本文翻译自:From inside of a Docker container, how do I connect to the localhost of the machine?
So I have a Nginx running inside a docker container, I have a mysql running on localhost, I want to connect to the MySql from within my Nginx. 所以我有一个Nginx在docker容器中运行,我有一个mysql在本地主机上运行,我想从我的Nginx内部连接到MySql。 The MySql is running on localhost and not exposing a port to the outside world, so its bound on localhost, not bound on the ip address of the machine. MySql在localhost上运行,并且没有将端口暴露给外界,因此它绑定在localhost上,而不绑定在计算机的IP地址上。
Is there any way to connect to this MySql or any other program on localhost from within this docker container? 有什么方法可以从此Docker容器中连接到此MySql或localhost上的任何其他程序吗?
This question is different from "How to get the IP address of the docker host from inside a docker container" due to the fact that the IP address of the docker host could be the public IP or the private IP in the network which may or may not be reachable from within the docker container (I mean public IP if hosted at AWS or something). 此问题与“如何从Docker容器内部获取Docker主机的IP地址”不同,这是因为Docker主机的IP地址可以是网络中的公共IP或私有IP,这可能是也可能是无法从docker容器中访问(我的意思是公共IP,如果托管在AWS或其他地方)。 Even if you have the IP address of the docker host it does not mean you can connect to docker host from within the container given that IP address as your Docker network may be overlay, host, bridge, macvlan, none etc which restricts the reachability of that IP address. 即使您具有Docker主机的IP地址,也并不意味着您可以从容器内部连接到Docker主机,因为IP地址可能会覆盖您的Docker网络,主机,网桥,macvlan等,从而限制Docker的可达性该IP地址。
#1楼
参考:https://stackoom.com/question/1e2ec/如何从Docker容器内部连接到计算机的本地主机
#2楼
Edit: If you are using Docker-for-mac or Docker-for-Windows 18.03+, just connect to your mysql service using the host host.docker.internal . 编辑:如果您正在使用Docker-for-mac或Docker-for-Windows 18.03+,只需使用主机host.docker.internal连接到您的mysql服务。
As of Docker 18.09.3, this does not work on Docker-for-Linux. 从Docker 18.09.3开始,这不适用于Linux上的Docker。 A fix has been submitted on March the 8th, 2019 and will hopefully be merged to the code base. 已在2019年3月8日提交修复程序 ,有望将其合并到代码库中。 Until then, a workaround is to use a container as described in qoomon's answer . 在此之前,解决方法是使用qoomon的answer中所述的容器。
TLDR TLDR
Use --network="host" in your docker run command, then 127.0.0.1 in your docker container will point to your docker host. 在--network="host" docker run命令中使用--network="host" ,然后--network="host"容器中的127.0.0.1将指向您的docker主机。
Note: This mode only works on Docker for Linux, per the documentation . 注意: 根据文档 ,此模式仅适用于Linux的Docker。
Note on docker container networking modes 关于Docker容器联网模式的注意事项
Docker offers different networking modes when running containers. 运行容器时,Docker提供了不同的联网模式 。 Depending on the mode you choose you would connect to your MySQL database running on the docker host differently. 根据您选择的模式,您将以不同的方式连接到在docker主机上运行的MySQL数据库。
docker run --network="bridge" (default) docker run --network =“ bridge”(默认)
Docker creates a bridge named docker0 by default. Docker默认创建一个名为docker0的网桥。 Both the docker host and the docker containers have an IP address on that bridge. docker主机和docker容器在该网桥上均具有IP地址。
on the Docker host, type sudo ip addr show docker0 you will have an output looking like: 在Docker主机上,输入sudo ip addr show docker0您将看到如下输出:
[vagrant@docker:~] $ sudo ip addr show docker0
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::5484:7aff:fefe:9799/64 scope link
valid_lft forever preferred_lft forever
So here my docker host has the IP address 172.17.42.1 on the docker0 network interface. 所以我的172.17.42.1主机在docker0网络接口上的IP地址为docker0 。
Now start a new container and get a shell on it: docker run --rm -it ubuntu:trusty bash and within the container type ip addr show eth0 to discover how its main network interface is set up: 现在启动一个新容器并在其上安装一个外壳: docker run --rm -it ubuntu:trusty bash ,在容器类型ip addr show eth0以发现其主要网络接口的设置:
root@e77f6a1b3740:/# ip addr show eth0
863: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 66:32:13:f0:f1:e3 brd ff:ff:ff:ff:ff:ff
inet 172.17.1.192/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::6432:13ff:fef0:f1e3/64 scope link
valid_lft forever preferred_lft forever
Here my container has the IP address 172.17.1.192 . 我的容器的IP地址为172.17.1.192 。 Now look at the routing table: 现在看一下路由表:
root@e77f6a1b3740:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
So the IP Address of the docker host 172.17.42.1 is set as the default route and is accessible from your container. 因此, 172.17.42.1主机172.17.42.1的IP地址被设置为默认路由,并且可以从您的容器访问。
root@e77f6a1b3740:/# ping 172.17.42.1
PING 172.17.42.1 (172.17.42.1) 56(84) bytes of data.
