Docker Container Port Mapping 01/22 Update SLTechnology News&Howtos

Docker Container Port Mapping

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Docker

Docker is an open source application container engine that allows developers to package their applications and dependencies into a portable container, then publish them to any popular Linux or Windows machine, or virtualize them. Containers are completely sandboxed and do not have any interface to each other.

Docker Port Mappin

Port mapping is a kind of NAT address translation, which can translate the address in the public network into private address. The ADSL broadband router with routing has a dynamic or fixed public network IP. It is divided into two types: dynamic and static.

The port mapping function allows a machine in the internal network to provide WWW services externally, instead of transferring the true P address directly to the internal host providing www services. If so, there are two drawbacks, one is that the internal machine is not secure, because all the functions of the machine can be accessed by the external network except WWW, and the other is that when there are multiple machines that need to provide this service, there must be as many P addresses for translation, which cannot achieve the purpose of saving P addresses. The port mapping function is to map the false P address of a host to a true P address. When a user accesses a port that provides a mapped port host, the server transfers the request to the host that provides this specific service. Using the port mapping function, multiple ports of a true P address machine can also be mapped to different ports on different internal machines. The port mapping function can also perform some specific proxy functions, such as proxy POP, SMP, TELNET and so on. In theory, it can provide mapping for more than 60,000 ports, and I'm afraid we'll never run out of it.

1.docker run-d-p 80:80 nginx:latest

Docker Port Mappin

1.docker run-d-p 80:80 nginx:latest

2.iptables View rules

[root@docker03] # iptables-t nat-L-nChain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all-0.0.0.0Univer 0.0.0.0amp0 ADDRTYPE match dst-type LOCALChain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source Destination DOCKER all-0.0.0.0 ADDRTYPE match dst-type LOCALChain POSTROUTING 0! 127.0.0.0 ADDRTYPE match dst-type LOCALChain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all-- 172.17.0.0 MASQUERADE tcp-- 172.17.0.0 MASQUERADE tcp-- 172.17.0. 172.17.0.2 tcp dpt:80 Chain DOCKER (2 references) target prot opt source destination RETURN all-0.0.0.0It 0 0.0.0.0Uniplex 0 DNAT tcp-0.0.0.0Universe 0.0.0.0.0Universe tcp dpt:80 to:172.17.0.2:80

3. View kernel address forwarding parameters

[root@docker03 ~] # sysctl-a | grep ipv4 | grep ip_forwardnet.ipv4.ip_forward = 1 (default is 1 When the container starts up and becomes 1) net.ipv4.ip_forward_use_pmtu = 0sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.eth2.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable _ secret "sysctl: reading key" net.ipv6.conf.veth93eb530.stable_secret "

4. Bind the same port based on IP address

[root@docker03] # docker run-d-p 10.0.0.13 nginx:latest e7aa9f43ee1291c1dc57f3fdbd6b144896df862571002bd64ca061fd4e646d9c 80 nginx:latest e7aa9f43ee1291c1dc57f3fdbd6b144896df862571002bd64ca061fd4e646d9c [root@docker03] # docker run-d-p 10.0.0.110 nginx:latest e7aa9f43ee1291c1dc57f3fdbd6b144896df862571002bd64ca061fd4e646d9c 80 nginx:latest 22e0d4ce1a264b0538651659f538361f4c54926bdea64ef9d937b47a86d812e1 [root@docker03] # netstat-lntupActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 00 10.0.0.110 0.0.0.0 * LISTEN 20210/docker-proxy tcp 0 0 10.0.0.13 80 0.0.0.0 * LISTEN 20114/docker-proxy

5. Host random port is mapped to container port

[root@docker03 ~] # docker run-d-p 10.0.0.13 nginx:latest 3f3a37db1b6b0c4dddbc18f358ef8282f54e93fc06aeb96d80c76b9a806e1bf1 nginx:latest 3f3a37db1b6b0c4dddbc18f358ef8282f54e93fc06aeb96d80c76b9a806e1bf1 [root@docker03] # netstat-lntupActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0:: 32768:: * LISTEN 22649/docker-proxy

6. Based on UDP port mapping

[root@docker03 ~] # docker run-d-p:: 80/udp nginx:latest 0b4d888d4afb9b81a71a205375b23c9e68d514070d391e44370da5381b2c000b [root@docker03 ~] # netstat-lntupActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 00:: 32768: * LISTEN 22649/docker-proxy udp6 00: 32768 :: * 22926/docker-proxy

7. Multi-port mapping

Docker run-d-p 80:80-p 3306 purl 3306 nginx:latest

8. Port range mapping (consistent number of ports)

[root@docker03] # docker run-d-p 1111-1119 nginx:latest 06d03e55631c4e550898bae551b95b28074758093c1272746a1f2ccb781d2a3a 1110-1118