DockerÍøÂç·ÃÎÊdocker»áÔÚ±¾µØ°²×°Ò»¸öÍøÇÅ£º
[root@node121 ~]# brctl show
bridge name bridgeid STP enabled interfaces
docker0 8000.7ee2e924ad83 no veth0e7c64a
veth7aa75fc
[root@node121 ~]# ifconfig
docker0 Linkencap:Ethernet HWaddr7E:E2:E9:24:AD:83
inetaddr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6addr: fe80::d0bd:1cff:feec:f9ae/64 Scope:Link
UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RXpackets:48 errors:0 dropped:0 overruns:0 frame:0
TXpackets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RXbytes:3171 (3.0 KiB) TX bytes:1095 (1.0KiB)
·À»ðǽ¹æÔò£º
[root@node121 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot optsource destination
Chain FORWARD (policy ACCEPT)
target prot optsource destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
[root@node121 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot optsource destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE matchdst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot optsource destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot optsource destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPEmatch dst-type LOCAL
Chain DOCKER (2 references)
target protopt source destination
nginx dockerÈÝÆ÷ÄÚ²Ù×÷£º
root@5df8eb0d89ad:/# ip ad li
24: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu1500 qdisc noqueue state UP
link/ether02:42:ac:11:00:07 brd ff:ff:ff:ff:ff:ff
inet172.17.0.7/16 scope global eth0
inet6fe80::42:acff:fe11:7/64 scope link
valid_lftforever preferred_lft forever
26: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdiscnoqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet127.0.0.1/8 scope host lo
inet6::1/128 scope host
valid_lftforever preferred_lft forever
²é¿´Â·ÓÉ±í£º
root@5df8eb0d89ad:/# ip ro li
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.7
default via 172.17.42.1 dev eth0
¶Ë¿ÚÓ³É䣺
·½·¨Ò»£ºÍ¨¹ýËæ»ú¶Ë¿ÚÀ´½øÐÐÓ³É䣺
[root@node121 ~]# docker run -d -P --name mynginx1 nginx
c679fea2361af0c4d3cea0689372210300e69abeaaae49c47ceca7df7fc6ed28
[root@node121 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c679fea2361a nginx "nginx -g'daemon of 41 seconds ago Up 39 seconds 0.0.0.0:1025->80/tcp,0.0.0.0:1024->443/tcp mynginx1
½«dockerÈÝÆ÷ÀïµÄ80¶Ë¿ÚÓ³Éäµ½±¾»úµÄ1025,½«docketÈÝÆ÷µÄ443¶Ë¿ÚÓ³ÉäΪ±¾»úµÄ1024¶Ë¿Ú
ͨ¹ýIE¿ÉÒÔ·ÃÎÊDOCKERÀïÃæµÄ·þÎñ£ºhttp://192.168.2.121:1025
·½·¨¶þ£ºÍ¨¹ýÖ¸¶¨±¾µØµÄ¶Ë¿ÚÀ´Ó³ÉädocketÀïÃæµÄ¶Ë¿Ú
[root@node121 ~]# docker run -d -p 91:80 --namemynginx2 nginx #91ËÞÖ÷»úµÄ¶Ë¿Ú£¬80ΪdockerÀïÃæµÄ¶Ë¿Ú
1bc79073b6ea34632a46a75f4ebf3fa9fceafaf9f6a87de5d0e2c61738b91aa7
[root@node121 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1bc79073b6ea nginx "nginx -g'daemon of 16 seconds ago Up 15 seconds 443/tcp, 0.0.0.0:91->80/tcp mynginx2
¿ÉÒÔͨ¹ý¶àÖÖ·½Ê½À´Ö¸¶¨£º
-p hostport:containerport
-p ip:hostport:containerport
-p ip::containerport
-p hostport:containerport
-p hostport:containerport
ͨ¹ýÃüÁîÖ»×öÁË91µ½80¶Ë¿ÚµÄÓ³Éä
¿ÉÒÔͨ¹ýhttp://192.168.2.121:91À´·ÃÎÊ
ʵ¼ÊÉÏÊÇÔÚ·À»ðǽÉÏÔö¼ÓÁËÒ»Ìõ¹æÔò£º
[root@node121 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target protopt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target protopt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.8 172.17.0.8 tcp dpt:443
MASQUERADE tcp -- 172.17.0.8 172.17.0.8 tcp dpt:80
MASQUERADE tcp -- 172.17.0.9 172.17.0.9 tcp dpt:80
Chain OUTPUT (policy ACCEPT)
target prot optsource destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPEmatch dst-type LOCAL
Chain DOCKER (2 references)
target prot optsource destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1024to:172.17.0.8:443
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1025to:172.17.0.8:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:91to:172.17.0.9:80