64 bytes from 172.17.42.1: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 172.17.42.1: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 172.17.42.1: icmp_seq=3 ttl=64 time=0.116 ms
docker run --network="host" 泊坞窗运行--network =“ host”
Alternatively you can run a docker container with network settings set to host . 或者,您可以运行将网络设置设置为host的docker容器。 Such a container will share the network stack with the docker host and from the container point of view, localhost (or 127.0.0.1 ) will refer to the docker host. 这样的容器将与docker主机共享网络堆栈,从容器的角度来看, localhost (或127.0.0.1 )将引用docker主机。
Be aware that any port opened in your docker container would be opened on the docker host. 请注意,在Docker容器中打开的任何端口都将在Docker主机上打开。 And this without requiring the -p or -P docker run option . 而且这不需要-p或-P docker run选项 。
IP config on my docker host: 我的Docker主机上的IP配置:
[vagrant@docker:~] $ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:98:dc:aa brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe98:dcaa/64 scope link
valid_lft forever preferred_lft forever
and from a docker container in host mode: 并在主机模式下从Docker容器中获取:
[vagrant@docker:~] $ docker run --rm -it --network=host ubuntu:trusty ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:98:dc:aa brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe98:dcaa/64 scope link
valid_lft forever preferred_lft forever
As you can see both the docker host and docker container share the exact same network interface and as such have the same IP address. 如您所见,docker主机和docker容器共享完全相同的网络接口,因此具有相同的IP地址。
Connecting to MySQL from containers 从容器连接到MySQL
bridge mode 桥接模式
To access MySQL running on the docker host from containers in bridge mode , you need to make sure the MySQL service is listening for connections on the 172.17.42.1 IP address. 要以桥接模式从容器访问在docker主机上运行的MySQL,您需要确保MySQL服务正在侦听172.17.42.1 IP地址上的连接。
To do so, make sure you have either bind-address = 172.17.42.1 or bind-address = 0.0.0.0 in your MySQL config file (my.cnf). 为此,请确保您的MySQL配置文件(my.cnf)中具有bind-address = 172.17.42.1或bind-address = 0.0.0.0 。
If you need to set an environment variable with the IP address of the gateway, you can run the following code in a container : 如果您需要使用网关的IP地址设置环境变量,则可以在容器中运行以下代码:
export DOCKER_HOST_IP=$(route -n | awk '/UG[ \t]/{print $2}')
then in your application, use the DOCKER_HOST_IP environment variable to open the connection to MySQL. 然后在您的应用程序中,使用DOCKER_HOST_IP环境变量打开与MySQL的连接。
Note: if you use bind-address = 0.0.0.0 your MySQL server will listen for connections on all network interfaces. 注意:如果使用bind-address = 0.0.0.0 MySQL服务器将侦听所有网络接口上的连接。 That means your MySQL server could be reached from the Internet ; 这意味着您可以从Internet访问MySQL服务器。 make sure to setup firewall rules accordingly. 确保相应地设置防火墙规则。
Note 2: if you use bind-address = 172.17.42.1 your MySQL server won't listen for connections made to 127.0.0.1 . 注意2:如果您使用bind-address = 172.17.42.1您的MySQL服务器将不会监听与127.0.0.1建立的连接。 Processes running on the docker host that would want to connect to MySQL would have to use the 172.17.42.1 IP address. 要连接到MySQL的172.17.42.1主机上运行的进程必须使用172.17.42.1 IP地址。
host mode 主机模式
To access MySQL running on the docker host from containers in host mode , you can keep bind-address = 127.0.0.1 in your MySQL configuration and all you need to do is to connect to 127.0.0.1 from your containers: 要以主机模式从容器访问在docker主机上运行的MySQL,可以在MySQL配置中保持bind-address = 127.0.0.1 ,而要做的就是从容器连接到127.0.0.1 :
[vagrant@docker:~] $ docker run --rm -it --network=host mysql mysql -h 127.0.0.1 -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.5.41-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
note: Do use mysql -h 127.0.0.1 and not mysql -h localhost ; 注意:请使用mysql -h 127.0.0.1而不是mysql -h localhost ; otherwise the MySQL client would try to connect using a unix socket. 否则,MySQL客户端将尝试使用unix套接字进行连接。
#3楼
I disagree with the answer from Thomasleveil. 我不同意Thomasleveil的回答。
Making mysql bind to 172.17.42.1 will prevent other programs using the database on the host to reach it. 使mysql绑定到172.17.42.1将阻止其他程序使用主机上的数据库访问它。 This will only work if all your database users are dockerized. 仅当您所有的数据库用户都被docker化后,这才起作用。
Making mysql bind to 0.0.0.0 will open the db to outside world, which is not only a very bad thing to do, but also contrary to what the original question author wants to do. 使mysql绑定到0.0.0.0将使数据库向外界开放,这不仅是一件很糟糕的事情,而且与原始问题作者想要做的相反。 He explicitly says "The MySql is running on localhost and not exposing a port to the outside world, so its bound on localhost" 他明确表示“ MySql在本地主机上运行,并且没有将端口暴露给外界,因此它绑定在本地主机上”
To answer the comment from ivant 回答ivant的评论
"Why not bind mysql to docker0 as well?" “为什么还不将mysql绑定到docker0?”
