Docker network mode
Bridged network: The relationship between your network and the host is the same, and the same router is connected to the same switch network segment.
nat: He made your host's network into a device similar to a router, which implements network address translation. If the host can connect to the Internet, he can connect to the Internet, but their network segments are different.
Host only: Just let your host and virtual machine connect
host mode
Usage: Use --net=host to specify when docker run
The network used by docker is actually the same as the host, the network card ip seen in the container is the host ip
container mode
How to use: --net=container:container_id/container_name
Multiple containers use a common network, and the IPs they see are the same
none mode
Usage: --net=none specified
In this mode, no network will be configured, no network card, and no network
bridge mode
How to use: --net=bridge specifies the default mode, no need to specify the default is this network mode. This mode will allocate an independent Network Namespace for each container. Similar to vmware's nat network mode. All containers on the same host will be under the same network segment and can communicate with each other.
Docker network management-external access to the container
Idea: First use the centos image to create a new container, then install the nginx service in the container and start it, and then import the container into a new image (centos_nginx), and then use the new image to create the container and specify the host port mapping
Create a new image: docker run -itd -p 8888:80 centos_nginx bash //-p port mapping can be specified. In this example, port 80 of the container is mapped to the local port 8888
Enter the new image: docker exec -it container_id bash
Install nginx: yum install -y nginx
Start nginx: systemctl start nginx
Exit the container: exit
Test: curl 127.0.0.1:8888
The format of IP:port:ip:port is also supported after -p, such as
-p 127.0.0.1:8080:80
You can also write ip instead of the local port, which will assign a port at will
-p 127.0.0.1::80 //Note that there are two colons here
Access from another machine: docker rental host IP: 8888 can also be accessed
Solve the error when starting nginx Operation not permitted
The newly created container will report an error when starting nginx or httpd service
[root@34b9c062b8d9 /]# systemctl start nginx System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down Failed to get D-Bus connection: Operation not permitted
This is because dbus-daemon is not started. To solve the problem, you can do so
When starting the container, add the --privileged -e "container=docker" parameter, and change the last command to /usr/sbin/init
格式:docker run -itd -p 8888:80 --privileged -e "container=docker" centos_with_nginx /usr/sbin/init
Or add: --privileged=true
docker run -itd -p 8888:80 --privileged -e "container=true" centos_nginx /usr/sbin/init
[root@bogon ~]# docker run -itd -p 8888:80 --privileged -e "container=true" centos_nginx /usr/sbin/init 20df5c59352256a8bae6d8e8315f65a1f06831a68ec4dc8fc51aa56d1d2bde60 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 73bda065303e centos_nginx "/usr/sbin/init" 12 minutes ago Up 12 minutes 0.0.0.0:8888->80/tcp wizardly_taussig df3b494539d4 300e315adb2f "bash" 31 minutes ago Up 31 minutes hopeful_haibt f251f778055e registry "/entrypoint.sh /etc…" 57 minutes ago Up 57 minutes 0.0.0.0:5000->5000/tcp cranky_ramanujan
Docker network management-configure bridge network
This mode can make your docker container and the host use the same switch, they are on the same network segment, so that you can directly communicate with external machines, or you can treat this docker as an independent server
In order to make the communication between machines and Docker containers in the local network more convenient, we often need to configure the Docker container to the same network segment as the host. This requirement is actually very easy to achieve. We only need to bridge the Docker container and the host's network card, and then configure the Docker container with an IP.
