本文介绍了Docker和netstat:netstat没有显示由Docker容器公开的端口的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我用类似

docker run -p 80:80 ...

然后我尝试使用 netstat 例如:

netstat -at

奇怪的是,netstat不会显示带有暴露端口的docker容器,尽管它们正在侦听并回复浏览器。

Strange thing is that netstat won't display my docker containers with exposed ports, although they are listening and reply to the browser.

如何使 netstat 显示那些暴露的端口?

How do I make netstat display those exposed ports?

更新:
我正在Debian 8 Jessie上运行它。这是我的工作:

UPDATE:I'm running this on Debian 8 Jessie. Here's what I do:

docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                                      NAMES
9dfa08bab50d        workflows-nginx     "/bin/sh -c '/usr/sbi"   2 hours ago         Up 2 hours                  0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   workflows-nginx
d0b0c3f90f13        workflows-django    "/bin/sh -c 'python /"   7 hours ago         Up 3 hours                  0.0.0.0:8000->8000/tcp                     workflows-django
99a857c92533        workflows-db        "/docker-entrypoint.s"   7 hours ago         Up 3 hours                  5432/tcp                                   workflows-db

这里docker报告说容器端口被转发给主机。而且,如果我停止 workflows-nginx 容器,它将停止通过http(端口80)对浏览器的应答。如果我再次启动它,它将再次开始响应。

Here docker reports that container ports are forwarded to the host. Moreover, if I stop workflows-nginx container, it stops answering to the browser by http (port 80). If I start it again, it starts responding again.

这里是 sudo netstat -at |的输出。更少

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 localhost:ipp           *:*                     LISTEN
tcp        0      0 *:15672                 *:*                     LISTEN
tcp        0      0 *:postgresql            *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN
tcp        0      0 *:25672                 *:*                     LISTEN
tcp        0      0 *:48142                 *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 *:epmd                  *:*                     LISTEN
tcp        0      0 bob-acer:34866          104.16.33.249:http      ESTABLISHED
tcp        0      0 bob-acer:42380          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42543          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42525          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:44076          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42944          stackoverflow.com:https ESTABLISHED
tcp        0      0 localhost:epmd          localhost:50831         ESTABLISHED
tcp        0      0 bob-acer:42655          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42384          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:44626          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42390          stackoverflow.com:https ESTABLISHED
tcp        0      0 localhost:50831         localhost:epmd          ESTABLISHED
tcp        0      0 bob-acer:48301          c2.52.c0ad.ip4.st:https ESTABLISHED
tcp        0      0 bob-acer:42151          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42205          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:42539          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:44737          stackoverflow.com:https ESTABLISHED
tcp        0      0 bob-acer:39648          77.94.164.251:https     ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN
tcp6       0      0 [::]:postgresql         [::]:*                  LISTEN
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN
tcp6       0      0 [::]:44794              [::]:*                  LISTEN
tcp6       0      0 [::]:8000               [::]:*                  LISTEN
tcp6       0      0 [::]:amqp               [::]:*                  LISTEN
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN
tcp6       1      0 localhost:58497         localhost:ipp           CLOSE_WAIT

如您所见,端口80和端口443均未报告。由于某些原因, workflows-django 的端口8000在IPv6接口上打开。而且,我忘记在主机上禁用postgres了,但它们仍然没有与postgres容器 workflows-db 冲突。

As you can see, neither port 80, nor port 443 are reported. Port 8000 of workflows-django for some reason is opened on IPv6 interface. Moreover, I forgot to disable postgres on host machine and still they don't clash with postgres container workflows-db.

一切都在我的本地笔记本上运行,所以我想与主机不会有任何混淆。

Everything is running on my local notebook, so I guess there can't be any confusion with the host.

我的docker版本是:

My docker version is:

docker --version
Docker version 1.10.3, build 20f81dd






ANSWER:与docker EXPOSE参数有关。如果在dockerfile中写入此行并使用-p运行容器,则端口将在netstat中可见。如果您使用-p而不写EXPOSE,则netstat不会列出您的端口。


ANSWER: This is related to docker EXPOSE parameter. If you write this line in your dockerfile and run the container with -p, the port will be visible in netstat. If you use -p but don't write EXPOSE, your port won't be listed by netstat.

推荐答案

netstat应该显示暴露的端口。这是一个示例

netstat should display the exposed ports. Here is an example

anovil@anovil-Latitude-E6440:docker$ sudo netstat -at|grep 3030
anovil@anovil-Latitude-E6440:docker$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
anovil@anovil-Latitude-E6440:docker$ docker run -d -p 3030:80 httpd:2.4
4310ac5fbdbc7314ab4d23e34099a710a3a8790dcf2c6d0a84202c1de5c9fd30
anovil@anovil-Latitude-E6440:docker$ docker ps
CONTAINER ID        IMAGE               COMMAND              CREATED             STATUS              PORTS                  NAMES
4310ac5fbdbc        httpd:2.4           "httpd-foreground"   3 minutes ago       Up 3 minutes        0.0.0.0:3030->80/tcp   hungry_fermat
anovil@anovil-Latitude-E6440:docker$ sudo netstat -at|grep 3030
tcp6       0      0 [::]:3030               [::]:*                  LISTEN
anovil@anovil-Latitude-E6440:docker$ sudo netstat -tulpn|grep 3030
tcp6       0      0 :::3030                 :::*                    LISTEN      10294/docker-proxy
anovil@anovil-Latitude-E6440:docker$

您需要验证自己的一些基本条件:

Some basic things you need to verify yourself:


  1. 您是否正在以提升的特权运行netstat?当您不是root用户时,某些东西可能会丢失

  2. 您的docker容器是否在您期望的同一主机上运行?检查 docker ps

  3. docker ps 是否列出端口转发?与上述类似,您应该可以看到类似这样的 0.0.0.0:3030->80/tcp

  1. Are you running netstat with elevated privileges? Somethings might miss out when you are non-root
  2. Is your docker container running on the same host as you expect? Check with docker ps
  3. Does docker ps list the port forwarding? Like from the above, you should be able to see something like this 0.0.0.0:3030->80/tcp

还要注意,docker-proxy是在主机上运行的那个。
上面的所有命令均假定您在Linux上运行。
这已经在ubuntu 15.10上进行了测试

Also note that, the docker-proxy is the one running on the host.All commands above assumes that you run on linux.This was tested with ubuntu 15.10

如果您仍然感觉不到转发,请回发您的操作系统,docker版本等。

If you still feel you are missing the forwarding, then please post back your Operating System, docker version etc.

谢谢

这篇关于Docker和netstat:netstat没有显示由Docker容器公开的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-26 02:32