为所有传入连接打开 (Bluemix) 容器
Opening a (Bluemix) container to all incoming connection
2017 年新年快乐!
大家好!
当我尝试在 BlueMix 容器(cf ic run = docker run)中部署我的 docker 图像时遇到一些问题
即使图像在 运行 里面,我也无法从网络访问容器。
我ping了绑定地址:
ping 169.46.18.91
PING 169.46.18.91 (169.46.18.91): 56 data bytes
64 bytes from 169.46.18.91: icmp_seq=0 ttl=48 time=124.247 ms
64 bytes from 169.46.18.91: icmp_seq=1 ttl=48 time=122.701 ms
图像在本地工作,但现在我给了它一个 IP 并将其托管在 bluemix 容器服务上,我报告了在 cf ic -v run 命令
之后设置图像时的问题
以下是命令的日志:
cf ic -v run -p 3000 --name bootingtest 1ed1b527771b
DEMANDE : [2017-01-18T10:32:31+01:00]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [DONNEES PRIVEES MASQUEES]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.22.2+a95e24c / darwin
grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNzJlYTFmNy00NGRlLTRmYmYtODUxOS1lNmU0NmU2MTk1Y2ItciIsInN1YiI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInNjb3BlIjpbIm9wZW5pZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJjbG91ZF9jb250cm9sbGVyLndyaXRlIl0sImlhdCI6MTQ4NDczMTE3MSwiZXhwIjoxNDg3MzIzMTcxLCJjaWQiOiJjZiIsImNsaWVudF9pZCI6ImNmIiwiaXNzIjoiaHR0cHM6Ly91YWEubmcuYmx1ZW1peC5uZXQvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJlbW1hbnVlbC5zb2xvbUBmci5pYm0uY29tIiwib3JpZ2luIjoidWFhIiwidXNlcl9pZCI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInJldl9zaWciOiI2MWNkZjM4MiIsImF1ZCI6WyJjZiIsIm9wZW5pZCIsInVhYSIsImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCJdfQ._gxevCN9cCYX3Fw_FUEYvxFsRhHqfOT9KhjZFiHcNao&scope=
REPONSE : [2017-01-18T10:32:32+01:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store
Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline';
Content-Type: application/json;charset=UTF-8
Date: Wed, 18 Jan 2017 09:32:31 GMT
Expires: 0
Pragma: no-cache,no-cache
Server: Apache-Coyote/1.1
Strict-Transport-Security: max-age=2592000 ; includeSubDomains
X-Backside-Transport: OK OK,OK OK
X-Client-Ip: 91.151.65.169
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Global-Transaction-Id: 1804077409
X-Powered-By: Servlet/3.1
X-Vcap-Request-Id: e683d47d-28aa-43c1-6356-d5818dfd86f1
X-Xss-Protection: 1; mode=block
6f6
{"access_token":"[DONNEES PRIVEES MASQUEES]","token_type":"[DONNEES PRIVEES MASQUEES]","refresh_token":"[DONNEES PRIVEES MASQUEES]","expires_in":1209599,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"edcd9c51-4521-4f49-bf03-def030e81626"}
0
a9dc3ad4-1a34-4848-9b16-8d1410b79a06
那么,当我 运行 或构建图像时,有没有办法建立从 "close" 状态到 "waiting for incoming connection" 状态的连接?
有点像一个选项cf ic (docker) run -p 3000 --accept_all imageid cmd(我没有在 --help 菜单中看到它)
还是您在其他地方看到了错误?
我考虑过使用 docker exec -it ID /bin/bash 登录容器,但我不知道 bash 命令接受所有传入连接...(而且我认为它是 bash VM 而不是容器本身)
感谢您的回答,祝您有愉快的一天!
伊曼纽尔
其他信息:
Docker 文件
FROM ubuntu:14.04
RUN apt-get update && apt-get -y install python2.7
RUN apt-get -y install python-pip
RUN pip install Flask
RUN pip install ibmiotf
RUN pip install requests
RUN pip install flask-socketio
RUN pip install cloudant
ENV PORT=12345
EXPOSE 12345
ADD ./SIARA /opt/SIARA/
WORKDIR /opt/SIARA/
CMD sleep 80 && python testGUI.py
Flask 服务器端口映射和运行:
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
socketio.run(app, host='0.0.0.0', port=port)
线索
当我在本地测试我的图像时,我收到了这个警告消息,他们不对任何崩溃负责,但也许现在它在云端,这种错误是导致网络连接尝试失败的原因?
tl;dr:显然 SSH 连接不可用,因为(显然)我的 python (2.7) 版本需要更新 (??)
