企业级SpringCloud项目之DockerNetwork"/>
ThinkPad物理机安装Linux系统实战企业级SpringCloud项目之DockerNetwork
ThinkPad物理机安装Linux系统实战企业级SpringCloud项目之DockerNetwork
- 前言
- 基本环境
- Linux虚拟网络
- Docker安装使用
- 检查环境
- 容器
- 镜像
- Docker网络
- 简介
- 基础命令
- 显示所有docker局域网络 `docker network ls`
- 显示某个局域网络信息 `docker network inspect bridge`
- Bridge模式
- Host模式
- None模式
- Container模式
- 创建、删除一个docker自定义网络:`docker network create|rm`
- Docker自定义网络
- 将某个容器连接到一个docker网络:`docker network connect xxx网络 xxx容器`
- 把原有容器连接到新的网络
- 创建一个新的容器连接到自定义网络
- 将某个容器退出某个局域网络:`docker network disconnect `
- 删除所有未引用的docker局域网络:`docker network prune`
- 测试通过局域网访问entry_nginx代理访问protal_nginx项目
- 验证物理机访问entry_nginx
- 验证entry_nginx容器里访问protal_nginx
- 配置entry_nginx让其物理机访问entry_nginx反向代理访问protal_nginx
- 修改vim /usr/etc/docker/entrynginx/conf.d/default.conf
- 重启entry_nginx容器:`docker restart 7a47fefa41fe`
- 再次验证容器外访问通过反向代理访问protal_nginx可通
- Nginx配置请移步
前言
场景一:
- 服务器上安装了MySQL,Docker里有容器Redis,容器Nginx、容器Website等
- 如何实现Nginx能打开Website,Website能访问Redis和MySQL?
- 这就涉及主机与容器通信,容器与容器通信
场景二:
- 服务器安装Nginx做代理
- 服务器安装Docker,创建多个多种容器
- 或创建多个Nginx容器部署多个相互独立的前端应用服务
- 如何实现所有请求都从主机Nginx进来
- 虽然Nginx根据配置可以实现部署多个前端服务,常见3种方法:
基于域名配置
基于端口配置
基于location配置 - 同样涉及主机与容器通信,容器与容器通信
Docker Network便闪亮登场
本篇只针对单机,不涉及集群
基本环境
Linux虚拟网络
Linux虚拟网络基础:ThinkPad物理机安装Linux系统实战之Linux网络虚拟化技术
Docker安装使用
Docker安装使用详解:ThinkPad物理机安装Linux系统实战之Docker安装使用详解
检查环境
容器
列举正在运行容器:docker ps ,可以看见我们已经运行着一个entry_nginx
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
92cdb6419fa8 jenkinsci/blueocean "/sbin/tini -- /usr/…" 2 weeks ago Up 2 weeks 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp, 0.0.0.0:9999->8080/tcp, :::9999->8080/tcp aiguibin_jenkins
7a3fcd26c5b8 sonatype/nexus3 "/opt/sonatype/nexus…" 2 weeks ago Up 2 weeks 0.0.0.0:18081->8081/tcp, :::18081->8081/tcp aiguibin_nexus
7a47fefa41fe nginx "/docker-entrypoint.…" 2 weeks ago Up 2 weeks 0.0.0.0:8080->80/tcp, :::8080->80/tcp entry_nginx
局域网访问:http://192.168.0.103:8080,或终端访问:curl http://127.0.0.1:8080
[root@localhost ~]# curl http://127.0.0.1:8080/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="/">nginx</a>.<br/>
Commercial support is available at
<a href="/">nginx</a>.</p><p><em>Thank you for using nginx AIguibin.</em></p>
</body>
</html>
[root@localhost conf.d]# cd ~
[root@localhost ~]# curl http://127.0.0.1:80
curl: (7) Failed connect to 127.0.0.1:80; 拒绝连接
以上检验了上次的成果,验证了我们的服务正常运行
镜像
列举本地镜像:docker images
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sonatype/nexus3 latest b79f9040bb73 4 weeks ago 550MB
nginx latest 1403e55ab369 5 weeks ago 142MB
jenkinsci/blueocean latest 04540a0bb985 4 months ago 579MB
Docker网络
简介
Docker Network是Docker的四大对象之一,是容器的网络功能对象。通过Network命令集进行管理。
- Docker自身的有4种网络工作方式,和一些自定义网络模式
- 安装Docker时,它会自动创建三个网络,bridge、 none 、host
- Bridge:此模式会为每一个容器分配、设置IP等,并将容器连接到一个docker0虚拟网桥,通过docker0网桥以及Iptables nat表配置与宿主机通信,创建容器默认连接到此网络。
- host:容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。
- None:该模式关闭了容器的网络功能。
- Container:创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围。
基础命令
惯用伎俩:docker network --help
[root@localhost ~]# docker network --helpUsage: docker network COMMANDManage networksCommands:connect Connect a container to a networkcreate Create a networkdisconnect Disconnect a container from a networkinspect Display detailed information on one or more networksls List networksprune Remove all unused networksrm Remove one or more networksRun 'docker network COMMAND --help' for more information on a command.
