Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
787 views
in Technique[技术] by (71.8m points)

nginx - 如何从Docker容器内部连接到计算机的本地主机?(From inside of a Docker container, how do I connect to the localhost of the machine?)

So I have a Nginx running inside a docker container, I have a mysql running on localhost, I want to connect to the MySql from within my Nginx.

(所以我有一个Nginx在docker容器中运行,我有一个mysql在本地主机上运行,??我想从我的Nginx内部连接到MySql。)

The MySql is running on localhost and not exposing a port to the outside world, so its bound on localhost, not bound on the ip address of the machine.

(MySql在localhost上运行,并且没有将端口暴露给外界,因此它绑定在localhost上,而不绑定在计算机的IP地址上。)

Is there any way to connect to this MySql or any other program on localhost from within this docker container?

(有什么方法可以从此Docker容器中连接到此MySql或localhost上的任何其他程序吗?)

This question is different from "How to get the IP address of the docker host from inside a docker container" due to the fact that the IP address of the docker host could be the public IP or the private IP in the network which may or may not be reachable from within the docker container (I mean public IP if hosted at AWS or something).

(此问题与“如何从Docker容器内部获取Docker主机的IP地址”不同,这是因为Docker主机的IP地址可以是网络中的公共IP或私有IP,这可能是也可能是无法从docker容器中访问(我的意思是公共IP,如果托管在AWS或其他地方)。)

Even if you have the IP address of the docker host it does not mean you can connect to docker host from within the container given that IP address as your Docker network may be overlay, host, bridge, macvlan, none etc which restricts the reachability of that IP address.

(即使您具有Docker主机的IP地址,也并不意味着您可以从容器内部连接到Docker主机,因为IP地址可能会覆盖您的Docker网络,主机,网桥,macvlan等,从而限制Docker的可达性该IP地址。)

  ask by Phil translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Edit: If you are using Docker-for-mac or Docker-for-Windows 18.03+, just connect to your mysql service using the host host.docker.internal .

(编辑:如果您正在使用Docker-for-macDocker-for-Windows 18.03+,只需使用主机host.docker.internal连接到您的mysql服务。)

As of Docker 18.09.3, this does not work on Docker-for-Linux.

(从Docker 18.09.3开始,这不适用于Linux上的Docker。)

A fix has been submitted on March the 8th, 2019 and will hopefully be merged to the code base.

(已在2019年3月8日提交修复程序 ,有望将其合并到代码库中。)

Until then, a workaround is to use a container as described in qoomon's answer .

(在此之前,解决方法是使用qoomon的answer中所述的容器。)


TLDR (TLDR)

Use --network="host" in your docker run command, then 127.0.0.1 in your docker container will point to your docker host.

(在--network="host" docker run命令中使用--network="host" ,然后--network="host"容器中的127.0.0.1将指向您的docker主机。)

Note: This mode only works on Docker for Linux, per the documentation .

(注意: 根据文档 ,此模式仅适用于Linux的Docker。)


Note on docker container networking modes (关于Docker容器联网模式的注意事项)

Docker offers different networking modes when running containers.

(运行容器时,Docker提供了不同的联网模式 。)

Depending on the mode you choose you would connect to your MySQL database running on the docker host differently.

(根据您选择的模式,您将以不同的方式连接到在docker主机上运行的MySQL数据库。)

docker run --network="bridge" (default) (docker run --network =“ bridge”(默认))

Docker creates a bridge named docker0 by default.

(Docker默认创建一个名为docker0的网桥。)

Both the docker host and the docker containers have an IP address on that bridge.

(docker主机和docker容器在该网桥上均具有IP地址。)

on the Docker host, type sudo ip addr show docker0 you will have an output looking like:

(在Docker主机上,输入sudo ip addr show docker0您将看到如下输出:)

[vagrant@docker:~] $ sudo ip addr show docker0
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::5484:7aff:fefe:9799/64 scope link
       valid_lft forever preferred_lft forever

So here my docker host has the IP address 172.17.42.1 on the docker0 network interface.

