在活的Docker容器上露出一个端口 [英] Exposing a port on a live Docker container

问题描述

我正在尝试创建一个像Full-on虚拟机一样的Docker容器。我知道我可以使用Dockerfile中的EXPOSE指令来公开一个端口，我可以使用 -p 标志与 docker run 分配端口，但一旦一个容器实际运行，是否有命令打开/映射附加端口？

I'm trying to create a Docker container that acts like a full-on virtual machine. I know I can use the EXPOSE instruction inside a Dockerfile to expose a port, and I can use the -p flag with docker run to assign ports, but once a container is actually running, is there a command to open/map additional ports live?

例如，假设我有一个运行sshd的Docker容器。有人使用容器ssh的并安装httpd。有没有办法公开容器上的端口80，并将其映射到主机端口8080，以便人们可以访问容器中运行的Web服务器，而不重新启动它？

For example, let's say I have a Docker container that is running sshd. Someone else using the container ssh's in and installs httpd. Is there a way to expose port 80 on the container and map it to port 8080 on the host, so that people can visit the web server running in the container, without restarting it?

推荐答案

您不能通过Docker来执行此操作，但您可以从主机访问容器的未暴露端口。

You cannot do this via Docker, but you can access the container's un-exposed port from the host machine.

如果你有一个容器，它的端口8000上运行的东西，你可以运行

if you have a container that with something running on its port 8000, you can run

wget http://container_ip:8000

要获取容器的IP地址，请运行以下两个命令：

To get the container´s ip address, run the 2 commands:

docker ps

docker inspect container_name | grep IPAddress

在内部，Docker在运行映像时调用iptables，所以也许有一些变化这将工作。

Internally, Docker shells out to call iptables when you run an image, so maybe some variation on this will work.

在本地主机端口8001上公开容器的端口8000：

to expose the container's port 8000 on your localhosts port 8001:

 iptables -t nat -A  DOCKER -p tcp --dport 8001 -j DNAT --to-destination 172.17.0.19:8000

您可以使用一种方法来实现，就是使用所需的端口映射来设置另一个容器，并比较 iptables-save 命令的输出（尽管，我不得不删除一些其他选项，通过docker代理强制流量。）

One way you can work this out, is to setup another container with the port mapping you want, and compare the output of the iptables-save command (though, I had to remove some of the other options that force traffic to go via the docker proxy).

注意：这是颠覆泊坞窗，所以应该完成意识到它可能会产生蓝色烟雾

或

另一个替代方案是看看（新的？后0.6.6？）-P选项 - 将使用随机的主机端口，然后连线。

Another alternative, is to look the (new? post 0.6.6?) -P option - which will use random host ports, and then wire those up.

或

与0.6.5，您可以使用LINKs功能来提出一个新的容器，与现有的容器进行通话，另外还有一些中继到该容器的-p标志？ （我还没有使用LINK）

with 0.6.5, you could use the LINKs feature to bring up a new container that talks to the existing one, with some additional relaying to that container´s -p flags? (I have not used LINKs yet)

或

与docker 0.11？您可以使用 docker run --net host .. 将您的容器直接附加到主机的网络接口（即，网络不是名称间隔），因此所有

with docker 0.11? you can use docker run --net host .. to attach your container directly to the host's network interfaces (ie, net is not name-spaced) and thus all ports you open in the container are exposed.

这篇关于在活的Docker容器上露出一个端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！