1:使用docker启动nginx随机映射配置
[root@linux-node1 ~]# docker run -d -P nginx
63cbe30165c8fb2ce7789a8173db6f2060705028ce6c326d1f0cd467bdee583c
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63cbe30165c8 nginx "nginx -g 'daemon off" 8 seconds ago Up 7 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp drunk_bhabha
[root@linux-node1 ~]#
提示:物理机的32769被映射到80端口
-P代表随机映射
我们可以查看我们的端口
[root@linux-node1 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 19995/mysqld
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 21574/epmd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1094/sshd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 21557/beam
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1372/master
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 21557/beam
tcp6 0 0 :::4369 :::* LISTEN 21574/epmd
tcp6 0 0 :::22 :::* LISTEN 1094/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1372/master
tcp6 0 0 :::32768 :::* LISTEN 55956/docker-proxy
tcp6 0 0 :::32769 :::* LISTEN 55963/docker-proxy
tcp6 0 0 :::5672 :::* LISTEN 21557/beam
udp 0 0 0.0.0.0:123 0.0.0.0:* 19389/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 19389/chronyd
udp6 0 0 ::1:323 :::* 19389/chronyd
我们可以看一下iptables查看Nat表
[root@linux-node1 ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 2 packets, 473 bytes)
pkts bytes target prot opt in out source destination
13 664 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 2 packets, 473 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 11 packets, 584 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:443
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
9 456 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 to:172.17.0.2:443
1 52 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32769 to:172.17.0.2:80
进入容器
[root@linux-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63cbe30165c8 nginx "nginx -g 'daemon off" 6 minutes ago Up 6 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp drunk_bhabha
[root@linux-node1 ~]# ./docker_in.sh 63cbe30165c8
提示:脚本可以查看我们基础介绍
提示:因为我们没有给容器命名,所以需要使用ID进行进入
docker运行的第一进程的pid为1
root@63cbe30165c8:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 31752 2872 ? Ss 22:53 0:00 nginx: master process nginx -g daemon off;
nginx 6 0.0 0.1 32144 1908 ? S 22:53 0:00 nginx: worker process
root 7 0.0 0.1 20252 1916 ? S 23:01 0:00 -bash
root 11 0.0 0.0 17492 1156 ? R+ 23:01 0:00 ps aux
docker默认会使用dhcp分配IP地址,但是我们如果想访问到需要设置iptables
root@63cbe30165c8:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
我们可以使用docker logs [ID/Name]来查看日志
[root@linux-node1 ~]# docker logs 63cbe30165c8
192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
2016/10/19 22:56:00 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.56.11:32769"
192.168.56.1 - - [19/Oct/2016:22:56:00 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "-"
2016/10/19 22:56:00 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.56.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.56.11:32769"
2.使用docker启动一个nginx,指定81端口
[root@linux-node1 ~]# docker run -d -p 192.168.56.11:81:80 --name mynginx nginx
65439bce352e712597f5a74dcf6c9978458fd02e6ed0f243fe87cad8c690d855
[root@linux-node1 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
65439bce352e nginx "nginx -g 'daemon off" 10 seconds ago Up 9 seconds 443/tcp, 192.168.56.11:81->80/tcp mynginx
提示: -d代表后台运行 -p 指定端口 --name 指定名称
通过端口映射,我们就可以非常方便的去访问到容器内部的服务
3.docker 启动映射多端口
[root@linux-node1 ~]# docker run -d -p 443:443 -p 82:80 --name nginxv2 nginx
865aed79c5ec875c5d7a033267c9d124324201f92d66382a152d1743533a586b
[root@linux-node1 ~]# docker port nginxv2
443/tcp -> 0.0.0.0:443
80/tcp -> 0.0.0.0:82