Enable docker to provide external service network configuration (bridging and port)

Frontier:

After docker starts the container, how does one provide external services? I hope you will have some help after reading this article.

I am not sure about docker's network problems. I have asked Deng lei, thank you!

The container generated by docker generally generates an IP address, which is an IP segment with the address of docker0.

Through the IP address a command, we can see the IP address of docker0 and the subnet range. You will find that in addition to docker0, there is also a vethc digital Nic, which is also tied to the bridge.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/D8/wKiom1PsaNfirzmfAAU8lwiyqYc483.jpg "Title =" 1111_1.jpg "alt =" wkiom1psanfirzmfaau8lwiyqyc483.jpg "/>

We create a container and expose port 22. Port 22 exposes port 22, and the system will allocate a port from Port 49000-49900.

Docker run indicates that the port has two methods. One is-P, which identifies the port relationship declared by dockerfile in the container. Another one is-P, which is a little fart, so he can be straightforward. For example,-P 6379 is exposed to external users by 6379. 6379: 6379 is 6379 outside, and 6379 is in it.

Original article: http://rfyiamcool.blog.51cto.com/1030776/1540074

[Email protected]: ~ # Docker run-D-P 22 -- name = "redis_test" rastasheep/Ubuntu-sshd

Ed7887b93aa452323ee96339d889bebc36ad25a479c660ba89e97d2c5869f105

[Email protected]: ~ #

[Email protected]: ~ # Docker PS-

Container ID image Command created status ports names

Ed7887b93aa4 rastasheep/Ubuntu-sshd: Latest/usr/sbin/sshd-D 7 seconds before up 7 seconds 0.0.0.0: 49153-> 22/tcp redis_test

[Email protected]: ~ #

Original article: http://rfyiamcool.blog.51cto.com/1030776/1540074

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/D9/wKioL1PsaqiC9a-XAAdUMGvZeLM044.jpg "Title =" sdfsdfu_2.jpg "alt =" wKioL1PsaqiC9a-XAAdUMGvZeLM044.jpg "/>

I thought docker was writing a socker port ing function. I can see from the documentation that it called an iptable port ing.

Iptables-T nat-l

Http://rfyiamcool.blog.51cto.com/1030776/1540074Chain prerouting (Policy accept) Target prot opt source destination docker all -- anywhere addrtype match DST-type localchain input (Policy accept) Target prot opt source destination chain output (Policy accept) target prot opt source destination docker all -- anywhere! 127.0.0.0/8 addrtype match DST-type localchain postrouting (Policy accept) Target prot opt source destination masquerade all -- localhost/16! Localhost/16 chain docker (2 references) Target prot opt source destination dnat tcp -- anywhere Anywhere tcp dpt: 49153 to: 172.17.0.2: 22 [email protected]: ~ #

There are host IP addresses and container IP addresses. What are you afraid! You need to map the items to yourself.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80

By default, docker containers are interconnected, that is, the two containers can communicate with each other. To control the communication between containers, you can use the -- ICC attribute control of docker.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/DA/wKioL1Psd2HwJdOfAAQ3awyJ1Gg532.jpg "Title =" 16:41:07 screen .png "alt =" wkiol1psd2hwjdofaaq3awyj1gg532.jpg "/>

Original article: http://rfyiamcool.blog.51cto.com/1030776/1540074

Okay. Let's talk about the bridging method. If you are in trouble, you need to perform port ing or modify the ing every time, you can consider using the bridge Nic mode. It seems that some cool people on the Forum do not recommend bridging, which is probably for security reasons. After all, Nat is safe for external users, and external services only expose ports. The IP address will be exposed when the bridge is used.

Original article: http://rfyiamcool.blog.51cto.com/1030776/1540074

Pause the docker Service

Sudo service docker stop

Use the ip command to remove the docker0 Nic

Sudo IP link set Dev docker0 down

Delete an Eni

Sudo brctl delbr docker0

Create a NIC named bridge0

Sudo brctl addbr bridge0

IP address and Subnet

Ip addr add 192.168.5.1/24 Dev bridge0

Start a bridge Nic

Sudo IP link set Dev bridge0 up

Write Configuration

Echo 'docker _ opts = "-B = bridge0" '>/etc/default/docker

Sudo service docker start

The problem with this bridging method is that its IP address is detected by docker itself. It seems that it is not DHCP that gets idle and then assigned to the container. When I did another test yesterday, an IP address was occupied, but it was still sprayed to a occupied IP address. In this case, the conflict occurs. If the IP address overlaps with the company's internal or online, the IP address may conflict. It is my personal conclusion that an IP address conflict occurs after bridging. It may also be caused by the Environment on my side!

This article is from "Fengyun, it's her ." Blog, declined to reprint!