将主机网络上的 docker 端口 运行 开放给外部流量
Open docker port running on host network to outside traffic
如何让我的 docker 容器 运行 gunicorn / FastAPI 服务器响应外部流量?
我的容器是这样运行的
docker run --detach --net host -v "/path/to/app/app":"/app" -it me/app:appfastapi_latest /start.sh
cat start.sh
#! /usr/bin/env sh
set -e
# Start Gunicorn
exec gunicorn -k "uvicorn.workers.UvicornWorker" -c /app/gunicorn_conf.py "main:app"
cat ./app/gunicorn_conf.py
...
host = "0.0.0.0"
port = "8000"
bind = f"{host}:{port}"
...
docker logs container_id
...
[2022-02-15 05:40:10 +0000] [1] [INFO] Listening at: http://127.0.0.1:8000 (1)
^^^ this was before a fix in the conf, now its
0.0.0.0:8000
...
来自主机的卷曲容器
curl localhost:8000/hw {"message":"Hello World"}
这是应该的。但是当我这样做时
curl domain:8000/hw
curl: (7) Failed to connect to domain port 8000: Connection refused
我不知道如何解决这个问题。在 FastAPI main 中我有
ORIGINS = [
"http://127.0.0.1:8000",
"http://localhost:8000",
"http://domain:8000",
]
app = FastAPI(title="MY API", root_path=ROOT_PATH, docs_url="/")
app.add_middleware(
CORSMiddleware,
allow_origins=ORIGINS,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
我打开了防火墙(我相信)
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.17.0.2 anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere
我已经用
为端口 8000 打开了
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
我现在的系统是Debian9,
docker --version
Docker version 19.03.15, build 99e3ed8919
Listening at: http://127.0.0.1:8000
表示 gunicorn 正在监听 docker 容器的 localhost。无法从外部网络访问容器的本地主机。您应该设置 0.0.0.0:8000 以便能够从外部访问。
是的,您尝试设置
host = "0.0.0.0"
port = "8000"
但是 gunicorn config file 没有 host 和 port 参数。您应该改用 bind = '0.0.0.0:8000'。
不要忘记 publish port -p 8000:8000 当 运行 容器
如何让我的 docker 容器 运行 gunicorn / FastAPI 服务器响应外部流量?
我的容器是这样运行的
docker run --detach --net host -v "/path/to/app/app":"/app" -it me/app:appfastapi_latest /start.sh
cat start.sh
#! /usr/bin/env sh
set -e
# Start Gunicorn
exec gunicorn -k "uvicorn.workers.UvicornWorker" -c /app/gunicorn_conf.py "main:app"
cat ./app/gunicorn_conf.py
...
host = "0.0.0.0"
port = "8000"
bind = f"{host}:{port}"
...
docker logs container_id
...
[2022-02-15 05:40:10 +0000] [1] [INFO] Listening at: http://127.0.0.1:8000 (1)
^^^ this was before a fix in the conf, now its
0.0.0.0:8000
...
来自主机的卷曲容器
curl localhost:8000/hw {"message":"Hello World"}
这是应该的。但是当我这样做时
curl domain:8000/hw
curl: (7) Failed to connect to domain port 8000: Connection refused
我不知道如何解决这个问题。在 FastAPI main 中我有
ORIGINS = [
"http://127.0.0.1:8000",
"http://localhost:8000",
"http://domain:8000",
]
app = FastAPI(title="MY API", root_path=ROOT_PATH, docs_url="/")
app.add_middleware(
CORSMiddleware,
allow_origins=ORIGINS,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
我打开了防火墙(我相信)
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.17.0.2 anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere
我已经用
为端口8000 打开了
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
我现在的系统是Debian9,
docker --version
Docker version 19.03.15, build 99e3ed8919
Listening at: http://127.0.0.1:8000
表示 gunicorn 正在监听 docker 容器的 localhost。无法从外部网络访问容器的本地主机。您应该设置 0.0.0.0:8000 以便能够从外部访问。
是的,您尝试设置
host = "0.0.0.0"
port = "8000"
但是 gunicorn config file 没有 host 和 port 参数。您应该改用 bind = '0.0.0.0:8000'。
不要忘记 publish port -p 8000:8000 当 运行 容器