无法仅从本地主机访问来自外部计算机的公开暴露的Docker容器端口? [英] Can't access publicly exposed Docker container port from external machine, only from localhost?

问题描述

我有一个在我的Ubuntu Linux 14.04计算机上运行的Docker容器，该容器公开地公开了端口:

I have a Docker container running on my Ubuntu Linux 14.04 machine that exposes a port publicly:

docker run --name spacyapi -d -p 127.0.0.1:7091:7091 jgontrum/spacyapi:en

我可以针对容器中的服务器连接并执行命令，而不会出现本地计算机的问题.例如:

I can connect and execute commands against the server in the container without problem from the local machine. For example:

curl http://localhost:7091/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST

命令如实执行.但是，如果我从外部计算机尝试相同的CURL命令，则会收到连接被拒绝"错误:

The command executes faithfully. However, if I try the same CURL command from an external machine I get a "connection refused" error:

curl http://192.5.169.50:5000/api --header 'content-type: application/json' --data '{"text": "This is a test."}' -X POST
curl: (7) Failed to connect to 192.5.169.50 port 7091: Connection refused

其中192.5.169.50是运行Docker容器的盒子的IP地址.

Where 192.5.169.50 is the IP address of the box running the Docker container.

我认为我不需要任何iptables规则，因为我不需要为在同一盒上运行的Node.JS服务器进行任何设置.我本地网络上的所有其他计算机都可以正常访问Node.JS服务器.但不是Docker容器充当服务器.

I don't think I need any iptables rules because I didn't need to set any up for the Node.JS server running on the same box. All the other computers on my local network can access the Node.JS server just fine. But not the Docker container acting as a server.

我该如何解决?

推荐答案

您没有使用以下标志公开发布您的端口:

You didn't publicly publish your port with this flag:

-p 127.0.0.1:7091:7091

该标志表示要在主机127.0.0.1接口(本地主机)上将端口7091发布到容器端口7091.到达该端口的唯一方法是在主机上并连接到回送接口.

That flag says to publish on the host 127.0.0.1 interface (localhost), port 7091 to the containers port 7091. The only way to reach that port is to be on the host and connect to the loopback interface.

要公开发布端口，请从该标志中删除IP:

To publicly publish the port, remove the IP from that flag:

-p 7091:7091

或通过以下方式显式发布到所有接口:

or explicitly publish to all interfaces with:

-p 0.0.0.0:7091:7091

后一种格式与第一种格式相同，只要您没有用dockerd --ip x.x.x.x覆盖docker守护程序设置或未在/etc/docker/daemon.json文件中设置ip值即可.

The latter format is identical to the first one as long as you haven't overridden your docker daemon settings with dockerd --ip x.x.x.x or setting the ip value in your /etc/docker/daemon.json file.

这篇关于无法仅从本地主机访问来自外部计算机的公开暴露的Docker容器端口?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！