[root@localhost ~]#
- connect 将某个容器连接到一个docker网络
- create 创建一个docker局域网络
- disconnect 将某个容器退出某个局域网络
- inspect 显示某个局域网络信息
- ls 显示所有docker局域网络
- prune 删除所有未引用的docker局域网络
- rm 删除docker网络
命令不多,但对于Docker Compose容器编排和网络设计属于必须掌握
显示所有docker局域网络 docker network ls
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
75d966237f31 bridge bridge local
84ca42482079 host host local
b0bd7119c0c0 none null local
由此可见:安装Docker时,自动创建bridge、host、none
显示某个局域网络信息 docker network inspect bridge
Bridge模式
这里直接看Bridge模式:
- Docker内置这三个网络,运行容器时,你可以使用该–network标志来指定容器应连接到哪些网络。
- 该bridge网络代表docker0所有Docker安装中存在的网络。
- 除非你使用该docker run --network=选项指定
- 否则Docker守护程序默认将容器连接到此网络。
[root@localhost ~]# docker network inspect bridge
[{"Name": "bridge","Id": "75d966237f318a77ffb8e9a07d1ee9ae0c086e24e17a36bd4c1941d62aa26f38","Created": "2023-01-02T21:36:03.925204487+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"7a3fcd26c5b84510fa0829f1dbc0a2c8cffc13a2749dd973f02038c20ef349f6": {"Name": "aiguibin_nexus","EndpointID": "2216979bd620fbd066c7a477a7b5d590dcb5dd25e02148c2ad2ff4a978f1cf73","MacAddress": "02:42:ac:11:00:03","IPv4Address": "172.17.0.3/16","IPv6Address": ""},"7a47fefa41fe4b3459d68857c9f4e43543cba12bddb1f5167a0c04e660c1798c": {"Name": "entry_nginx","EndpointID": "7ed467b052d1d412aa4d023643fec535cfe7b9d28e64def46cf7036790f8a7dc","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""},"92cdb6419fa89a9280a78c82056e17e08a836b6509a60d893a28e04c164d832e": {"Name": "aiguibin_jenkins","EndpointID": "4acfda02e2d31fb48079b4d194017bd0a32abe250dc87623e862370053bb251b","MacAddress": "02:42:ac:11:00:04","IPv4Address": "172.17.0.4/16","IPv6Address": ""}},"Options": {"com.dockerwork.bridge.default_bridge": "true","com.dockerwork.bridge.enable_icc": "true","com.dockerwork.bridge.enable_ip_masquerade": "true","com.dockerwork.bridge.host_binding_ipv4": "0.0.0.0","com.dockerwork.bridge.name": "docker0","com.dockerwork.driver.mtu": "1500"},"Labels": {}}
]
宿主机的网络情况:
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255inet6 fe80::42:30ff:fe26:d1e9 prefixlen 64 scopeid 0x20<link>ether 02:42:30:26:d1:e9 txqueuelen 0 (Ethernet)RX packets 139435 bytes 40275433 (38.4 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 243162 bytes 323124031 (308.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0enp0s25: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500ether 00:21:cc:c2:c7:9b txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0device interrupt 20 memory 0xf2500000-f2520000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 49 bytes 8185 (7.9 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 49 bytes 8185 (7.9 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth3f47302: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::786c:a2ff:fe82:e179 prefixlen 64 scopeid 0x20<link>ether 7a:6c:a2:82:e1:79 txqueuelen 0 (Ethernet)RX packets 96 bytes 9584 (9.3 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 149 bytes 13284 (12.9 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth449ee65: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::1cb8:b6ff:fec8:b54 prefixlen 64 scopeid 0x20<link>ether 1e:b8:b6:c8:0b:54 txqueuelen 0 (Ethernet)RX packets 1498 bytes 667924 (652.