This is not possible. 这是不可能的。 The mysql/mariadb documentation explicitly says it is not possible to bind to several interfaces. mysql / mariadb文档明确表示不可能绑定到多个接口。 You can only bind to 0, 1, or all interfaces. 您只能绑定到0、1或所有接口。
As a conclusion, I have NOT found any way to reach the (localhost only) database on the host from a docker container. 结论是,我还没有找到从Docker容器访问主机上(仅本地主机)数据库的任何方法。 That definitely seems like a very very common pattern, but I don't know how to do it. 这绝对是一个非常非常常见的模式,但是我不知道该怎么做。
#4楼
This worked for me on an NGINX/PHP-FPM stack without touching any code or networking where the app's just expecting to be able to connect to localhost 这在NGINX / PHP-FPM堆栈上为我工作,而无需接触应用程序仅希望能够连接到localhost任何代码或网络
Mount mysqld.sock from the host to inside the container. 将mysqld.sock从主机安装到容器内部。
Find the location of the mysql.sock file on the host running mysql: 在运行mysql的主机上找到mysql.sock文件的位置: netstat -ln | awk '/mysql(.*)?\\.sock/ { print $9 }'
Mount that file to where it's expected in the docker: 将该文件挂载到docker中预期的位置: docker run -v /hostpath/to/mysqld.sock:/containerpath/to/mysqld.sock
Possible locations of mysqld.sock: mysqld.sock的可能位置:
/tmp/mysqld.sock
/var/run/mysqld/mysqld.sock
/var/lib/mysql/mysql.sock
/Applications/MAMP/tmp/mysql/mysql.sock # if running via MAMP
#5楼
I doing a hack similar to above posts of get the local IP to map to a alias name (DNS) in the container. 我在做类似于以上文章的技巧,将本地IP映射到容器中的别名(DNS)。 The major problem is to get dynamically with a simple script that works both in Linux and OSX the host IP address . 主要的问题是要使用一个可以在Linux和OSX中运行的主机IP地址的简单脚本来动态获取。 I did this script that works in both environments (even in Linux distribution with "$LANG" != "en_*" configured): 我做了在两个环境中都可以使用的脚本(即使在配置了"$LANG" != "en_*" Linux发行版中):
ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1
So, using Docker Compose, the full configuration will be: 因此,使用Docker Compose,完整的配置将是:
Startup script (docker-run.sh) : 启动脚本(docker-run.sh) :
export DOCKERHOST=$(ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1)
docker-compose -f docker-compose.yml up
docker-compose.yml : docker-compose.yml :
myapp:
build: .
ports:
- "80:80"
extra_hosts:
- "dockerhost:$DOCKERHOST"
Then change http://localhost to http://dockerhost in your code. 然后在您的代码http://dockerhost http://localhost更改为http://dockerhost 。
For a more advance guide of how to customize the DOCKERHOST script, take a look at this post with a explanation of how it works. 有关如何自定义DOCKERHOST脚本的更高级指南,请查看此帖子,并对其工作方式进行说明。
#6楼
For those on Windows, assuming you're using the bridge network driver, you'll want to specifically bind MySQL to the ip address of the hyper-v network interface. 对于Windows上的用户,假设您正在使用网桥网络驱动程序,则需要将MySQL专门绑定到hyper-v网络接口的ip地址。
This is done via the configuration file under the normally hidden C:\\ProgramData\\MySQL folder. 这是通过通常隐藏的C:\\ ProgramData \\ MySQL文件夹下的配置文件完成的。
Binding to 0.0.0.0 will not work. 绑定到0.0.0.0将不起作用。 The address needed is shown in the docker configuration as well, and in my case was 10.0.75.1. 所需的地址也显示在docker配置中,在我的情况下为10.0.75.1。
