如何公开绑定到localhost的docker容器中运行的服务 [英] How to expose a service running inside a docker container, bound to localhost
问题描述
我有一个服务在docker-container内部运行,默认情况下仅绑定到本地主机。
I have a service running inside a docker-container, which by default only binds to localhost.
我可以重新配置/重新编程该服务以绑定到所有接口,但这在其他情况下可能会带来安全隐患。有什么方法可以在Docker容器中公开绑定到localhost的服务吗?
I could reconfigure / reprogram this service to bind to all interfaces, but this might have security implications in other contexts. Is there any way to expose a service bound to localhost inside a docker container?
推荐答案
我最终在docker容器内使用了socat,以代理进来的相关端口号上的所有tcp连接
I ended up using socat inside the docker container, to proxy any tcp connections on the relevant port-number coming in on the public interface, to the private interface.
例如,可以将其添加到docker-container运行脚本中,以将localhost:3000上绑定的服务代理到: 3000,可以像其他任何服务一样进行曝光和链接。确保将socat安装在容器内。
For example, this can be added to the docker-container run-script to proxy a service bound on localhost:3000 to the :3000, where it can be EXPOSED and --linked like any other service. Make sure to install socat inside the container.
socat TCP4-LISTEN:3000,bind =`hostname -I | tr -d‘[:space:]’`,fork TCP4:localhost:3000&
请注意;我正在使用 hostname -I | tr -d’[:space:]’
查找docker容器的ip。由于通常docker容器只有一个公共ip,因此效果很好。
Please note; I am using hostname -I | tr -d '[:space:]'
to discover the ip of the docker container. Since normally docker containers have only one public ip, this works well.
这篇关于如何公开绑定到localhost的docker容器中运行的服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!