練習4
暴露容器的端口給外部網路訪問(DNAT):
● -p <containerPort>:將容器端口映射至宿主機上所有地址的一個動態端口
[root@localhost ~]# docker container run --name w1 -d -p 80 nginx:stable-alpine #創建w1容器運行著nginx服務,並加-p選項暴露80端口映射到宿主機上所有地址的一個動態端口
197a5b097143d29f4cbef725ee40d089b9917f9eb175f0dff134785099800a08
[root@localhost ~]# docker container port w1 #查看w1容器暴露的port映射到宿主機上的哪個動態端口,執行iptables -t nat -vnL也可以查看有一條DNAT規則
80/tcp -> 0.0.0.0:49154
80/tcp -> :::49154
[root@localhost ~]# ifconfig #查看宿主機的ip
…
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.128.234 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::12da:f368:4b08:ba51 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:98:00:1a txqueuelen 1000 (Ethernet)
RX packets 10117 bytes 902573 (881.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3677 bytes 616382 (601.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
…
[root@localhost ~]# curl 192.168.128.234:49154 #另一台宿主機訪問w1容器的nginx服務
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>● -p <hostPort>:<containerPort>:將容器端口映射至宿主機上所有地址的一個指定端口
[root@localhost ~]# docker container run --name w1 -d -p 8080:80 nginx:stable-alpine #創建w1容器運行著nginx服務,並加-p選項暴露80端口映射到宿主機上所有地址的一個指定端口89db2a6b29bfcd668dfc5cdb81e46a67d65a4596c2c9d02b0ebf7226d32c9873
[root@localhost ~]# docker container port w1 #查看w1容器暴露的port映射到宿主機上的哪個指定端口,執行iptables -t nat -vnL也可以查看有一條DNAT規則
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
[root@localhost ~]# ifconfig #查看宿主機的ip
…
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.128.234 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::12da:f368:4b08:ba51 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:98:00:1a txqueuelen 1000 (Ethernet)
RX packets 10117 bytes 902573 (881.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3677 bytes 616382 (601.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
…
[root@localhost ~]# curl 192.168.128.234:8080 #另一台宿主機訪問w1容器的nginx服務
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>● -p <ip>::<containerPort>:將容器端口映射至宿主機上指定地址的一個動態端口
[root@localhost ~]# docker container run --name w1 -d -p 192.168.128.234::80 nginx:stable-alpine #創建w1容器運行著nginx服務,並加-p選項暴露80端口映射到宿主機上指定地址的動態端口
a09b316a846b77968589415c6c3a44d7ae9e9c8a628dd42e8a834228b1491117
[root@localhost ~]# docker container port w1 #查看w1容器暴露的port映射到宿主機上的哪個指定地址的哪個動態端口,執行iptables -t nat -vnL也可以查看有一條DNAT規則
80/tcp -> 192.168.128.234:49153
[root@localhost ~]# curl 192.168.128.234:49153 #另一台宿主機訪問w1容器的nginx服務
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
● -p <ip>:<hostPort>:<containerPort>:將容器端口映射至宿主機上指定地址的一個指定端口
[root@localhost ~]# docker container run --name w1 -d -p 192.168.128.234:8080:80 nginx:stable-alpine #創建w1容器運行著nginx服務,並加-p選項暴露80端口映射到宿主機上指定地址的一個指定端口
4a1c56d10fa1fd48c683ad925cacb1d64c8ef7c34eac4e5e18f9732a36575049
[root@localhost ~]# docker container port w1 #查看w1容器暴露的port映射到宿主機上的哪個指定地址的哪個指定端口,執行iptables -t nat -vnL也可以查看有一條DNAT規則
80/tcp -> 192.168.128.234:8080
[root@localhost ~]# curl 192.168.128.234:8080 #另一台宿主機訪問w1容器的nginx服務
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>提示:如果要暴露多個端口,則-p選項可以使用多次。
● -P:直接暴露容器內的所有端口映射至宿主機上所有地址的動態端口
[root@localhost ~]# docker container run --name w1 -d -P nginx:stable-alpine
6b7e0731f76eeb0f86a300f7fa783d06df41bd543077fd2d5e96b47d26c6d70f
[root@localhost ~]# docker container port w1
80/tcp -> 0.0.0.0:49155
80/tcp -> :::49155