15、容器的端口映射
一般的web服务我们都应该可以提高浏览器访问到,但如果在docker容器中运行web服务的话,默认容器是封闭的,我们并不能访问到,这时候我们就需要将容器的端口暴露到宿主机上,浏览器通过访问容器暴露在宿主机上的端口来访问docker容器中的web服务。
15.1 正常运行一个NGINX的docker容器
[root@docker ~]# docker run -d --name web nginx
# 查看web容器的IP地址
[root@docker ~]# docker network inspect 60e81719174c
[
{
"Name": "bridge",
"Id": "60e81719174cd81800981dba54d9dd97e0df639e128abb92605ca2828f4f3d06",
"Created": "2018-05-31T16:47:33.917919725+07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"6dc59eeeaaa3756fb1b043e55e062bc65a9b557008904ee236e9614626917fb3": {
"Name": "web",
"EndpointID": "e7f0c38d63a03cd1656f67eab5b842c521eaee6ce64f25e07c3f353cf5e2d6fe",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
# web容器的IP为:172.17.0.2
# 在宿主机上ping 172.17.0.2
[root@docker ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.057 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.057/0.063/0.072/0.009 ms
# 宿主机上telnet web容器的80端口
[root@docker ~]# telnet 172.17.0.2 80
Trying 172.17.0.2...
Connected to 172.17.0.2.
Escape character is '^]'.
# 能够访问80端口
# curl http://172.17.0.2
[root@docker ~]# curl http://172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker ~]#
目前可以确认的是,web容器的80端口能够在宿主机上通过172.17.0.2来访问。但是我们的web服务肯定是要给外网的用户访问的,所以我们需要使其能够通过外网访问得到。
15.2 将NGINX容器的80端口暴露到宿主机上
首先将之前的NGINX容器停止删除
docker stop web
docker rm web
重新创建一个NGINX容器,并暴露80端口到宿主机上的81端口
[root@docker ~]# docker run --name web -d -p 81:80 nginx
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e853e54c432 nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:81->80/tcp web
[root@docker ~]# curl 127.0.0.1:81
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker ~]#
浏览器访问宿主机的81端口: