Docker container port IP planning and Port dynamic expansion

Last Update:2018-07-24 Source: Internet

Author: User

Tags redis iptables docker run

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Reprinted from: http://yangrong.blog.51cto.com/6945369/1582184

Docker container once started, the parameters can not be changed, production environment is the most common change is the port mapping, in order to solve this problem, then the first plan, this article lists two port planning scenarios, if there is a subsequent maintenance to increase the port mapping scenario, this paper also gives the dynamic port mapping expansion scheme.

1, single IP multi-container mapping planning scheme

This environment is applicable to only a single IP environment, such as cloud host.

1.1-Port Mapping planning table:

Plan different port segments and map to containers to provide services externally.

Host Name	SSH mapping	MySQL Map	Nginx Mapping	Redis Mapping
Redis-test	51000	22	51001	3306	51004	80	51002	6379
51005	8000	51003	6381
51006	8888
Scheduler-test	52000	22	52001	3306	52004	80	52002	6379
52005	8888	52003	6381
52006	8000
...	...	...	...	...	...	...	...	...

1.2 corresponding container start command:

Docker run-h= "Redis-test"--name redis-test-d-P 51000:22-p 51001:3306-p 51003:6379-p 51004:6381-p 51005:80-p 51006:8000-p 51007:8888 debian02/etc/rc.local

Docker run-h= "Salt_zabbix_manager02"--name salt_zabbix_manager02-d-P 52000:22-p 52001:3306-p 52003:6379-p 52004: 6381-p 52005:80-p 52006:8000-p 52007:8888 debian02/etc/rc.local

1.3 The above startup parameters are explained:

-H refers to the host name in the post-boot container.

--name is the name of the container on the host, and it does not have to use the container ID to start the Stop container later, such as Docker stop Redis-test.

-D runs in the background.

-p Specifies the mapping port, if the UDP port needs to be mapped, the format is-P3000:3000/UDP.

DEBIAN02 is the base image name.

/etc/rc.local is the container start command, put multiple startup scripts in/etc/rc.local, convenient for multiple programs with the container boot from boot.

#关于docker的安装, preliminary use, detailed command, mirror production, container migration, etc., please refer to my other article: http://yangrong.blog.51cto.com/6945369/1551327

2. Multi-IP multi-container mapping planning scheme

This planning comparison applies to the intranet test development environment, all external access IP needs to be configured on the host, such as the second IP eth0:1,eth0:2 configuration, and then each IP and container port mapping configuration can be consistent.

2.1 Port and IP Mapping planning table:

(Here is the intranet IP, host IP is 10.28.103.1)

Host Name	Outbound Access IP	Container Open port	Operating system
Iframe-test	10.18.103.2	22 3306 80 8000 8888 443 6379 6381	Debian7
Web-test	10.18.103.3	22 3306 80 8000 8888 443 6379 6381	Debian7

2.2 Corresponding container start command:

Docker run-h= "Iframe-test"--name iframe-test-d-P 10.18.103.2:22:22-p 10.18.103.2:3306:3306-p 10.18.103.2:6379:6379 -P 10.18.103.2:6381:6381-p 10.18.103.2:80:80-p 10.18.103.2:8000:8000-p 10.18.103.2:8888:8888-p 10.18.103.2:443:443 D Ebian-iframe-test/etc/rc.local

Docker run-h= "Web-test"--name web-test-d-P 10.18.103.3:22:22-p 10.18.103.3:3306:3306-p 10.18.103.3:6379:6379-p 10 .18.103.3:6381:6381-p 10.18.103.3:80:80-p 10.18.103.3:8000:8000-p 10.18.103.3:8888:8888-p 10.18.103.3:443:443 Debia N-iframe-test/etc/rc.local

3, Port Mapping dynamic expansion scheme

In the work, generally add new services, you need to add a port mapping, due to the inability to dynamically adjust, usually need to commit to a new image, and then in the new image based on the container, it is really a very troublesome thing.

But the nature of the mapping is done through iptables. So we can dynamically increase the port mapping with Iptables, as follows:

3.1 Using Iptables to view the container mapping situation:

root@qssec-iframe:~# iptables-t NAT-NVL

...

Chain DOCKER (2 references)

Pktsbytes Target prot opt in Out source destination

0 0 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:8000 to:172.17.0.3:8000

0 0 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:443 to:172.17.0.3:443

0 0 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:3306 to:172.17.0.3:3306

0 0 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:6379 to:172.17.0.3:6379

0 0 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:6381 to:172.17.0.3:6381

3470 190K DNAT TCP--! Docker0 *&nbs

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More