运维开发网

Docker容器只能使用–net = host访问Internet

运维开发网 https://www.qedev.com 2020-06-17 14:22 出处:网络 作者:运维开发网整理
刚刚使用安装指南安装了docker 1.10.1.但是,除非我在docker run命令中使用了–net = host,否则我的容器都不能访问Internet.我试过这些帖子的各种解决方法: > http://odino.org/cannot-connect-to-the-internet-from-your-docker-containers/ > My docker container has
刚刚使用安装指南安装了docker 1.10.1.但是,除非我在docker run命令中使用了–net = host,否则我的容器都不能访问Internet.我试过这些帖子的各种解决方法:

> http://odino.org/cannot-connect-to-the-internet-from-your-docker-containers/

> My docker container has no internet

> I can’t get Docker containers to access the internet?

> Docker container cannot access internet

到目前为止,除了将–net = host添加到run命令之外没有任何工作,但我无法从Dockerfile构建映像,因为我无法使用–net = host和build命令.

我运行了docker network inspect bridge来检查docker网桥的设置,并注意到它使用(几乎)与我的工作VPN相同的子网和网关.这可能导致问题吗?这也可以解释为什么当我连接到我的工作VPN时,一些站点无法加载.

这是docker网络检查桥的结果:

[
    {
        "Name": "bridge",
        "Id": "6d603ebd1c437d0d1f02be8406cf362f7f36d33168e42b9883891bae99834fa9",
        "Scope": "local",
        "Driver": "bridge",
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        }
    }
]

这是ifconfig:

docker0   Link encap:Ethernet  HWaddr 02:42:9a:29:4a:c2  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:9aff:fe29:4ac2/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:36 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2080 (2.0 KB)  TX bytes:8498 (8.4 KB)

enx00e09f0004bd Link encap:Ethernet  HWaddr 00:e0:9f:00:04:bd  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:70948 errors:0 dropped:1 overruns:0 frame:0
          TX packets:14839 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14270948 (14.2 MB)  TX bytes:3460691 (3.4 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3407 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3407 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:326405 (326.4 KB)  TX bytes:326405 (326.4 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:172.17.62.55  P-t-P:172.17.62.55  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1406  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:1773 (1.7 KB)  TX bytes:1466 (1.4 KB)

wlp6s0    Link encap:Ethernet  HWaddr cc:3d:82:1a:1e:1d  
          inet addr:10.250.9.73  Bcast:10.250.9.255  Mask:255.255.254.0
          inet6 addr: fe80::ce3d:82ff:fe1a:1e1d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4381 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4398 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2246805 (2.2 MB)  TX bytes:835572 (835.5 KB)

I can’t build images from a Dockerfile because I can’t use –net=host with the build command

这是docker守护进程在构建时能够访问Internet的工作.

您可以通过传递构建时参数来帮助它

docker build --build-arg HTTP_PROXY=http://...

也就是说,如果你是代理人的背后.

如果你不是,check your DNS settings(这个问题是在boot2docker的上下文中,这可能与你无关,但它仍然可以提供一些关于检查内容的线索).

这是another example of DNS issue.

OP wheeler确认了与dns相关的问题in the comments:

I had to disable dnsmasq in NetworkManager, not quite sure why it was affecting docker, but DNS resolution started working inside containers when I disabled dnsmasq.

这是一个变通方法seen before here:

  • Disable dnsmasq by commenting it out the “dns=dnsmasq” line in /etc/NetworkManager/NetworkManager.conf and restarting the network-manager and docker.io services (sudo service network-manager restart && sudo service docker.io restart).
  • Alternatively enable the commented out DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" line in /etc/default/docker.io (and also restart the docker.io service).

后一种解决方法当然要求从您的网络可以访问8.8.8.8 / 8.8.4.4服务器.

OP增加:

This solution worked to some extent until I used my VPN to work from home, and the subnet of the docker bridge was colliding with my VPN subnet.

他推荐“Set the ip of the Docker bridge with Systemd”

/etc/systemd/system/docker.service.d/docker.conf should contain this:

[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// --bip=192.168.169.1/24

和:

systemctl stop docker

# We need a program called brctl to, well, control the bridge, which is part of the bridge-utils package.
sudo apt-get install bridge-utils

#Bring down the docker0 interface:
sudo ip link set docker0 down

# And delete the bridge.
sudo brctl delbr docker0

# Finally, start the Docker daemon
systemctl start docker
0

精彩评论

暂无评论...
验证码 换一张
取 消