How to solve the problem that docker cannot access the host inside-Docker-php.cn

Home

Operation and Maintenance

Docker

How to solve the problem that docker cannot access the host inside

Jun 09, 2020 pm 04:30 PM

docker

How to solve the problem that docker cannot access the host inside

When the firewall is turned on, the host service cannot be accessed inside the docker container (services that can access other LAN computers other than the host). Solution:

1. 配置防火墙规则firewall-cmd --zone=public --add-port={port}/tcp --permanent，并重载防火墙规则firewall-cmd --reload
2. 启动容器时使用--net host模式
3. 关闭防火墙

Copy after login

_Supplement: Since the source address requested in the container is the internal network address of the docker0 network segment used, the host firewall cannot identify the request for the internal network address of the docker0 network segment that is not the host network segment and marks it. The source is unknown, so the request is intercepted. It can be solved by adding firewall source rules (the default intranet segment of the docker container is 172.17.0.0/16):

<rule family="ipv4">
<source address="172.17.0.0/16" />
<accept /></rule>

Copy after login

or directly changing the firewall open port rules. That is to solve the first point in the solution. Of course, for the sake of convenience, especially when the number of services is particularly large and the ports change quickly, in order to reduce maintenance costs, it is recommended to use the second or third point while ensuring the security of the server. Solution

This is also a common pitfall when deploying microservice docker containers. Service A accesses service B. When services A and B are located on the same host at the same time, they cannot access it. When the services are located on different hosts, access is normal. The case is as follows:

同一宿主机微服务之间通信异常的血案：
微服务A能够正常请求AR
微服务B能够正常请求BR
但是微服务A某请求OR，内部访问BR，始终无法调用成功
原因：
    centos的firewalld为开启状态时，微服务A内部发起请求时，请求无法从容器发出，即出现了调用不成功的情况（No route to host）
矛盾点：
    spring cloud config 启动缓慢导致在测试的时候config服务启动后的一段时间内无法访问，让我们误以为关闭firewalld后无法接收请求，但又和其他服务又能正常访问出现了矛盾
验证：
    docker创建四个nginx（8120、8787、8083、8084）容器，并创建ubuntu容器安装curl。
    开启iptables，关闭firewalld，重启docker，启动五个容器，外部四个nginx访问成功，进入ubuntu容器使用curl访问，均成功
    开启iptables，开启firewalld，重启docker，启动五个容器，外部四个nginx访问成功，进入ubuntu容器使用curl访问，均不成功
    开启iptables，开启firewalld，重启docker，启动五个容器，外部四个nginx访问成功，宿主机配置firewall-cmd --zone=public --add-port=8120/tcp --permanent，进入ubuntu容器使用curl访问，8120访问，其他均不成功
    宿主机配置端口使用iptables转发规则配置无效：
        iptables -A INPUT -p tcp --dport 8120 -j ACCEPT
        iptables -A OUTPUT -p tcp --dport 8120 -j ACCEPT
        iptables -A FORWARD -p tcp --dport 8120 -j ACCEPT
结论：
    无论firewalld开启还是关闭，均不影响外部访问，宿主机需配置firewall-cmd --zone=public --add-port=8120/tcp --permanent（删除端口去掉--zone=public）同一宿主机才能相互访问成功
生产解决方案：
    开启iptables，关闭firewalld
    开启iptables，开启firewalld并配置开放端口
    （开启或关闭firewalld后，需要重启docker）
iptables->ufw(ubuntu)iptables->firewalld(centos)

Copy after login

Related recommendations: docker tutorial

The above is the detailed content of How to solve the problem that docker cannot access the host inside. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7576

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

111

Related knowledge

How to update the image of docker Apr 15, 2025 pm 12:03 PM

The steps to update a Docker image are as follows: Pull the latest image tag New image Delete the old image for a specific tag (optional) Restart the container (if needed)

How to use docker desktop Apr 15, 2025 am 11:45 AM

How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).

How to create a mirror in docker Apr 15, 2025 am 11:27 AM

Steps to create a Docker image: Write a Dockerfile that contains the build instructions. Build the image in the terminal, using the docker build command. Tag the image and assign names and tags using the docker tag command.

How to exit the container by docker Apr 15, 2025 pm 12:15 PM

Four ways to exit Docker container: Use Ctrl D in the container terminal Enter exit command in the container terminal Use docker stop <container_name> Command Use docker kill <container_name> command in the host terminal (force exit)

What to do if the docker image fails Apr 15, 2025 am 11:21 AM

Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.

How to save docker image Apr 15, 2025 am 11:54 AM

To save the image in Docker, you can use the docker commit command to create a new image, containing the current state of the specified container, syntax: docker commit [Options] Container ID Image name. To save the image to the repository, you can use the docker push command, syntax: docker push image name [: tag]. To import saved images, you can use the docker pull command, syntax: docker pull image name [: tag].

How to copy files in docker to outside Apr 15, 2025 pm 12:12 PM

Methods for copying files to external hosts in Docker: Use the docker cp command: Execute docker cp [Options] <Container Path> <Host Path>. Using data volumes: Create a directory on the host, and use the -v parameter to mount the directory into the container when creating the container to achieve bidirectional file synchronization.

How to check the name of the docker container Apr 15, 2025 pm 12:21 PM

You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).

See all articles