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2302 bytes 2976318 (2.8 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0vethec7a7e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::d8ef:3eff:feb4:c6a0 prefixlen 64 scopeid 0x20<link>ether da:ef:3e:b4:c6:a0 txqueuelen 0 (Ethernet)RX packets 13102 bytes 11975267 (11.4 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 14624 bytes 9954607 (9.4 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.0.103 netmask 255.255.255.0 broadcast 192.168.0.255inet6 fe80::8e70:5aff:fede:9ef4 prefixlen 64 scopeid 0x20<link>ether 8c:70:5a:de:9e:f4 txqueuelen 1000 (Ethernet)RX packets 10707088 bytes 3971115237 (3.6 GiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1655222 bytes 241228000 (230.0 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0网络拓扑图:
- 从服务器外访问容器是通过端口映射方式,访问的IP地址和端口并非容器的真实IP和端口,而是宿主机器的端口映射,所以要从服务器外部访问容器,需要通过宿主机器的IP/域名+宿主端口进行访问
- 物理机笔记本连接的是无线网络,使用的是wlp3s0网卡
- docker0虚拟网络连接至主机网络,作为交换机使用
- 三个容器创建的时候做了与主机端口的映射,分别虚拟了三对网卡,eth0在是容器内部的,veth3f47302、veth449ee65、vethec7a7e6主机虚拟网卡分别对应三个容器
- enp0s25 为网线网卡,如果网线连接物理机网卡就是enp0s25
- lo 为回环
再回首:
- Docker会默认创建一个内部的桥接网络docker0;
- 创建启动容器的时候不指定–network参数,会默认连接至docker0网络,默认为容器分配一个虚拟网卡,分配内部ip;
- 根据docker network inspect bridge看的三个容器的内部IP,彼此之间是可以通过IP地址访问的,例如:
进入entry_nginx容器
[root@localhost ~]# docker exec -it 7a47fefa41fe4b3459 /bin/bash
root@7a47fefa41fe:/# ping 172.17.0.4
bash: ping: command not found
# 此处由于容器内部没有ping 使用curl测试
通过ip访问aiguibin_jenkins容器
root@7a47fefa41fe:/# curl 172.17.0.4:80
curl: (7) Failed to connect to 172.17.0.4 port 80: Connection refused
root@7a47fefa41fe:/# curl 172.17.0.4:8080
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/><script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white; color:white;'>
Authentication required
</body></html>
通过ip访问aiguibin_nexus容器
curl: (7) Failed to connect to 172.17.0.3 port 8080: Connection refused
root@7a47fefa41fe:/# curl 172.17.0.3:8081<!DOCTYPE html>
<html lang="en">
<head><title>Nexus Repository Manager</title>...内容过多略...
</head>
<body class="x-border-box">...内容过多略...
</body>
</html>
root@7a47fefa41fe:/#
通过容器名称访问
root@7a47fefa41fe:/# curl aiguibin_nexus:8081
curl: (6) Could not resolve host: aiguibin_nexus
root@7a47fefa41fe:/# curl aiguibin_jenkins:8080
curl: (6) Could not resolve host: aiguibin_jenkins
root@7a47fefa41fe:/#
通过主机使用IP访问容器
[root@localhost ~]# ping 172.17.0.4
PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data.
