问题描述
我用类似
docker run -p 80:80 ...
然后我尝试使用 netstat 例如:
netstat -at
奇怪的是,netstat不会显示带有暴露端口的docker容器,尽管它们正在侦听并回复浏览器。
Strange thing is that netstat won't display my docker containers with exposed ports, although they are listening and reply to the browser.
如何使 netstat 显示那些暴露的端口?
How do I make netstat display those exposed ports?
更新:
我正在Debian 8 Jessie上运行它。这是我的工作:
UPDATE:I'm running this on Debian 8 Jessie. Here's what I do:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dfa08bab50d workflows-nginx "/bin/sh -c '/usr/sbi" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp workflows-nginx
d0b0c3f90f13 workflows-django "/bin/sh -c 'python /" 7 hours ago Up 3 hours 0.0.0.0:8000->8000/tcp workflows-django
99a857c92533 workflows-db "/docker-entrypoint.s" 7 hours ago Up 3 hours 5432/tcp workflows-db
这里docker报告说容器端口被转发给主机。而且,如果我停止 workflows-nginx 容器,它将停止通过http(端口80)对浏览器的应答。如果我再次启动它,它将再次开始响应。
Here docker reports that container ports are forwarded to the host. Moreover, if I stop workflows-nginx container, it stops answering to the browser by http (port 80). If I start it again, it starts responding again.
这里是 sudo netstat -at |的输出。更少:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:15672 *:* LISTEN
tcp 0 0 *:postgresql *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:25672 *:* LISTEN
tcp 0 0 *:48142 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:epmd *:* LISTEN
tcp 0 0 bob-acer:34866 104.16.33.249:http ESTABLISHED
tcp 0 0 bob-acer:42380 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42543 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42525 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44076 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42944 stackoverflow.com:https ESTABLISHED
tcp 0 0 localhost:epmd localhost:50831 ESTABLISHED
tcp 0 0 bob-acer:42655 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42384 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44626 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42390 stackoverflow.com:https ESTABLISHED
tcp 0 0 localhost:50831 localhost:epmd ESTABLISHED
tcp 0 0 bob-acer:48301 c2.52.c0ad.ip4.st:https ESTABLISHED
tcp 0 0 bob-acer:42151 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42205 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42539 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44737 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:39648 77.94.164.251:https ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
tcp6 0 0 [::]:postgresql [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:44794 [::]:* LISTEN
tcp6 0 0 [::]:8000 [::]:* LISTEN
tcp6 0 0 [::]:amqp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 1 0 localhost:58497 localhost:ipp CLOSE_WAIT
如您所见,端口80和端口443均未报告。由于某些原因, workflows-django 的端口8000在IPv6接口上打开。而且,我忘记在主机上禁用postgres了,但它们仍然没有与postgres容器 workflows-db 冲突。
As you can see, neither port 80, nor port 443 are reported. Port 8000 of workflows-django for some reason is opened on IPv6 interface. Moreover, I forgot to disable postgres on host machine and still they don't clash with postgres container workflows-db.
一切都在我的本地笔记本上运行,所以我想与主机不会有任何混淆。
Everything is running on my local notebook, so I guess there can't be any confusion with the host.
我的docker版本是:
My docker version is:
docker --version
Docker version 1.10.3, build 20f81dd
ANSWER:与docker EXPOSE参数有关。如果在dockerfile中写入此行并使用-p运行容器,则端口将在netstat中可见。如果您使用-p而不写EXPOSE,则netstat不会列出您的端口。
ANSWER: This is related to docker EXPOSE parameter. If you write this line in your dockerfile and run the container with -p, the port will be visible in netstat. If you use -p but don't write EXPOSE, your port won't be listed by netstat.
推荐答案
netstat应该显示暴露的端口。这是一个示例
netstat should display the exposed ports. Here is an example
anovil@anovil-Latitude-E6440:docker$ sudo netstat -at|grep 3030
anovil@anovil-Latitude-E6440:docker$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
anovil@anovil-Latitude-E6440:docker$ docker run -d -p 3030:80 httpd:2.4
4310ac5fbdbc7314ab4d23e34099a710a3a8790dcf2c6d0a84202c1de5c9fd30
anovil@anovil-Latitude-E6440:docker$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4310ac5fbdbc httpd:2.4 "httpd-foreground" 3 minutes ago Up 3 minutes 0.0.0.0:3030->80/tcp hungry_fermat
anovil@anovil-Latitude-E6440:docker$ sudo netstat -at|grep 3030
tcp6 0 0 [::]:3030 [::]:* LISTEN
anovil@anovil-Latitude-E6440:docker$ sudo netstat -tulpn|grep 3030
tcp6 0 0 :::3030 :::* LISTEN 10294/docker-proxy
anovil@anovil-Latitude-E6440:docker$
您需要验证自己的一些基本条件:
Some basic things you need to verify yourself:
- 您是否正在以提升的特权运行netstat?当您不是root用户时,某些东西可能会丢失
- 您的docker容器是否在您期望的同一主机上运行?检查
docker ps -
docker ps是否列出端口转发?与上述类似,您应该可以看到类似这样的0.0.0.0:3030->80/tcp
- Are you running netstat with elevated privileges? Somethings might miss out when you are non-root
- Is your docker container running on the same host as you expect? Check with
docker ps - Does
docker pslist the port forwarding? Like from the above, you should be able to see something like this0.0.0.0:3030->80/tcp
还要注意,docker-proxy是在主机上运行的那个。
上面的所有命令均假定您在Linux上运行。
这已经在ubuntu 15.10上进行了测试
Also note that, the docker-proxy is the one running on the host.All commands above assumes that you run on linux.This was tested with ubuntu 15.10
如果您仍然感觉不到转发,请回发您的操作系统,docker版本等。
If you still feel you are missing the forwarding, then please post back your Operating System, docker version etc.
谢谢
这篇关于Docker和netstat:netstat没有显示由Docker容器公开的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!