将 Redis 容器与另一个容器 (Docker) 连接 [英] Connecting a Redis container with another container (Docker)

问题描述

所以，我正在做一个项目，其中有两个 Docker 容器，一个用于主应用程序，一个用于 Redis(顺便说一句，使用 docker compose).当然，我想连接两者并尝试默认绑定设置，但是由于它们位于两个不同的容器中，应用程序当然无法连接到数据库.然后我在阅读了 this<后选择了 0.0.0.0/a>.但是，我还是想问问有没有办法将Redis绑定到我的本地网络，这样只有在它内部运行的机器才能连接.

So, I'm doing a project where I have two Docker containers, one for the main app and one for Redis (using docker compose btw). Naturally I wanted to connect both and tried the default bind setting, but of course the app couldn't connect to the db due to them being in two different containers. Then I just went with 0.0.0.0 after reading this. However, I still feel like asking if there's a way to bind Redis to my local network, so that only machines running inside it would be able to connect.

这并不是我真正想要的.也许合并类似这个?

This isn't really what I want. Maybe incorporate something like this?

对于如何让 Redis 只接受来自其他容器的连接(由 Docker Compose 链接)或将 Redis 绑定到 0.0.0.0 并使用强大的安全措施是唯一的方法，有没有人有好的解决方案?

Does anyone have a good solution to how I could make Redis only accept connections from the other container (linked by Docker Compose) or binding Redis to 0.0.0.0 and using strong security measures is the only way?

提前致谢！

推荐答案

很容易让 Docker 托管的服务只能被同一主机上的其他容器访问.如果您:

It’s easy to make a Docker-hosted service only accessible to other containers on the same host. If you:

1. 将服务器设置为绑定或侦听 0.0.0.0 或 ::0(所有地址)；
2. 创建一个非默认的 Docker 网络(Docker Compose 会自动执行此操作)；
3. 在该 Docker 网络上启动服务器容器和任何关联的客户端容器(Docker Compose 将默认执行此操作)；和
4. 不要不要设置 docker run -p 或 Docker Compose ports: 选项

1. Set the server to bind to or listen on 0.0.0.0 or ::0 (all addresses);
2. Create a non-default Docker network (Docker Compose will do this automatically);
3. Launch the server container and any associated client containers on that Docker network (Docker Compose will do this by default); and
4. Do not set a docker run -p or Docker Compose ports: option

那么客户端容器可以使用其容器名称作为主机名访问服务器容器，但主机和其他主机上的非 Docker 进程无法访问服务器.

then the client containers can reach the server container using its container name as a host name, but non-Docker processes on the host and other hosts can’t reach the server.

如果您的主机有多个网络接口并且绑定到其中之一将使服务成为私有"服务，那么您可以使用 docker run -p 做同样的事情.如果您的主机具有公共 IP 地址 10.20.30.40/16 和私有 IP 地址 192.168.144.128/24，则 docker run -p 192.168.144.128:6379:6379 将使其可用于私有网络(以及上述其他 Docker 容器)但不是公共网络.(服务器本身，在容器内部，仍然需要绑定到 0.0.0.0.)

If your host has multiple network interfaces and binding to one of those would make a service "private" then you can do the same thing with docker run -p. If your host has public IP address 10.20.30.40/16 and also private IP address 192.168.144.128/24, then docker run -p 192.168.144.128:6379:6379 will make it available to the private network (and other Docker containers as above) but not the public network. (The server itself, inside the container, still needs to bind to 0.0.0.0.)

如果您需要服务器在主机外可见，但仅对某些 IP 地址可见，我认为您只能使用 Docker 非原生的 iptables 魔法.

If you otherwise need the server to be visible off-host, but only to some IP addresses, I think you’re down to iptables magic that’s not native to Docker.

这篇关于将 Redis 容器与另一个容器 (Docker) 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！