我的主机上如何将本地主机端口转发到本地主机? [英] How can I forward localhost port on my container to localhost on my host?
问题描述
现在我将我的代码集中起来,但还没有守护进程。
如何将本地容器上的localhost:8008转发到运行该容器的主机(以及守护程序)上的本地主机:8008。
以下是主机上的 netstat -tlnp
。我希望容器将本地主机:2009转移到主机上的localhost:2009
Proto Recv-Q Send-Q本地地址外部地址状态PID /程序名称
tcp 0 0 127.0.0.1:2009 0.0.0.0:* LISTEN 22547 / ssh
tcp6 0 0 ::: 22 ::: * LISTEN -
tcp6 0 0 :: 1:2009 ::: * LISTEN 22547 / ssh
-p xxxx:yyyy
在您的 docker运行
命令)或隐式(在您的Docker文件中使用 EXPOSE
,并在命令行中使用 -P
),就像这里说。如果您的Docker文件不包含 EXPOSE 8008
,或者您没有指定 - 在您的<$ c $中公开8008
c> docker运行命令,您的容器不能与外界通话,即使您使用 -p 8008:8008
在您的 docker运行
命令! 所以要在tcp / 8008上连接tcp / 8008在容器上,您的Dockerfile(然后 c> docker build 您的容器)需要 EXPOSE 8008
OR - 在您的
。此外,您需要使用 docker运行命令
中公开8008 -P
隐式或 -p 8008:8008
来显式链接该暴露的容器端口到主机端口。一个例子 docker运行
命令可能如下所示:
docker run -it --expose 8008 -p 8008:8008 myContainer
可以记住,在$ code = 8008:8008 命令行选项,此操作的顺序为 -p HOST_PORT:CONTAINER_PORT
。此外,不要忘记,除非您在主机上的iptables 中还禁止此端口,否则您将无法从互联网上的另一台机器SSH进入您的容器。我总是忘记这一点,浪费了半个小时,之前我记得我忘记了在主机上的特定tcp端口的 iptables -A INPUT ...
。但是,您应该能够从主机SSH到没有iptables规则的容器,因为它使用环回本地连接。祝你好运!
I have a daemon on my host running on some port (i.e. 8008) and my code normally interacts with the daemon by contacting localhost:8008 for instance.
I've now containerized my code but not yet the daemon. How can I forward the localhost:8008 on my container to localhost:8008 on the host running the container (and therefore the daemon as well).
The following is netstat -tlnp
on my host. I'd like the container to forward localhost:2009 to localhost:2009 on the host
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2009 0.0.0.0:* LISTEN 22547/ssh
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:2009 :::* LISTEN 22547/ssh
So the way you need to think about this is that Docker containers have their own network stack (unless you explicitly tell it to share the host's stack with --net=host
). This means ports need to be exposed both inside the docker container and also on the outside (documentation), when linked with host ports. The ports exposed on the container need to be bound to the host ports explicitly (with -p xxxx:yyyy
in your docker run
command) or implicitly (using EXPOSE
in your Dockerfile and using -P
on the command line), like it says here. If your Dockerfile does not contain EXPOSE 8008
, or you do not specify --expose 8008
in your docker run
command, your container can't talk to the outside world, even if you then use -p 8008:8008
in your docker run
command!
So to get tcp/8008 on the host linked with tcp/8008 on the container, you need EXPOSE 8008
inside your Dockerfile (and then docker build
your container) OR --expose 8008
in your docker run command
. In addition, you need to either use -P
to implicitly or -p 8008:8008
to explicitly link that exposed container port to the host port. An example docker run
command to do this might look like:
docker run -it --expose 8008 -p 8008:8008 myContainer
It's handy to remember that in the -p 8008:8008
command line option, the order for this operation is -p HOST_PORT:CONTAINER_PORT
. Also, don't forget that you won't be able to SSH into your container from another machine on the internet unless you also have this port unblocked in iptables on the host. I always end up forgetting about that and waste half an hour before I remember I forgot to iptables -A INPUT ...
for that specific tcp port on the host machine. But you should be able to SSH from your host into the container without the iptables rule, since it uses loopback for local connections. Good luck!
这篇关于我的主机上如何将本地主机端口转发到本地主机?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!