随机映射端口
docker run -P 可以将事先容器预定义的端口映射宿主机的随机端口,默认从32768开始
[root@docker-server1 ~]# docker pull nginx #下载nginx 镜像
[root@docker-server1 ~]# docker run -P docker.io/nginx #前台启动并随机映射本地端口到容器的80范例:
[root@centos7 ~]#docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Pull complete
a53c868fbde7: Pull complete
79daf9dd140d: Pull complete
Digest: sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@centos7 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@centos7 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
#前台启动的会话窗口无法进行其他操作,除非退出,但是退出后容器也会退出
[root@centos7 ~]#docker run -P nginx
172.17.0.1 - - [26/Jan/2020:06:44:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
#另开一个窗口执行下面命令
[root@centos7 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::32768 :::*
[root@centos7 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78086069642b nginx "nginx -g 'daemon of…" 23 seconds ago Up 21 seconds 0.0.0.0:32768->80/tcp gallant_austin
[root@centos7 ~]#curl 127.0.0.1:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@centos7 ~]#
#自动生成Iptables规则
[root@centos7 ~]#iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19 1012 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80
0 0 MASQUERADE tcp -- * * 172.17.0.4 172.17.0.4 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 10.0.0.7 tcp dpt:32768 to:172.17.0.2:80
#回到之前的会话窗口,同时按两个 ctrl+c 键退出容器
[root@centos7 ~]#docker run -P nginx
172.17.0.1 - - [26/Jan/2020:06:44:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
^C[root@centos7 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78086069642b nginx "nginx -g 'daemon of…" 3 minutes ago Exited (0) 5 seconds ago gallant_austin
[root@centos7 ~]#指定端口映射
docker run -p 可以将容器的预定义的指定端口映射到宿主机的相应端口
注意:多个容器映射到宿主机的端口不能冲突,但容器内使用的端口可以相同
方式1:本地端口81映射到容器80端口:
docker run -p 81:80 --name nginx-test-port1 nginx方式2:本地IP:本地端口:容器端口
docker run -p 192.168.0.100:82:80 --name nginx-test-port2 docker.io/nginx方式3:本地IP:本地随机端口:容器端口,默认从32768开始
docker run -p 192.168.0.100::80 --name nginx-test-port3 docker.io/nginx方式4:本机ip:本地端口:容器端口/协议,默认为tcp协议
docker run -p 192.168.0.100:83:80/udp --name nginx-test-port4 docker.io/nginx方式5:一次性映射多个端口+协议:
docker run -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port5 nginx范例:
[root@centos7 ~]#docker run -d -p 8080:80 -p 8443:443 -p 8053:53/udp nginx
a902b177bb7135ad8a8a179dbf8ce02dcc4806a1136475e59c2310833d7434ab
[root@centos7 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a902b177bb71 nginx "nginx -g 'daemon of…" 5 seconds ago Up 4 seconds 0.0.0.0:8053->53/udp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp affectionate_aryabhata
[root@centos7 ~]#ss -ntpul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",pid=6292,fd=1))
udp UNCONN 0 0 ::1:323 :::* users:(("chronyd",pid=6292,fd=2))
udp UNCONN 0 0 :::8053 :::* users:(("docker-proxy",pid=32671,fd=4))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=6623,fd=3))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=6748,fd=13))
tcp LISTEN 0 128 :::8080 :::* users:(("docker-proxy",pid=32659,fd=4))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=6623,fd=4))
tcp LISTEN 0 100 ::1:25 :::* users:(("master",pid=6748,fd=14))
tcp LISTEN 0 128 :::8443 :::* users:(("docker-proxy",pid=32646,fd=4))
[root@centos7 ~]#iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19 1012 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:443
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80
0 0 MASQUERADE udp -- * * 172.17.0.2 172.17.0.2 udp dpt:53
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:172.17.0.2:443
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.17.0.2:80
0 0 DNAT udp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:8053 to:172.17.0.2:53
#杀死nginx进程,nginx将关闭,相应端口也会关闭
[root@centos7 ~]#kill <NGINXPID>
查看容器已经映射的端口
docker port 可以查看容器的端口映射关系
格式
docker port CONTAINER [PRIVATE_PORT[/PROTO]]范例:
[root@centos7 ~]#docker port nginx-c1
443/tcp -> 0.0.0.0:8443
53/udp -> 0.0.0.0:8053
80/tcp -> 0.0.0.0:8080
[root@centos7 ~]#docker port nginx-c1 53/udp
0.0.0.0:8053本文链接:http://www.yunweipai.com/34799.html
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/52651.html