64 bytes from 172.17.0.4: icmp_seq=1 ttl=64 time=0.130 ms
64 bytes from 172.17.0.4: icmp_seq=2 ttl=64 time=0.111 ms
64 bytes from 172.17.0.4: icmp_seq=3 ttl=64 time=0.106 ms
64 bytes from 172.17.0.4: icmp_seq=4 ttl=64 time=0.110 ms
^Z
[1]+ 已停止 ping 172.17.0.4
[root@localhost ~]# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.132 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.107 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.131 ms
通过主机使用容器名访问
[root@localhost ~]# ping aiguibin_nexus
ping: aiguibin_nexus: 未知的名称或服务
[root@localhost ~]# ping entry_nginx
ping: entry_nginx: 未知的名称或服务
[root@localhost ~]#
通过以上测试可以理解Docker默认创建的Bridge桥接网络
- Docker基于Virtual Ethernet Pair技术实现了容器之间的通信,但并非直接端对端对接,在默认网络bridge模式下,Docker引擎会分别在每个容器和宿主网络建立一对虚拟网卡veth pair,通过bridge间接实现通信,通过network namespace实现网络隔离
- 容器之间是互相隔离的
- 主机是可以ping通容器的通过容器ip
- 主机无法通过容器名称ping通容器
- 容器之间可以通过ip访问
- 容器之间无法通过容器名称互联
Host模式
直接使用宿主机的 IP 地址与外界进行通信,不再需要额外进行NAT 转换
容器将不会获得一个独立的Network Namespace(图中左上角), 而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡而是使用宿主机的IP和端口
Docker启动时指定–network=host或-net=host,如果还指定了-p映射端口,那这个时候就会有此警告,并且通过-p设置的参数将不会起到任何作用,端口号会以主机端口号为主,重复时则递增
None模式
容器有独立的网络栈,但不包含任何网络配置,只具有lo这个loopback网卡用于进程通信。也就是说,none模式为容器做了最少的网络设置,但是俗话说得好“少即是多”,在没有网络配置的情况下,通过第三方工具或者手工的方式,开发这任意定制容器的网络,提供了最高的灵活性。
Container模式
- Docker中一种较为特别的网络的模式。在这个模式下的容器,会使用其他容器的网络命名空间,其网络隔离性会处于bridge桥接模式与host模式之间。当容器共享其他容器的网络命名空间,则在这两个容器之间不存在网络隔离,而她们又与宿主机以及除此之外其他的容器存在网络隔离。
- 新建的容器和已经存在的一个容器共享一个网络IP配置而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的
- 在这种模式下的容器可以通过localhost来同一网络命名空间下的其他容器,传输效率较高。而且这种模式还节约了一定数量的网络资源,但它并没有改变容器与外界通信的方式。
- 在一些特殊的场景中非常有用,例如,kubernetes的pod,kubernetes为pod创建一个基础设施容器,同一pod下的其他容器都以其他容器模式共享这个基础设施容器的网络命名空间,相互之间以localhost访问,构成一个统一的整体。
docker run -it --network container:已存在的容器名称 --name 新的容器名称 镜像 /bin/bash
docker run -it --network container:entry_nginx --name other_nginx nginx /bin/bash
创建、删除一个docker自定义网络:docker network create|rm
Docker自定义网络
自定义网络新建时默认依旧是bridge模式
- 当用户创建了自定义网络,Docker引擎默认会对加入该网络的容器启动嵌入式DNS,因此同一网络的容器可以互相通过容器名称进行通信,您可以连接并断开网络中的运行容器,而无需重新启动容器
- Docker提供了创建这些网络的默认网络驱动程序,你可以创建一个新的Bridge网络,Overlay或Macvlan网络。你还可以创建一个网络插件或远程网络进行完整的自定义和控制。并且Docker1.9以上的版本默认自带了bridge和overlay两种类型的自定义网络网络驱动程序。可以用于集成calico、weave、openvswitch等第三方厂商的网络实现。
- 基于Bdrige网络驱动程序的网络,Docker会自动为其创建iptables规则,保证与其他网络之间、与docker0之间的网络隔离。除此之外,bridge网络驱动程序的所有行为都和默认的bridge模式完全一致。
- 基于Overlay网络驱动程序的网络,可以实现容器的跨主机通信。
- 基于Macvlan网络驱动程序的网络,是一个新的尝试,是真正的网络虚拟化技术的转折点。Linux实现非常轻量级,因为与传统的Linux Bridge隔离相比,它们只是简单地与一个Linux以太网接口或子接口相关联,以实现网络之间的分离和与物理网络的连接。Macvlan提供了许多独特的功能,并有充足的空间进一步创新与各种模式。这些方法的两个高级优点是绕过Linux网桥的正面性能以及移动部件少的简单性。删除传统上驻留在Docker主机NIC和容器接口之间的网桥留下了一个非常简单的设置,包括容器接口,直接连接到Docker主机接口。由于在这些情况下没有端口映射,因此可以轻松访问外部服务。
列举:docker network ls
创建:docker network create local
删除:docker network rm local
详情:docker network inspect local
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
75d966237f31 bridge bridge local
84ca42482079 host host local
b0bd7119c0c0 none null local
[root@localhost ~]# docker network create local
6ad89e6a3933f187eec42ed3993b9e7cb0b3f2d36e9c009f7d0af6a076bf757d
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
75d966237f31 bridge bridge local
84ca42482079 host host local
6ad89e6a3933 local bridge local
b0bd7119c0c0 none null local
[root@localhost ~]# docker network rm local
local
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
75d966237f31 bridge bridge local
84ca42482079 host host local
