启动命令 docker-compose up 有奇怪的行为
Launch command docker-compose up has strange behaviour
这里是文件内容docker-compose.yml创建数据库镜像
version: '2'
services:
myerp.db:
image: postgres:10
当我启动命令 docker-compose up 时,我得到:
Pulling myerp.db (postgres:10)...
10: Pulling from library/postgres
802b00ed6f79: Already exists
4e0de21e2180: Already exists
58b06ac4cd84: Already exists
14e76b354b47: Already exists
0f0c9f244b65: Already exists
37117d8abb6d: Already exists
8b541f5d818a: Already exists
7cb4855fcd96: Already exists
5c7fe264586b: Already exists
64568a495c35: Already exists
283257efa745: Already exists
222b134fa51d: Already exists
e9a30e7f2a9f: Already exists
86bffc7855b0: Already exists
Digest: sha256:1d26fae6c056760ed5aa5bb5d65d155848f48046ae8cd95c5b26ea7ceabb37ad
Status: Downloaded newer image for postgres:10
Starting dev_myerp.db_1 ... done
Attaching to dev_myerp.db_1
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv6 address "::", port 5432
myerp.db_1 | 2018-09-23 10:27:38.653 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
myerp.db_1 | 2018-09-23 10:27:38.682 UTC [21] LOG: database system was shut down at 2018-09-23 10:16:13 UTC
myerp.db_1 | 2018-09-23 10:27:38.708 UTC [1] LOG: database system is ready to accept connections
我注意到当我将这些行添加到 docker-compose.yml:
ports:
- "127.0.0.1:9432:5433"
volumes:
# - "./data/db:/var/lib/postgresql/data"
- "./init/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d"
environment:
- POSTGRES_DB=db_myerp
- POSTGRES_USER=user
- POSTGRES_PASSWORD=usr
我一直使用“0.0.0.0”而不是 127.0.0.1。
Attaching to dev_myerp.db_1
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv6 address "::", port 5432
myerp.db_1 | 2018-09-23 10:27:38.653 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
myerp.db_1 | 2018-09-23 10:27:38.682 UTC [21] LOG: database system was shut down at 2018-09-23 10:16:13 UTC
myerp.db_1 | 2018-09-23 10:27:38.708 UTC [1] LOG: database system is ready to accept connections
你能解释一下为什么文件中添加的信息没有被考虑在内吗?
提前致谢
这里发生了两件不同的事情。
容器内的服务器进程是 运行,docker-compose 日志是该服务器进程的输出。 服务器进程必须设置网络连接以侦听 0.0.0.0,否则将无法访问。它对 Docker 环境的了解最少,并且不知道诸如来自 Compose YAML 文件的端口映射;它通常由命令行选项或环境变量控制。 (所以你引用的日志消息应该总是说“0.0.0.0”,否则你的容器将无法工作。)
在容器外部,Docker 将指定端口上的入站连接路由到特定容器。这就像主机上的任何其他服务 运行 一样:您在此处提供的 IP 地址可以是主机拥有的任何单个地址(在这种情况下,它只能通过匹配的网络接口访问)或魔术 "listen everywhere" 地址 0.0.0.0(默认)。
与docker run -p 127.0.0.1:9432:5432(记住,第二个端口号必须与容器内服务器使用的端口匹配)你应该发现主机上的进程运行可以到达容器,但是其他主机上的进程 运行 将无法。
Docker 文档非常擅长解释内容,尤其是 this post.
By default, when you create a container, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host.
当您在 docker-compose.yml 中使用 ports 时,也会发生相同的行为。因此,当您设置 127.0.0.1:9432:5433 时,它的字面意思是 Docker:"Map TCP port 5433 in the container to port 9432 on the Docker host"。假设 Docker 没有考虑您的设置,您就错了。
如您所料,运行ning 容器和 运行ning 东西在容器中是有区别的。您可以将 pg 设置为 运行,这样它就会收听 127.0.0.1。在那种情况下,它将拒绝来自任何地方的所有传入连接,甚至是其他容器。因此它正在监听 0.0.0.0 或 所有接口 .
有一种方法可以让同一网络上的其他容器知道您的数据库,但 "hide" 它来自外部世界。 expose 指令 clearly says:
Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.
