意甄別內(nèi)容中的聯(lián)系方式、誘導(dǎo)購買等信息,謹(jǐn)防詐騙。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容,請點擊一鍵舉報。
        
                
                

                
        
                    轉(zhuǎn)藏
                    
                    
                    
                    
                    
                    
                        分享
                        
                        
                    
                    獻(xiàn)花(0
                
        
                
                
                
        
                    
        
                        
                        
                    
        
                
        

            
        

            
        

            
        
                
                
                
        
                
        
                    
        
                        
        0條評論
        
                        
                        
                        
        
                            
                            
        
                                發(fā)表
                            
        
                        
        
                        
                    
        
                    
                    
        請遵守用戶 評論公約
        
                    
                    
          
                    
        
                    
        
                    
        
                    
                
        
               
                
        
                    
        
                        類似文章
                        更多