docker-容器端口映射

随机映射端口

docker run -P 可以将事先容器预定义的端口映射宿主机的随机端口,默认从32768开始

[root@docker-server1 ~]# docker pull nginx #下载nginx 镜像
[root@docker-server1 ~]# docker run -P docker.io/nginx  #前台启动并随机映射本地端口到容器的80

范例:

[root@centos7 ~]#docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Pull complete 
a53c868fbde7: Pull complete 
79daf9dd140d: Pull complete 
Digest: sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@centos7 ~]#docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@centos7 ~]#ss -ntl
State      Recv-Q Send-Q          Local Address:Port                         Peer Address:Port              
LISTEN     0      128                         *:22                                      *:*                  
LISTEN     0      100                 127.0.0.1:25                                      *:*                  
LISTEN     0      128                        :::22                                     :::*                  
LISTEN     0      100                       ::1:25                                     :::*  

#前台启动的会话窗口无法进行其他操作,除非退出,但是退出后容器也会退出
[root@centos7 ~]#docker run -P nginx 
172.17.0.1 - - [26/Jan/2020:06:44:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"

#另开一个窗口执行下面命令
[root@centos7 ~]#ss -ntl
State      Recv-Q Send-Q          Local Address:Port                         Peer Address:Port              
LISTEN     0      128                         *:22                                      *:*                  
LISTEN     0      100                 127.0.0.1:25                                      *:*                  
LISTEN     0      128                        :::22                                     :::*                  
LISTEN     0      100                       ::1:25                                     :::*                  
LISTEN     0      128                        :::32768                                  :::* 
[root@centos7 ~]#docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
78086069642b        nginx               "nginx -g 'daemon of…"   23 seconds ago      Up 21 seconds       0.0.0.0:32768->80/tcp   gallant_austin
[root@centos7 ~]#curl 127.0.0.1:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@centos7 ~]#

#自动生成Iptables规则
[root@centos7 ~]#iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  1012 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.4           172.17.0.4           tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            10.0.0.7             tcp dpt:32768 to:172.17.0.2:80

#回到之前的会话窗口,同时按两个 ctrl+c 键退出容器
[root@centos7 ~]#docker run -P nginx 
172.17.0.1 - - [26/Jan/2020:06:44:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-"
^C[root@centos7 ~]#docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS               NAMES
78086069642b        nginx               "nginx -g 'daemon of…"   3 minutes ago       Exited (0) 5 seconds ago                       gallant_austin
[root@centos7 ~]#
指定端口映射

docker run -p 可以将容器的预定义的指定端口映射到宿主机的相应端口

注意:多个容器映射到宿主机的端口不能冲突,但容器内使用的端口可以相同

方式1:本地端口81映射到容器80端口:

docker run  -p 81:80 --name nginx-test-port1 nginx

方式2:本地IP:本地端口:容器端口

docker run  -p 192.168.0.100:82:80 --name nginx-test-port2 docker.io/nginx

方式3:本地IP:本地随机端口:容器端口,默认从32768开始

docker run -p 192.168.0.100::80 --name nginx-test-port3 docker.io/nginx

方式4:本机ip:本地端口:容器端口/协议,默认为tcp协议

docker run  -p 192.168.0.100:83:80/udp --name nginx-test-port4 docker.io/nginx

方式5:一次性映射多个端口+协议:

docker run  -p 8080:80/tcp -p 8443:443/tcp -p 53:53/udp --name nginx-test-port5  nginx

范例:

[root@centos7 ~]#docker run -d  -p 8080:80 -p 8443:443 -p 8053:53/udp nginx
a902b177bb7135ad8a8a179dbf8ce02dcc4806a1136475e59c2310833d7434ab
[root@centos7 ~]#docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                               NAMES
a902b177bb71        nginx               "nginx -g 'daemon of…"   5 seconds ago       Up 4 seconds        0.0.0.0:8053->53/udp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp   affectionate_aryabhata
[root@centos7 ~]#ss -ntpul
Netid  State      Recv-Q Send-Q       Local Address:Port                      Peer Address:Port              
udp    UNCONN     0      0                127.0.0.1:323                                  *:*                   users:(("chronyd",pid=6292,fd=1))
udp    UNCONN     0      0                      ::1:323                                 :::*                   users:(("chronyd",pid=6292,fd=2))
udp    UNCONN     0      0                       :::8053                                :::*                   users:(("docker-proxy",pid=32671,fd=4))
tcp    LISTEN     0      128                      *:22                                   *:*                   users:(("sshd",pid=6623,fd=3))
tcp    LISTEN     0      100              127.0.0.1:25                                   *:*                   users:(("master",pid=6748,fd=13))
tcp    LISTEN     0      128                     :::8080                                :::*                   users:(("docker-proxy",pid=32659,fd=4))
tcp    LISTEN     0      128                     :::22                                  :::*                   users:(("sshd",pid=6623,fd=4))
tcp    LISTEN     0      100                    ::1:25                                  :::*                   users:(("master",pid=6748,fd=14))
tcp    LISTEN     0      128                     :::8443                                :::*                   users:(("docker-proxy",pid=32646,fd=4))
[root@centos7 ~]#iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  1012 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:80
    0     0 MASQUERADE  udp  --  *      *       172.17.0.2           172.17.0.2           udp dpt:53

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443 to:172.17.0.2:443
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.17.0.2:80
    0     0 DNAT       udp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:8053 to:172.17.0.2:53

#杀死nginx进程,nginx将关闭,相应端口也会关闭
[root@centos7 ~]#kill  <NGINXPID>
查看容器已经映射的端口

docker port 可以查看容器的端口映射关系

格式

docker port CONTAINER [PRIVATE_PORT[/PROTO]]

范例:

[root@centos7 ~]#docker port nginx-c1
443/tcp -> 0.0.0.0:8443
53/udp -> 0.0.0.0:8053
80/tcp -> 0.0.0.0:8080
[root@centos7 ~]#docker port nginx-c1 53/udp
0.0.0.0:8053

本文链接:http://www.yunweipai.com/34799.html

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/courses/52651.html

(0)
上一篇 2021年8月6日 16:42
下一篇 2021年8月6日 16:42

相关推荐

发表回复

登录后才能评论