但是 SSH 不应该只在 https:// 连接的情况下才相关?
cf ic logs -ft guiplay
2017-01-19T09:17:38.870006264Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
32017-01-19T09:17:38.870062551Z SNIMissingWarning
�2017-01-19T09:17:38.870081733Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:38.870089026Z InsecurePlatformWarning
�2017-01-19T09:17:39.145906849Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:39.145950355Z InsecurePlatformWarning
�2017-01-19T09:17:39.186165706Z WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
Y2017-01-19T09:17:39.192990810Z * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
嗯 - 我看到你发布了端口 3000(运行 命令中的 -p 3000 参数),但默认端口是 5000。在 dockerfile 中,你将其切换为 12345,所以这是大概是您实际在那里收听的内容。猜猜这就是你想要打开所有端口的原因?
Docker 仅公开您告诉它的端口 - 根据该 Docker 文件为该默认值添加一个额外的 -p 5000,或 -p 12345,或两者都应该允许您在这些情况下连接到应用程序。或者,如果您只想发布通过 Docker 文件公开的所有端口(在本例中为 12345),请使用 -P 参数。
更多信息:运行在云中,有额外的安全性,您的容器只能通过您想要发布的端口访问。在 space 中(在同一 space 中其他容器的私有 ips 中,或者绝对是在容器本身中),您仍然应该能够访问这些端口。但是,从外部只能访问您发布的端口。我没有看到有效发布 * 的方法(而且,从安全的角度来看,这似乎是一个相当值得怀疑的做法)
看起来 Bluemix 单一容器服务有点敏感,很难从 Web 访问它,直到我添加了一个要求所需 HTTP 端口的 "scalable" 容器。
我认为问题是这个http端口没有暴露,但现在问题已经按照我上面说的方式解决了。
2017 年新年快乐!
大家好!
当我尝试在 BlueMix 容器(cf ic run = docker run)中部署我的 docker 图像时遇到一些问题
即使图像在 运行 里面,我也无法从网络访问容器。
我ping了绑定地址:
ping 169.46.18.91
PING 169.46.18.91 (169.46.18.91): 56 data bytes
64 bytes from 169.46.18.91: icmp_seq=0 ttl=48 time=124.247 ms
64 bytes from 169.46.18.91: icmp_seq=1 ttl=48 time=122.701 ms
图像在本地工作,但现在我给了它一个 IP 并将其托管在 bluemix 容器服务上,我报告了在 cf ic -v run 命令
以下是命令的日志:
cf ic -v run -p 3000 --name bootingtest 1ed1b527771b
DEMANDE : [2017-01-18T10:32:31+01:00]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [DONNEES PRIVEES MASQUEES]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.22.2+a95e24c / darwin
grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNzJlYTFmNy00NGRlLTRmYmYtODUxOS1lNmU0NmU2MTk1Y2ItciIsInN1YiI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInNjb3BlIjpbIm9wZW5pZCIsInVhYS51c2VyIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJjbG91ZF9jb250cm9sbGVyLndyaXRlIl0sImlhdCI6MTQ4NDczMTE3MSwiZXhwIjoxNDg3MzIzMTcxLCJjaWQiOiJjZiIsImNsaWVudF9pZCI6ImNmIiwiaXNzIjoiaHR0cHM6Ly91YWEubmcuYmx1ZW1peC5uZXQvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJlbW1hbnVlbC5zb2xvbUBmci5pYm0uY29tIiwib3JpZ2luIjoidWFhIiwidXNlcl9pZCI6ImZkMWVmM2Q3LTI2OTQtNDQ4Ni1iNjY2LWRmNTVjY2M4MzVmOCIsInJldl9zaWciOiI2MWNkZjM4MiIsImF1ZCI6WyJjZiIsIm9wZW5pZCIsInVhYSIsImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCJdfQ._gxevCN9cCYX3Fw_FUEYvxFsRhHqfOT9KhjZFiHcNao&scope=
REPONSE : [2017-01-18T10:32:32+01:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store
Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline';
Content-Type: application/json;charset=UTF-8
Date: Wed, 18 Jan 2017 09:32:31 GMT
Expires: 0
Pragma: no-cache,no-cache
Server: Apache-Coyote/1.1
Strict-Transport-Security: max-age=2592000 ; includeSubDomains
X-Backside-Transport: OK OK,OK OK
X-Client-Ip: 91.151.65.169
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Global-Transaction-Id: 1804077409
X-Powered-By: Servlet/3.1
X-Vcap-Request-Id: e683d47d-28aa-43c1-6356-d5818dfd86f1
X-Xss-Protection: 1; mode=block
6f6
{"access_token":"[DONNEES PRIVEES MASQUEES]","token_type":"[DONNEES PRIVEES MASQUEES]","refresh_token":"[DONNEES PRIVEES MASQUEES]","expires_in":1209599,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"edcd9c51-4521-4f49-bf03-def030e81626"}
0
a9dc3ad4-1a34-4848-9b16-8d1410b79a06
那么,当我 运行 或构建图像时,有没有办法建立从 "close" 状态到 "waiting for incoming connection" 状态的连接?
