0
我有幾個docker容器啓動並使用docker-compose運行。 Nginx通過9000/tcp的內部端口轉發連接到PHP。 PHP通過內部轉發連接到mysql。 Nginx可在公共NIC上訪問!Docker暴露端口瘋狂
運行postfix的另一個容器基於相同的baseimage,並且配置/啓動與Nginx容器完全相同,但其端口無法從Internet訪問。
nginx和postfix都以同樣的方式暴露,爲什麼後綴無法訪問?
nginx的(Dockerfile)
...
EXPOSE 80/tcp 443/tcp
...
後綴(Dockerfile)
...
EXPOSE 25/tcp 465/tcp 587/tcp
...
搬運工-compose.yml
...nginx
ports:
- "80:80/tcp"
- "443:443/tcp"
...
and
...postfix
ports:
- "25:25/tcp"
- "465:465/tcp"
- "587:587/tcp"
...
搬運工PS -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
550cf81ccfc3 nginx "nginx -g 'daemon ..." 17 minutes ago Up 17 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
5b1b823c8b75 postfix "/run.sh" 17 minutes ago Up 17 minutes 0.0.0.0:25->25/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:587->587/tcp postfix
f7541058c973 php "php5-fpm -F" 17 minutes ago Up 17 minutes 9000/tcp php
ad1d1db33351 mysql "/sbin/entrypoint...." 17 minutes ago Up 17 minutes 3306/tcp mysql
netstat的 -
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 464/sshd
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 461/rsyslogd
tcp6 0 0 :::25 :::* LISTEN 24924/docker-proxy
tcp6 0 0 :::443 :::* LISTEN 24937/docker-proxy
tcp6 0 0 :::514 :::* LISTEN 461/rsyslogd
tcp6 0 0 :::587 :::* LISTEN 24899/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 24975/docker-proxy
tcp6 0 0 :::465 :::* LISTEN 24912/docker-proxy
的iptables -S所有IPS
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-A DOCKER -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 587 -j ACCEPT
-A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 465 -j ACCEPT
-A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
遠程登錄:端口工作正常,從碼頭工人的主機。
NMAP從外到公網IP:
25: filtered
80: open
110: filtered (although there is no service running, ~* weird *~)
443: open
465: filtered
587: filtered
UNAME -a
Linux h2127057 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
知道如何解決?
什麼是您的操作系統?Windows,Mac或Linux? – user2915097
對不起,我忘記了...... debian:jessie – David
確保Postfix正在監聽所有接口(0.0.0.0),請嘗試'netstat -na'容器 – Robert