Network access of docker

Posted by sankaty on Thu, 17 Feb 2022 23:28:01 +0100



1. Configure IP

2. Start service

3. Service maintenance

In the previous initial experience of docker, I have tried to use it Port mapping access nginx , one network card can be configured with multiple IP addresses. Use ifconfig to configure IP addresses. Be sure to note that the IP addresses here cannot conflict. You can use ping ip. If the target IP of the same network segment cannot be pinged, it means it is available.

1. Configure IP

[root@localhost opt]# ifconfig ens33:1 up
[root@localhost opt]# ifconfig


In this way, two ip addresses are configured. Can I log in?

ssh root@


In this way, the host has two ip addresses. After using ifconfig, there are and ip addresses under ens33.

2. Start service

[root@localhost opt]# docker run -d -p nginx:latest
[root@localhost opt]# docker run -d -p nginx:latest

After startup, use the docker command to view

[root@localhost opt]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS                      NAMES
6ee5b735e752   nginx:latest   "/docker-entrypoint...."   2 minutes ago   Up 2 minutes>80/tcp   frosty_beaver
e2e1a5cbc833   nginx:latest   "/docker-entrypoint...."   4 minutes ago   Up 2 minutes>80/tcp   jovial_raman
[root@localhost opt]# netstat -lntup

If the ip address is not written when mapping the port, the default ip address is used

[root@localhost opt]# docker run -d -p 81:80 nginx:latest

After that, it is equivalent to visiting one website when visiting 100 and another website when visiting 101

3. Service maintenance

[root@localhost opt]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS         PORTS                               NAMES
c2c9273e9484   nginx:latest   "/docker-entrypoint...."   2 minutes ago    Up 2 minutes>80/tcp, :::81->80/tcp   mystifying_feistel
6ee5b735e752   nginx:latest   "/docker-entrypoint...."   9 minutes ago    Up 9 minutes>80/tcp            frosty_beaver
e2e1a5cbc833   nginx:latest   "/docker-entrypoint...."   10 minutes ago   Up 9 minutes>80/tcp            jovial_raman

In this way, there are three containers. Enter one container and modify the home page information of the modifier

[root@localhost opt]# docker exec -it 6ee5b735e752 /bin/bash
root@6ee5b735e752:/# echo '101:80'>/usr/share/nginx/html/index.html

Visit again

Of course, other commands can also be used for mapping

-p hostPort:containerPott
-p ip:honstPort:containerPort  Multiple containers want to use port 80
-p ip::containerPort(Random port)
-p hostPort:containerPort:udp use udp agreement
-p 104 using host ip Address random port udp Protocol mapping to container udp Port 53 of the protocol
-p 81:80 -p 443:443 Specify multiple port

Random mapping-Random port
docker run -P nginx:latest

The previous two have been introduced. Now let's see how to use random ports. First use the netstat command to check the current network information

[root@localhost opt]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0*               LISTEN      1749/dnsmasq        
tcp        0      0    *               LISTEN      1194/sshd           
tcp        0      0 *               LISTEN      1193/cupsd          
tcp        0      0  *               LISTEN      1411/master         
tcp        0      0*               LISTEN      7574/sshd: root@pts 
tcp        0      0*               LISTEN      27560/sshd: root@pt 
tcp        0      0   *               LISTEN      779/rpcbind         
tcp        0      0*               LISTEN      7818/docker-proxy   
tcp        0      0*               LISTEN      7688/docker-proxy   
tcp        0      0    *               LISTEN      7999/docker-proxy   
tcp6       0      0 :::22                   :::*                    LISTEN      1194/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1193/cupsd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      1411/master         
tcp6       0      0 ::1:6010                :::*                    LISTEN      7574/sshd: root@pts 
tcp6       0      0 ::1:6011                :::*                    LISTEN      27560/sshd: root@pt 
tcp6       0      0 :::111                  :::*                    LISTEN      779/rpcbind         
tcp6       0      0 :::81                   :::*                    LISTEN      8007/docker-proxy   
udp        0      0   *                           779/rpcbind         
udp        0      0*                           1749/dnsmasq        
udp        0      0    *                           1749/dnsmasq        
udp        0      0   *                           779/rpcbind         
udp        0      0 *                           772/avahi-daemon: r 
udp        0      0  *                           772/avahi-daemon: r 
udp6       0      0 :::917                  :::*                                779/rpcbind         
udp6       0      0 :::111                  :::*                                779/rpcbind   

Observe the above ip address and port information, and then use the following command to execute it twice in a row

[root@localhost opt]# docker run -d -p nginx:latest
[root@localhost opt]# docker run -d -p nginx:latest

Using netstat again, you can find that there are two more ports, 49153 and 49154. Why is this port

This is determined by kernel parameters. Use sysctl to filter network information

[root@localhost opt]# 
[root@localhost opt]# sysctl -a|grep ipv4|grep rang
net.ipv4.ip_local_port_range = 32768	60999
sysctl: reading key "net.ipv6.conf.all.stable_secret"

Ports range from 32768 to 60999. What is the application of this? For example, when users visit the web server, for example, when using nginx reverse proxy, we know that users can open multiple web pages.

Therefore, if you don't use the tuning technology, you can only use three access requests. After tuning, for example, it can be adjusted to 10000-60999, and almost more than 50000 can't be broken through. Therefore, you can use multiple load balancing (for example, using four-tier load balancing, such as lvs) to connect to the web service cluster.


Topics: Docker Nginx