有点像一个选项cf ic (docker) run -p 3000 --accept_all imageid cmd(我没有在 --help 菜单中看到它)
还是您在其他地方看到了错误?
我考虑过使用 docker exec -it ID /bin/bash 登录容器,但我不知道 bash 命令接受所有传入连接...(而且我认为它是 bash VM 而不是容器本身)
感谢您的回答,祝您有愉快的一天!
伊曼纽尔
其他信息:
Docker 文件
FROM ubuntu:14.04
RUN apt-get update && apt-get -y install python2.7
RUN apt-get -y install python-pip
RUN pip install Flask
RUN pip install ibmiotf
RUN pip install requests
RUN pip install flask-socketio
RUN pip install cloudant
ENV PORT=12345
EXPOSE 12345
ADD ./SIARA /opt/SIARA/
WORKDIR /opt/SIARA/
CMD sleep 80 && python testGUI.py
Flask 服务器端口映射和运行:
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
socketio.run(app, host='0.0.0.0', port=port)
线索
当我在本地测试我的图像时,我收到了这个警告消息,他们不对任何崩溃负责,但也许现在它在云端,这种错误是导致网络连接尝试失败的原因?
tl;dr:显然 SSH 连接不可用,因为(显然)我的 python (2.7) 版本需要更新 (??) 但是 SSH 不应该只在 https:// 连接的情况下才相关?
cf ic logs -ft guiplay
2017-01-19T09:17:38.870006264Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
32017-01-19T09:17:38.870062551Z SNIMissingWarning
�2017-01-19T09:17:38.870081733Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:38.870089026Z InsecurePlatformWarning
�2017-01-19T09:17:39.145906849Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
92017-01-19T09:17:39.145950355Z InsecurePlatformWarning
�2017-01-19T09:17:39.186165706Z WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
Y2017-01-19T09:17:39.192990810Z * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
嗯 - 我看到你发布了端口 3000(运行 命令中的 -p 3000 参数),但默认端口是 5000。在 dockerfile 中,你将其切换为 12345,所以这是大概是您实际在那里收听的内容。猜猜这就是你想要打开所有端口的原因?
Docker 仅公开您告诉它的端口 - 根据该 Docker 文件为该默认值添加一个额外的 -p 5000,或 -p 12345,或两者都应该允许您在这些情况下连接到应用程序。或者,如果您只想发布通过 Docker 文件公开的所有端口(在本例中为 12345),请使用 -P 参数。
更多信息:运行在云中,有额外的安全性,您的容器只能通过您想要发布的端口访问。在 space 中(在同一 space 中其他容器的私有 ips 中,或者绝对是在容器本身中),您仍然应该能够访问这些端口。但是,从外部只能访问您发布的端口。我没有看到有效发布 * 的方法(而且,从安全的角度来看,这似乎是一个相当值得怀疑的做法)
看起来 Bluemix 单一容器服务有点敏感,很难从 Web 访问它,直到我添加了一个要求所需 HTTP 端口的 "scalable" 容器。
我认为问题是这个http端口没有暴露,但现在问题已经按照我上面说的方式解决了。