Docker dynamically exposes port operations to container Container
- 2021-09-20 21:55:53
- OfStack
View the IP address of Container
docker inspect < container name or id > | grep IPAddress
View the mapped port of Container
docker port <container name or id>
eg.
docker port d8dac7399647
docker port hfq-jedi-zxf-eden
Viewing container mapping with iptables
iptables -t nat -nvL
iptables -t nat -nvL --line-number
For example, the mapping of new ports
# # Maps host 31101 to container 6379 port
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 31101 -j DNAT --to-destination 192.168.42.2:6379
Save iptables rules
iptables-save
Description
192.168. 42.2 is based on docker inspect < container name or id > Results of grep IPAddress
After port mapping is completed, the result cannot be queried through docker port d8dac7399647
It can be passed through
iptables -t nat -nvL | grep 192.168.42.2
Query mapping relationship
Additional knowledge: Mechanisms in docker container communication and port exposure issues
Since 1, the communication between containers with docker has been using link, which limits the sequence before and after the start of each container, and always feels very inflexible. Therefore, this time, I explored the access between containers directly through the LAN allocated by docker's own network card.
Port exposure of docker refers to forwarding the port service of the container itself to the exposed port through the forwarding of docker0, such as executing:
docker run -dit -p 8080:12345 --name=container_name image_name
Use port 12345 when accessing the LAN using 172.17. 0. x assigned by docker0 network card. When accessing using 192.168. 1. x or other native public network ip, you will use 8080 to access it
Time is limited, so I don't analyze it carefully for the time being. I have time to put a picture for analysis