b0bd7119c0c0 none null local
[root@localhost ~]# docker network create aiguibin
d8caad41bc0e51c744b1a40448f017ea2e5c8cb9191b79e6970e1400bca99d14
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d8caad41bc0e aiguibin bridge local
75d966237f31 bridge bridge local
84ca42482079 host host local
b0bd7119c0c0 none null local
[root@localhost ~]# docker network inspect aiguibin
[{"Name": "aiguibin","Id": "d8caad41bc0e51c744b1a40448f017ea2e5c8cb9191b79e6970e1400bca99d14","Created": "2023-01-27T15:18:10.032968046+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "172.19.0.0/16","Gateway": "172.19.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {},"Options": {},"Labels": {}}
]
将某个容器连接到一个docker网络:docker network connect xxx网络 xxx容器
把原有容器连接到新的网络
[root@localhost ~]# docker network connect aiguibin entry_nginx
[root@localhost ~]# docker network inspect aiguibin
[{"Name": "aiguibin","Id": "d8caad41bc0e51c744b1a40448f017ea2e5c8cb9191b79e6970e1400bca99d14","Created": "2023-01-27T15:18:10.032968046+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "172.19.0.0/16","Gateway": "172.19.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"7a47fefa41fe4b3459d68857c9f4e43543cba12bddb1f5167a0c04e660c1798c": {"Name": "entry_nginx","EndpointID": "15f93a13b6df507347b80b49fb701f2a2345e47080853a7d4056643995ea8874","MacAddress": "02:42:ac:13:00:02","IPv4Address": "172.19.0.2/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]
创建一个新的容器连接到自定义网络
[root@localhost ~]# docker run --network aiguibin --name protal_nginx \
> -v /usr/etc/docker/protalnginx/nginx.conf:/etc/nginx/nginx.conf \
> -v /usr/etc/docker/protalnginx/conf.d:/etc/nginx/conf.d \
> -v /var/log/docker/protalnginx/nginx:/var/log/nginx \
> -v /usr/share/docker/protalnginx/html:/usr/share/nginx/html \
> -v /var/run/docker.sock:/var/run/docker.sock \
> --restart=always \
> -d nginx
f666d4138ecb395f8d9b74708a0628661bd09b41fde0d7721b8cf34bf5d2a074
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f666d4138ecb nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp protal_nginx
92cdb6419fa8 jenkinsci/blueocean "/sbin/tini -- /usr/…" 2 weeks ago Up 24 hours 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp, 0.0.0.0:9999->8080/tcp, :::9999->8080/tcp aiguibin_jenkins
7a3fcd26c5b8 sonatype/nexus3 "/opt/sonatype/nexus…" 2 weeks ago Up 2 weeks 0.0.0.0:18081->8081/tcp, :::18081->8081/tcp aiguibin_nexus
7a47fefa41fe nginx "/docker-entrypoint.…" 3 weeks ago Up 3 weeks 0.0.0.0:8080->80/tcp, :::8080->80/tcp entry_nginx
[root@localhost ~]# docker network inspect aiguibin
[{"Name": "aiguibin","Id": "d8caad41bc0e51c744b1a40448f017ea2e5c8cb9191b79e6970e1400bca99d14","Created": "2023-01-27T15:18:10.032968046+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "172.19.0.0/16","Gateway": "172.19.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"7a47fefa41fe4b3459d68857c9f4e43543cba12bddb1f5167a0c04e660c1798c": {"Name": "entry_nginx","EndpointID": "15f93a13b6df507347b80b49fb701f2a2345e47080853a7d4056643995ea8874","MacAddress": "02:42:ac:13:00:02","IPv4Address": "172.19.0.2/16","IPv6Address": ""},"f666d4138ecb395f8d9b74708a0628661bd09b41fde0d7721b8cf34bf5d2a074": {"Name": "protal_nginx","EndpointID": "e3e7eafd887210d452035f8ed8c5da860bd38a82a6984e81cc6c4661f8465ad2","MacAddress": "02:42:ac:13:00:03","IPv4Address": "172.19.0.3/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]将某个容器退出某个局域网络:docker network disconnect