这里是文件内容docker-compose.yml创建数据库镜像
version: '2'
services:
myerp.db:
image: postgres:10
当我启动命令 docker-compose up 时,我得到:
Pulling myerp.db (postgres:10)...
10: Pulling from library/postgres
802b00ed6f79: Already exists
4e0de21e2180: Already exists
58b06ac4cd84: Already exists
14e76b354b47: Already exists
0f0c9f244b65: Already exists
37117d8abb6d: Already exists
8b541f5d818a: Already exists
7cb4855fcd96: Already exists
5c7fe264586b: Already exists
64568a495c35: Already exists
283257efa745: Already exists
222b134fa51d: Already exists
e9a30e7f2a9f: Already exists
86bffc7855b0: Already exists
Digest: sha256:1d26fae6c056760ed5aa5bb5d65d155848f48046ae8cd95c5b26ea7ceabb37ad
Status: Downloaded newer image for postgres:10
Starting dev_myerp.db_1 ... done
Attaching to dev_myerp.db_1
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv6 address "::", port 5432
myerp.db_1 | 2018-09-23 10:27:38.653 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
myerp.db_1 | 2018-09-23 10:27:38.682 UTC [21] LOG: database system was shut down at 2018-09-23 10:16:13 UTC
myerp.db_1 | 2018-09-23 10:27:38.708 UTC [1] LOG: database system is ready to accept connections
我注意到当我将这些行添加到 docker-compose.yml:
ports:
- "127.0.0.1:9432:5433"
volumes:
# - "./data/db:/var/lib/postgresql/data"
- "./init/db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d"
environment:
- POSTGRES_DB=db_myerp
- POSTGRES_USER=user
- POSTGRES_PASSWORD=usr
我一直使用“0.0.0.0”而不是 127.0.0.1。
Attaching to dev_myerp.db_1
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
myerp.db_1 | 2018-09-23 10:27:38.647 UTC [1] LOG: listening on IPv6 address "::", port 5432
myerp.db_1 | 2018-09-23 10:27:38.653 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
myerp.db_1 | 2018-09-23 10:27:38.682 UTC [21] LOG: database system was shut down at 2018-09-23 10:16:13 UTC
myerp.db_1 | 2018-09-23 10:27:38.708 UTC [1] LOG: database system is ready to accept connections
你能解释一下为什么文件中添加的信息没有被考虑在内吗?
提前致谢
这里发生了两件不同的事情。
容器内的服务器进程是 运行,docker-compose 日志是该服务器进程的输出。 服务器进程必须设置网络连接以侦听 0.0.0.0,否则将无法访问。它对 Docker 环境的了解最少,并且不知道诸如来自 Compose YAML 文件的端口映射;它通常由命令行选项或环境变量控制。 (所以你引用的日志消息应该总是说“0.0.0.0”,否则你的容器将无法工作。)
在容器外部,Docker 将指定端口上的入站连接路由到特定容器。这就像主机上的任何其他服务 运行 一样:您在此处提供的 IP 地址可以是主机拥有的任何单个地址(在这种情况下,它只能通过匹配的网络接口访问)或魔术 "listen everywhere" 地址 0.0.0.0(默认)。
与docker run -p 127.0.0.1:9432:5432(记住,第二个端口号必须与容器内服务器使用的端口匹配)你应该发现主机上的进程运行可以到达容器,但是其他主机上的进程 运行 将无法。
Docker 文档非常擅长解释内容,尤其是 this post.
By default, when you create a container, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the
--publishor-pflag. This creates a firewall rule which maps a container port to a port on the Docker host.
当您在 docker-compose.yml 中使用 ports 时,也会发生相同的行为。因此,当您设置 127.0.0.1:9432:5433 时,它的字面意思是 Docker:"Map TCP port 5433 in the container to port 9432 on the Docker host"。假设 Docker 没有考虑您的设置,您就错了。
如您所料,运行ning 容器和 运行ning 东西在容器中是有区别的。您可以将 pg 设置为 运行,这样它就会收听 127.0.0.1。在那种情况下,它将拒绝来自任何地方的所有传入连接,甚至是其他容器。因此它正在监听 0.0.0.0 或 所有接口 .
有一种方法可以让同一网络上的其他容器知道您的数据库,但 "hide" 它来自外部世界。 expose 指令 clearly says:
Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.