vi /etc/docker/daemon.json
后面加上:“iptables”:false
{
"registry-mirrors": ["https://v5ro0cay.mirror.aliyuncs.com","https://kfwkfulq.mirror.aliyuncs.com", "https://2lqq34jg.mirror.aliyuncs.com","https://pee6w651.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn","https://72idtxd8.mirror.aliyuncs.com","https://registry.docker-cn.com","http://hub-mirror.c.163.com"],"iptables":false
}
重启docker
(2)vi /etc/firewalld/zones/public.xml
加上要开放的端口
<port protocol="tcp" port="2000"/>
(3)vi /etc/firewalld/zones/trusted.xml
加入interface 和masquerade
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
<interface name="docker0"/>
<masquerade/>
</zone>
(4)重启firewalld
(5)此时nginx不能获取客户端真实IP
docker run --net host
启动