删除所有未引用的docker局域网络:docker network prune
测试通过局域网访问entry_nginx代理访问protal_nginx项目
验证物理机访问entry_nginx
[root@localhost ~]# curl http://127.0.0.1:80
curl: (7) Failed connect to 127.0.0.1:80; 拒绝连接
[root@localhost ~]# curl http://127.0.0.1:8080
<!DOCTYPE html>
<html>
<head>.....<p><em>Thank you for using nginx AIguibin.</em></p>
</body>
</html>
验证entry_nginx容器里访问protal_nginx
[root@localhost ~]# docker exec -it entry_nginx /bin/bash
root@7a47fefa41fe:/# curl protal_nginx:80
<!DOCTYPE html>
<html lang="en"><head><meta charset="UTF-8" /><link rel="icon" type="image/svg+xml" href="./vite.svg" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>aiguibin-protal-gateway</title><script type="module" crossorigin src="./assets/index-87b20e55.js"></script><link rel="stylesheet" href="./assets/index-c72bfea7.css"></head><body><div id="app"></div></body>
</html>
root@7a47fefa41fe:/# curl protal_nginx:8080
curl: (7) Failed to connect to protal_nginx port 8080: Connection refused
root@7a47fefa41fe:/# exit
配置entry_nginx让其物理机访问entry_nginx反向代理访问protal_nginx
修改vim /usr/etc/docker/entrynginx/conf.d/default.conf
server {listen 80;listen [::]:80;server_name localhost;#access_log /var/log/nginx/host.access.log main;location / {root /usr/share/nginx/html;index index.html index.htm;}# 增加一个locationlocation /protal/ {proxy_pass http://protal_nginx:80/;}error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}
}
location /protal/ {} 中的"/protal/"最后边的“/” 有无的区别:
- 不带 / 当访问 www.nginx-test/test 时, Nginx 先找是否有 test 目录,如果有则找 test 目录下的 index.html ;如果没有 test 目录, nginx 则会找是否有 test 文件。
- 带 / 当访问 www.nginx-test/test 时, Nginx 先找是否有 test 目录,如果有则找 test 目录下的 index.html ,如果没有它也不会去找是否存在 test 文件
“proxy_pass http://protal_nginx:80/;”中的最后边的“/”有无的区别:http://192.168.0.103:8080/protal/index.html
- 不带 / 意味着 Nginx 不会修改用户 URL ,而是直接透传给上游的应用服务器;
等于http://protal_nginx:80/protal/index.html - 带 / 意味着 Nginx 会修改用户 URL ,修改方法是将 location 后的 URL 从用户 URL 中删除;
等于http://protal_nginx:80/index.html
重启entry_nginx容器:docker restart 7a47fefa41fe
[root@localhost conf.d]# docker restart 7a47fefa41fe
7a47fefa41fe
[root@localhost conf.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f666d4138ecb nginx "/docker-entrypoint.…" 8 days ago Up 8 days 80/tcp protal_nginx
92cdb6419fa8 jenkinsci/blueocean "/sbin/tini -- /usr/…" 3 weeks ago Up 9 days 0.0.0.0:50000->50000/tcp, :::50000->50000/tcp, 0.0.0.0:9999->8080/tcp, :::9999->8080/tcp aiguibin_jenkins
7a3fcd26c5b8 sonatype/nexus3 "/opt/sonatype/nexus…" 4 weeks ago Up 4 weeks 0.0.0.0:18081->8081/tcp, :::18081->8081/tcp aiguibin_nexus
7a47fefa41fe nginx "/docker-entrypoint.…" 4 weeks ago Up 15 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp entry_nginx
[root@localhost conf.d]#
再次验证容器外访问通过反向代理访问protal_nginx可通
protal_nginx只有80端口且不对外,所以我们访问entry_nginx通过:
location /protal/ {
proxy_pass http://protal_nginx:80/;
}
[root@localhost conf.d]# curl http://127.0.0.1:8080/protal/index.html
<!DOCTYPE html>
<html lang="en"><head><meta charset="UTF-8" /><link rel="icon" type="image/svg+xml" href="./vite.svg" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>aiguibin-protal-gateway</title><script type="module" crossorigin src="./assets/index-87b20e55.js"></script><link rel="stylesheet" href="./assets/index-c72bfea7.css"></head><body><div id="app"></div></body>
</html>
[root@localhost conf.d]#
Nginx配置请移步
2万字总结,体系化带你全面认识 Nginx !
更多推荐
ThinkPad物理机安装Linux系统实战企业级SpringCloud项目之DockerNetwork
发布评论