Shulou(Shulou.com)06/02 Report--

Recently, a system has been deployed to use nginx as a reverse proxy, in which nginx runs in docker mode:

$docker run-d-- name nginx $PWD:/etc/nginx-p 80:80-p 443 nginx:1.15

The API service that needs to be proxied runs on port 1234 of the host. The configuration related to nginx.conf is as follows:

Server {... Location / api {proxy_pass http://localhost:1234}...}

As a result, it is found that 502 Bad Gateway errors are always reported during the visit, and the error log shows that the upstream cannot be connected.

When you think about it, there seems to be something wrong with localhost in nginx.conf. Because the nginx runs in the docker container, this localhost is the localhost of the container, not the localhost of the host.

At this point, there is the question to be solved in this article: how to access the host network from the container? By searching the web, there are several ways:

Use host IP

When installing Docker, a virtual gateway docker0 is installed on the host, and we can use the host's IP address on docker0 instead of localhost.

First, query the host IP address using the following command:

$ip addr show docker03: docker0: mtu 1500 qdisc noqueue state UP group default link/ether 02:42:d5:4c:f2:1e brd ff:ff:ff:ff:ff:ff inet 172.17.0.1 Universe 16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:d5ff:fe4c:f21e/64 scope link valid_lft forever preferred_lft forever

You can find that the IP of the host is 172.17.0.1, so changing the proxy_pass http://localhost:1234 to proxy_pass http://172.17.0.1:1234 can solve the 502 Bad Gateway error.

However, the IP of the host is different in different systems, for example, 172.17.0.1 in Linux and 192.168.65.1 in macOS, and this IP can be changed. Therefore, using IP to configure nginx.conf cannot be common across environments.

Use the host network

When the Docker container is running, there are three kinds of networks: host, bridge and none. The default is bridge, that is, bridging network, which connects to the host in bridging mode; host is the host network, that is, the network is shared with the host; none means that the container cannot be connected without a network.

When the container uses the host network, the container shares the network with the host, so that the host network can be accessed in the container, so the localhost of the container is the localhost of the host.

Use-- network host in docker to configure the host network for the container:

$docker run-d-name nginx-network host nginx

In the above command, it is not necessary to use-p 80:80-p 443bure443 to map the port as before, because it shares the network with the host, and the exposed port in the container is equivalent to the host exposed port.

Using host network does not need to modify nginx.conf, you can still use localhost, so the versatility is better than the previous method. However, because the isolation of host network is not as good as that of bridge network, the security of using host network is not as high as bridge.

Summary

This paper proposes two methods of using host IP and host network to access the host network from the container. The two methods have their own advantages and disadvantages, the use of host IP isolation is better, but the versatility is not good; using host network, good versatility, but brings the risk of exposing the host network.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.