(所以我的172.17.42.1主机在docker0网络接口上的IP地址为docker0 。)

Now start a new container and get a shell on it: docker run --rm -it ubuntu:trusty bash and within the container type ip addr show eth0 to discover how its main network interface is set up:

(现在启动一个新容器并在其上安装一个外壳: docker run --rm -it ubuntu:trusty bash ,在容器类型ip addr show eth0以发现其主要网络接口的设置:)

root@e77f6a1b3740:/# ip addr show eth0
863: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 66:32:13:f0:f1:e3 brd ff:ff:ff:ff:ff:ff
    inet 172.17.1.192/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::6432:13ff:fef0:f1e3/64 scope link
       valid_lft forever preferred_lft forever

Here my container has the IP address 172.17.1.192 .

(我的容器的IP地址为172.17.1.192 。)

Now look at the routing table:

(现在看一下路由表:)

root@e77f6a1b3740:/# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.17.42.1     0.0.0.0         UG    0      0        0 eth0
172.17.0.0      *               255.255.0.0     U     0      0        0 eth0

So the IP Address of the docker host 172.17.42.1 is set as the default route and is accessible from your container.

(因此, 172.17.42.1主机172.17.42.1的IP地址被设置为默认路由,并且可以从您的容器访问。)

root@e77f6a1b3740:/# ping 172.17.42.1
PING 172.17.42.1 (172.17.42.1) 56(84) bytes of data.
64 bytes from 172.17.42.1: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 172.17.42.1: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 172.17.42.1: icmp_seq=3 ttl=64 time=0.116 ms

docker run --network="host" (泊坞窗运行--network =“ host”)

Alternatively you can run a docker container with network settings set to host .

(或者,您可以运行将网络设置设置为host的docker容器。)

Such a container will share the network stack with the docker host and from the container point of view, localhost (or 127.0.0.1 ) will refer to the docker host.

(这样的容器将与docker主机共享网络堆栈,从容器的角度来看, localhost (或127.0.0.1 )将引用docker主机。)

Be aware that any port opened in your docker container would be opened on the docker host.

(请注意,在Docker容器中打开的任何端口都将在Docker主机上打开。)

And this without requiring the -p or -P docker run option .

(而且这不需要-p-P docker run选项 。)

IP config on my docker host:

(我的Docker主机上的IP配置:)

[vagrant@docker:~] $ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:98:dc:aa brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe98:dcaa/64 scope link
       valid_lft forever preferred_lft forever

and from a docker container in host mode:

(并在主机模式下从Docker容器中获取:)

[vagrant@docker:~] $ docker run --rm -it --network=host ubuntu:trusty ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:98:dc:aa brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe98:dcaa/64 scope link
       valid_lft forever preferred_lft forever

As you can see both the docker host and docker container share the exact same network interface and as such have the same IP address.

(如您所见,docker主机和docker容器共享完全相同的网络接口,因此具有相同的IP地址。)


Connecting to MySQL from containers (从容器连接到MySQL)

bridge mode (桥接模式)

To access MySQL running on the docker host from containers in bridge mode , you need to make sure the MySQL service is listening for connections on the 172.17.42.1 IP address.

(要以桥接模式从容器访问在docker主机上运行的MySQL,您需要确保MySQL服务正在侦听172.17.42.1 IP地址上的连接。)

To do so, make sure you have either bind-address = 172.17.42.1 or bind-address = 0.0.0.0 in your MySQL config file (my.cnf).

(为此,请确保您的MySQL配置文件(my.cnf)中具有bind-address = 172.17.42.1bind-address = 0.0.0.0 。)

If you need to set an environment variable with the IP address of the gateway, you can run the following code in a container :

(如果您需要使用网关的IP地址设置环境变量,则可以在容器中运行以下代码:)

export DOCKER_HOST_IP=$(route -n | awk '/UG[ ]/{print $2}')

then in your application, use the DOCKER_HOST_IP environment variable to open the connection to MySQL.

(然后在您的应用程序中,使用DOCKER_HOST_IP环境变量打开与MySQL的连接。)

Note: if you use bind-address = 0.0.0.0 your MySQL server will listen for connections on all network interfaces.

(注意:如果使用bind-address = 0.0.0.0 MySQL服务器将侦听所有网络接口上的连接。)

That means your MySQL server could be reached from the Internet ;

(这意味着您可以从Internet访问MySQL服务器。)

make sure to setup firewall rules accordingly.

(确保相应地设置防火墙规则。)

Note 2: if you use bind-address = 172.17.42.1 your MySQL server won't listen for connections made to 127.0.0.1 .

(注意2:如果您使用bind-address = 172.17.42.1您的MySQL服务器将不会监听与127.0.0.1建立的连接。)

Processes running on the docker host that would want to connec

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...