Fengyun, it's her.
Frontier:
After docker starts the container, how to serve the outside world? I hope everyone will be helpful after reading this article.
Docker's network problem is not clear, welcome to consult!
The container generated by Docker will generally generate an ip address for you, which is the same ip segment as the address of docker0.
Through the ip a command, we can see the ip and subnet range of docker0. You will find that besides docker0, there is also a vethc digital network card, which is also a virtual network card tied to the bridge.
We create a container and expose port 22. This 22-port means that 22 ports are exposed, and the system will assign you a port within the range of 49000-49900 ports.
Docker run indicates ports in two ways. One way is -P, which is to identify the port relationship declared by dockerfile in the container. There is also a -p, and this is little ass, who can call a spade a spade. For example, -p 6379 is exposed to the outside world. 6379:6379 is 6379 outside and 6379 inside.
root @ dev-ops:~ # docker run-d-p 22-name = " redis _ test " rasta sheep/Ubuntu-sshd
ed 7887 b 93 aa 452323 ee 96339d 889 bebc 36 ad 25 a 479 c 660 ba 89 e 97 D2 c 5869 f 105
root@dev-ops:~#
root@dev-ops:~# docker ps -a
Name of the status port created by the container ID image command.
Ed7887b93a4 rasta Sheep/Ubuntu-sshd: latest/usr/sbin/sshd-d rose 7 seconds before 0.0.0.0: 49153-> 22/tcp redis_test
root@dev-ops:~#
Originally, I thought docker wrote a socker to map ports, but after reading the documentation, I realized that he just called an iptable port mapping.
iptables -t nat -L
Chain pre-routing (policy acceptance)
Target Protection Option Source Target
DOCKER all-anywhere anywhere addr type match dst-type LOCAL
Chain input (policy acceptance)
Target Protection Option Source Target
Chain output (policy acceptance)
Target Protection Option Source Target
DOCKER is everywhere! 127.0.0.0/8 Address type matches dst type local.
Chain delivery routing (policy acceptance)
Target Protection Option Source Target
Masquerade ball all-localhost/ 16! Local host/16
Chain dockers (2 references)
Target Protection Option Source Target
DNAT TCP-anywhere anywhere TCP DPT:49 153 to: 172. 17 . 0 . 2:22
root@dev-ops:~#
With the ip of the host and the ip of the container, what are you afraid of? What do you want to map? Map it yourself.
iptables-t NAT-A pre routing-I eth 0-p TCP-dport 80-j DNAT-to 172.3 1 . 0 . 23:80
By default, containers between docker are interoperable, that is, two containers can communicate with each other. If you want to control the communication between containers, you can use the-icc property of docker to control it.
Ok, let's talk about the way of bridging. If you feel troublesome and need to do port mapping or modify the mapping every time, then you can consider using the bridge network card mode. It seems that some awesome people on some forums don't suggest bridging, probably for security reasons. After all, nat is safe to the outside world, and the external service only exposes the port. Bridging will expose ip.
Pause docker service
Sudo service wharf station
Close the docker0 network card with ip command.
Sudo ip link setting development dock 0 is closed.
Delete network card
sudo brctl delbr docker0
Create a network card named bridge0.
sudo brctl addbr bridge0
Ip address and subnet
Add ip address192.168.5.1/24 Development Bridge 0.
Start the bridge network card
Sudo ip link setting development bridge 0 started.
Write configuration
echo ' DOCKER _ OPTS = "-b = bridge 0 " ' & gt; & gt/etc/default/docker
Sudo service docker started.
The problem with this bridge is that docker detected his ip and gave it to you. It seems that dhcp didn't get the free IP and gave it to the container. When I did the test again yesterday, an ip was occupied, but he was still assigned an occupied ip address. In that case, there will be conflict. If the ip end overlaps with the company or online, it may cause ip address conflict. Encountering ip address conflict after bridging is a personal conclusion, and it may also be caused by my environment!