First enter the network card configuration directory:
cd /etc/sysconfig/network-scripts/
Copy a new network card out
cp ifcfg-ens33 ifcfg-br0
Change the br0 configuration:
vim ifcfg-br0
First change the first line TYPE=Bridge
Change the name again: NAME=br0; DEVICE=br0; UUID also comment out
Change ens33 configuration
vi ifcfg-ens33 //Add BRIDGE=br0 in the last line, comment out: UUID,IPADDR,NETMASK,GATEWAY,DNS1
In fact, it is to configure the IP of ens33 to the new virtual network card br0, and then ens33 is bridging
Restart the network card: systemctl restart network
After the configuration is successful, the br0 network card will inherit the ip of ens33, and ens33 will be gone
[root@localhost network-scripts]# ifconfig br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.18.141 netmask 255.255.255.0 broadcast 192.168.18.255 inet6 fe80::5b35:7d8a:d448:fcf1 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b8:0f:33 txqueuelen 1000 (Ethernet) RX packets 66 bytes 5379 (5.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 73 bytes 8400 (8.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:74ff:fe8a:e688 prefixlen 64 scopeid 0x20<link> ether 02:42:74:8a:e6:88 txqueuelen 0 (Ethernet) RX packets 7464 bytes 330335 (322.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12839 bytes 27117685 (25.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:b8:0f:33 txqueuelen 1000 (Ethernet) RX packets 243167 bytes 341083270 (325.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 60420 bytes 5248917 (5.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
安装pipwork
克隆:git clone https://github.com/jpetazzo/pipework
[root@localhost ~]# git clone https://github.com/jpetazzo/pipework 正克隆到 'pipework'... remote: Enumerating objects: 8, done. remote: Counting objects: 100% (8/8), done. remote: Compressing objects: 100% (6/6), done. remote: Total 518 (delta 2), reused 5 (delta 2), pack-reused 510 接收对象中: 100% (518/518), 182.72 KiB | 14.00 KiB/s, done. 处理 delta 中: 100% (272/272), done.
拷贝文件到可执行目录下:
cp pipework/pipework /usr/local/bin/
开启一个容器:(--net=none参数意思是不设置网络)
docker run -itd --net=none centos_with_nettool bash
[root@localhost pipework]# docker run -itd --net=none 772d8347a1d7 bash 62cb0a73d01b26b4b3f7972f45806b8960c0762eacd486ff5e4f578c716051b0
进入到容器里,现在是没有网卡ip的
[root@localhost pipework]# docker exec -it 62cb0a bash [root@62cb0a73d01b /]# ifconfig lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@62cb0a73d01b /]#
退出并设置IP:
pipework br0 62cb0a73d01b 192.168.18.142/[email protected] #192.168.18.142为自定义容器的ip,@后面的ip为网关ip
[root@localhost pipework]# pipework br0 62cb0a73d01b 192.168.18.142/[email protected]
在进入容器就有IP了,而且还能ping外网,其他机器也可以ping它,在里边安装一些服务(nginx,httpd)就可以直接ip端口访问了
[root@localhost pipework]# docker exec -it 62cb0a bash [root@62cb0a73d01b /]# ifconfig eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.18.142 netmask 255.255.255.0 broadcast 192.168.18.255 ether 2a:d0:c4:88:ba:63 txqueuelen 1000 (Ethernet) RX packets 12 bytes 896 (896.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1 bytes 42 (42.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在容器ping外网
[root@62cb0a73d01b /]# ping baidu.com PING baidu.com (39.156.69.79) 56(84) bytes of data. 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=47.4 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=128 time=44.6 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=128 time=46.10 ms
其他机器ping该容器
[root@localhost ~]# ping 192.168.18.141 PING 192.168.18.141 (192.168.18.141) 56(84) bytes of data. 64 bytes from 192.168.18.141: icmp_seq=42 ttl=64 time=0.486 ms 64 bytes from 192.168.18.141: icmp_seq=43 ttl=64 time=0.313 ms 64 bytes from 192.168.18.141: icmp_seq=44 ttl=64 time=0.296 ms 64 bytes from 192.168.18.141: icmp_seq=45 ttl=64 time=0.372 ms 64 bytes from 192.168.18.141: icmp_seq=46 ttl=64 time=0.220 ms 64 bytes from 192.168.18.141: icmp_seq=47 ttl=64 time=0.297 ms