使用Traefik的Docker容器内部与外部DNS解析问题 [英] Docker container internal vs external dns resolution issue using Traefik
问题描述
Docker 18.06.1-ce,traefik 1.7.3,dnsmasq,Mac 10.14
Docker 18.06.1-ce, traefik 1.7.3, dnsmasq, Mac 10.14
我使用Traefik进行了docker-compose设置,需要从docker网络/容器内部以及外部访问几种服务.
I have docker-compose setup with Traefik and need to access several services from inside the docker network/containers and externally.
在linux机器上(通过Let'sEncrypt和http重定向到https),一切都使用相同的FQDN进行Docker容器内部和外部访问,而我不必使用服务名称.
On a linux box (with Let'sEncrypt and http redirected to https), everything works using the same FQDN for both docker container internal and external access, and I don't have to use the service names.
当我使用docker-compose exec belapi/bin/bash从管道容器内部运行curl http://belapi.dev.biodati.test时,出现以下错误(并且在Traefik访问日志中未显示该错误):
When I run curl http://belapi.dev.biodati.test from inside the pipeline container using docker-compose exec belapi /bin/bash I get the following error (and I don't see it showing up in the Traefik access logs):
api@407cf7105aee:/app$ curl http://belapi.dev.biodati.test/status
curl: (7) Failed to connect to belapi.dev.biodati.test port 80: Connection refused
这很好(使用服务名):
This works fine (using the servicename):
curl http://belapi:8000/status
我还可以在docker容器外部的Mac上的bash shell中运行以下命令(并且我看到它击中了Traefik访问日志):
I can also run the following fine from a bash shell on my Mac outside the docker containers (and I see it hitting the Traefik access logs):
curl http://belapi.dev.biodati.test/status
我有dnsmasq设置,可以将所有* .test域转发到127.0.0.1.
I have dnsmasq setup to forward all *.test domains to 127.0.0.1.
从管道容器内部:
dig belapi.dev.biodati.test
;; QUESTION SECTION:
;belapi.dev.biodati.test. IN A
;; ANSWER SECTION:
belapi.dev.biodati.test. 7 IN A 127.0.0.1
我的docker-compose文件:
My docker-compose file:
networks:
biodati:
external: true
services:
pipeline:
container_name: pipeline
image: biodati/bel_pipeline:dev
networks:
biodati:
traefik:
image: traefik:1.7
container_name: traefik
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./conf/traefik.toml:/traefik.toml
- ./logs:/logs
networks:
biodati:
labels:
- traefik.enable=true
- traefik.backend=traefik
- traefik.frontend.rule=Host:traefik.${BS_HOST_NAME:?err}
- traefik.port=8080
- traefik.docker.network=biodati
# BEL API - core requirement
belapi:
container_name: belapi
image: belbio/bel_api:localdev
networks:
biodati:
labels:
- traefik.enable=true
- traefik.backend=belapi
- traefik.frontend.rule=Host:belapi.${BS_HOST_NAME:?err};
- traefik.port=8000
- traefik.docker.network=biodati
推荐答案
For full details on how to solve this: https://medium.com/@williamhayes/local-dev-on-docker-fun-with-dns-85ca7d701f0a
基本上-DNSMasq运行良好,Mac Docker Desktop DNS映射运行良好.我可以查询我的服务域名(例如service1.test)dig service1.test1并返回127.0.0.1,这正是我在DNSMasq中设置的.因此,我的域名为我的主机返回了正确的IP地址.除了-我是在容器中放入它的-所以127.0.0.1是指我的容器环境.
Basically - DNSMasq was working great, Mac Docker Desktop DNS mapping was working great. I could query for my service domain name (e.g. service1.test) dig service1.test1 and get back 127.0.0.1 which is exactly what I set up in DNSMasq. So my domain name was returning the correct IP address for my host. Except - I was getting this inside my container - so 127.0.0.1 was referring to my container environment.
在终端的Mac主机级别上运行以下命令:
Running the following command on the Mac host level in a terminal:
sudo ifconfig lo0 alias 10.254.254.254
为我可以在DNSMasq中使用的127.0.0.1添加了一个别名,而不是127.0.0.1的别名,该别名仍会映射到我的本地主机,但是它也可以用于从docker容器进行路由.
added an alias for 127.0.0.1 that I could use in DNSMasq instead of 127.0.0.1 that would still map to my localhost but it would also work for routing from my docker containers.
现在,我可以在Mac上使用本地域在Docker中进行本地开发,并通过主机和容器间请求从我的容器访问容器.
Now I can use local domains on my Mac for local development in Docker and get to my containers from my host AND via inter-container requests.
这篇关于使用Traefik的Docker容器内部与外部DNS解析问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
