我有一个启动多个服务的 docker compose 文件。我在构建服务器上运行它。
version: '3'
services:
screeps:
image: screepers/screeps-launcher
volumes:
- ./config.yml:/screeps/config.yml
- screeps-data:/screeps
ports:
- 21025:21025/tcp
environment:
MONGO_HOST: mongo
REDIS_HOST: redis
restart: unless-stopped
mongo:
image: mongo
volumes:
- mongo-data:/data/db
restart: unless-stopped
mongo-express:
image: mongo-express
restart: unless-stopped
ports:
- 8081:8081
redis:
image: redis
volumes:
- redis-data:/data
restart: unless-stopped
graphite:
image: graphiteapp/graphite-statsd
volumes:
- graphite_data:/opt/graphite/storage/whisper
restart: unless-stopped
grafana:
image: grafana/grafana
volumes:
- grafana_data:/var/lib/grafana
- ./examples/stats/grafana.ini:/etc/grafana/grafana.ini
- ./examples/stats/grafana.prov.yaml:/etc/grafana/provisioning/datasources/default.yaml
ports:
- "3000:3000"
restart: unless-stopped
stats-agent:
image: ags131/hosted-agent
environment:
GRAPHITE_HOST: 'graphite'
volumes:
- stats-agent:/app
restart: unless-stopped
setup-stats-agent:
build: examples/stats/.
volumes:
- ./examples/stats/setup.json:/setup.json
restart: "no"
volumes:
redis-data:
mongo-data:
screeps-data:
graphite_data:
grafana_data:
stats-agent:
运行
docker-compose up -d
将启动服务。 Mongo Express(端口 8081)和 graphana(端口 3000)可用,但端口 21025 上的服务无法访问。服务器表示端口已打开并正在侦听,
sudo netstat -tulnp | grep 21025
tcp 0 0 0.0.0.0:21025 0.0.0.0:* LISTEN 9846/docker-proxy
tcp6 0 0 :::21025 :::* LISTEN 9852/docker-proxy
从另一台机器我得到:
sudo nmap -p 21025 192.168.10.20 --reason --traceroute --script=firewalk
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-04 07:08 GMT
Nmap scan report for 192.168.10.20
Host is up, received arp-response (0.00013s latency).
PORT STATE SERVICE REASON
21025/tcp closed unknown reset ttl 63
MAC Address: 00:1A:A0:3D:D7:CA (Dell)
TRACEROUTE
HOP RTT ADDRESS
1 0.13 ms 192.168.10.20
如果我在我的主 PC 上使用相同的 compose 文件并从构建服务器 nmap 端口,则端口是打开的(所以这对我来说这不是我的网络)。
我还可以通过 21025 端口远程登录到构建服务器。
如何才能使用此端口,因为我已经从基础 Mint 映像重建了服务器,因此它不是我所做的自定义。
编辑: iptables -L -v -n --line-numbers 的输出
Chain INPUT (policy ACCEPT 1239 packets, 81262 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 19924 7860K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
2 19924 7860K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
3 15184 7570K ACCEPT all -- * br-cbad15949f05 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 4494 270K DOCKER all -- * br-cbad15949f05 0.0.0.0/0 0.0.0.0/0
5 246 20349 ACCEPT all -- br-cbad15949f05 !br-cbad15949f05 0.0.0.0/0 0.0.0.0/0
6 4488 269K ACCEPT all -- br-cbad15949f05 br-cbad15949f05 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
9 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1195 packets, 78196 bytes)
num pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
num pkts bytes target prot opt in out source destination
1 5 236 ACCEPT tcp -- !br-cbad15949f05 br-cbad15949f05 0.0.0.0/0 172.18.0.4 tcp dpt:21025
2 1 44 ACCEPT tcp -- !br-cbad15949f05 br-cbad15949f05 0.0.0.0/0 172.18.0.6 tcp dpt:3000
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num pkts bytes target prot opt in out source destination
1 246 20349 DOCKER-ISOLATION-STAGE-2 all -- br-cbad15949f05 !br-cbad15949f05 0.0.0.0/0 0.0.0.0/0
2 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
3 19924 7860K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * br-cbad15949f05 0.0.0.0/0 0.0.0.0/0
2 0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
3 246 20349 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
num pkts bytes target prot opt in out source destination
1 19924 7860K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
所以我不确定到底是什么导致了问题,但是在服务器和本地服务器上经过
sudo apt update
和 sudo apt upgrade
之后,连接现在可以正常工作了。
对于任何未来面临类似问题的人,请在失眠之前先检查一下。