Network access of docker

Posted by sankaty on Thu, 17 Feb 2022 23:28:01 +0100

 

catalogue

1. Configure IP

2. Start service

3. Service maintenance

In the previous initial experience of docker, I have tried to use it Port mapping access nginx , one network card can be configured with multiple IP addresses. Use ifconfig to configure IP addresses. Be sure to note that the IP addresses here cannot conflict. You can use ping ip. If the target IP of the same network segment cannot be pinged, it means it is available.

1. Configure IP

[root@localhost opt]# ifconfig ens33:1 192.168.0.101/24 up
[root@localhost opt]# ifconfig

 

In this way, two ip addresses are configured. Can I log in?

ssh root@192.168.0.101

 

In this way, the host has two ip addresses. After using ifconfig, there are 192.168.0.100 and 192.168.0.101 ip addresses under ens33.

2. Start service

[root@localhost opt]# docker run -d -p 192.168.0.100:80:80 nginx:latest
e2e1a5cbc8334d85acf1e8aa9da670dedbb96bb8fcc3ff7b338c5c63ab11eb91
[root@localhost opt]# docker run -d -p 192.168.0.101:80:80 nginx:latest
6ee5b735e75282d0f444ea54f7417bc3bfb3ff38cb0524e784f62a2f6d62a7ce

After startup, use the docker command to view

[root@localhost opt]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS                      NAMES
6ee5b735e752   nginx:latest   "/docker-entrypoint...."   2 minutes ago   Up 2 minutes   192.168.0.101:80->80/tcp   frosty_beaver
e2e1a5cbc833   nginx:latest   "/docker-entrypoint...."   4 minutes ago   Up 2 minutes   192.168.0.100:80->80/tcp   jovial_raman
[root@localhost opt]# netstat -lntup

If the ip address is not written when mapping the port, the default ip address is used

[root@localhost opt]# docker run -d -p 81:80 nginx:latest

After that, it is equivalent to visiting one website when visiting 100 and another website when visiting 101

3. Service maintenance

[root@localhost opt]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS         PORTS                               NAMES
c2c9273e9484   nginx:latest   "/docker-entrypoint...."   2 minutes ago    Up 2 minutes   0.0.0.0:81->80/tcp, :::81->80/tcp   mystifying_feistel
6ee5b735e752   nginx:latest   "/docker-entrypoint...."   9 minutes ago    Up 9 minutes   192.168.0.101:80->80/tcp            frosty_beaver
e2e1a5cbc833   nginx:latest   "/docker-entrypoint...."   10 minutes ago   Up 9 minutes   192.168.0.100:80->80/tcp            jovial_raman

In this way, there are three containers. Enter one container and modify the home page information of the modifier

[root@localhost opt]# docker exec -it 6ee5b735e752 /bin/bash
root@6ee5b735e752:/# echo '101:80'>/usr/share/nginx/html/index.html

Visit 192.168.0.101 again

Of course, other commands can also be used for mapping

-p hostPort:containerPott
-p ip:honstPort:containerPort  Multiple containers want to use port 80
-p ip::containerPort(Random port)
-p hostPort:containerPort:udp use udp agreement
-p 192.168.0.104::53:udp 104 using host ip Address random port udp Protocol mapping to container udp Port 53 of the protocol
-p 81:80 -p 443:443 Specify multiple port

Random mapping-Random port
docker run -P nginx:latest

The previous two have been introduced. Now let's see how to use random ports. First use the netstat command to check the current network information

[root@localhost opt]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1749/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1194/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1193/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1411/master         
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      7574/sshd: root@pts 
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN      27560/sshd: root@pt 
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      779/rpcbind         
tcp        0      0 192.168.0.101:80        0.0.0.0:*               LISTEN      7818/docker-proxy   
tcp        0      0 192.168.0.100:80        0.0.0.0:*               LISTEN      7688/docker-proxy   
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN      7999/docker-proxy   
tcp6       0      0 :::22                   :::*                    LISTEN      1194/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1193/cupsd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      1411/master         
tcp6       0      0 ::1:6010                :::*                    LISTEN      7574/sshd: root@pts 
tcp6       0      0 ::1:6011                :::*                    LISTEN      27560/sshd: root@pt 
tcp6       0      0 :::111                  :::*                    LISTEN      779/rpcbind         
tcp6       0      0 :::81                   :::*                    LISTEN      8007/docker-proxy   
udp        0      0 0.0.0.0:917             0.0.0.0:*                           779/rpcbind         
udp        0      0 192.168.122.1:53        0.0.0.0:*                           1749/dnsmasq        
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1749/dnsmasq        
udp        0      0 0.0.0.0:111             0.0.0.0:*                           779/rpcbind         
udp        0      0 0.0.0.0:32973           0.0.0.0:*                           772/avahi-daemon: r 
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           772/avahi-daemon: r 
udp6       0      0 :::917                  :::*                                779/rpcbind         
udp6       0      0 :::111                  :::*                                779/rpcbind   

Observe the above ip address and port information, and then use the following command to execute it twice in a row

[root@localhost opt]# docker run -d -p 192.168.0.101::80 nginx:latest
3a885ede52674ad84570573ac9cb7f4182c809bfa9fd39b4c6ae4ff7a6026dc6
[root@localhost opt]# docker run -d -p 192.168.0.101::80 nginx:latest
738b4313c4f779212547a19a1a7ed231133e71d6ecd08b6f59faf90d0ccd304d

Using netstat again, you can find that there are two more ports, 49153 and 49154. Why is this port

This is determined by kernel parameters. Use sysctl to filter network information

[root@localhost opt]# 
[root@localhost opt]# sysctl -a|grep ipv4|grep rang
net.ipv4.ip_local_port_range = 32768	60999
sysctl: reading key "net.ipv6.conf.all.stable_secret"

Ports range from 32768 to 60999. What is the application of this? For example, when users visit the web server, for example, when using nginx reverse proxy, we know that users can open multiple web pages.

Therefore, if you don't use the tuning technology, you can only use three access requests. After tuning, for example, it can be adjusted to 10000-60999, and almost more than 50000 can't be broken through. Therefore, you can use multiple load balancing (for example, using four-tier load balancing, such as lvs) to connect to the web service cluster.

 

Topics: Docker Nginx