我将我的容器的Docker端口暴露给主机,类似这样的方式:
docker run -p 80:80 ...
然后我尝试使用netstat
来显示所有监听端口,以便进行调试,例如:
然后我尝试使用netstat
来显示所有监听端口,以便进行调试,例如:
netstat -at
奇怪的是,netstat不会显示我的Docker容器的暴露端口,尽管它们正在侦听并响应浏览器。
我该如何使netstat
显示这些暴露的端口?
更新: 我在Debian 8 Jessie上运行。这是我做的:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dfa08bab50d workflows-nginx "/bin/sh -c '/usr/sbi" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp workflows-nginx
d0b0c3f90f13 workflows-django "/bin/sh -c 'python /" 7 hours ago Up 3 hours 0.0.0.0:8000->8000/tcp workflows-django
99a857c92533 workflows-db "/docker-entrypoint.s" 7 hours ago Up 3 hours 5432/tcp workflows-db
这里Docker报告容器端口被转发到主机。此外,如果我停止workflows-nginx
容器,它将不再通过http(端口80)回答浏览器。如果我重新启动它,则会再次响应。
以下是sudo netstat -at | less
的输出:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:15672 *:* LISTEN
tcp 0 0 *:postgresql *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:25672 *:* LISTEN
tcp 0 0 *:48142 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:epmd *:* LISTEN
tcp 0 0 bob-acer:34866 104.16.33.249:http ESTABLISHED
tcp 0 0 bob-acer:42380 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42543 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42525 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44076 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42944 stackoverflow.com:https ESTABLISHED
tcp 0 0 localhost:epmd localhost:50831 ESTABLISHED
tcp 0 0 bob-acer:42655 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42384 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44626 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42390 stackoverflow.com:https ESTABLISHED
tcp 0 0 localhost:50831 localhost:epmd ESTABLISHED
tcp 0 0 bob-acer:48301 c2.52.c0ad.ip4.st:https ESTABLISHED
tcp 0 0 bob-acer:42151 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42205 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:42539 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:44737 stackoverflow.com:https ESTABLISHED
tcp 0 0 bob-acer:39648 77.94.164.251:https ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
tcp6 0 0 [::]:postgresql [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:44794 [::]:* LISTEN
tcp6 0 0 [::]:8000 [::]:* LISTEN
tcp6 0 0 [::]:amqp [::]:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 1 0 localhost:58497 localhost:ipp CLOSE_WAIT
你可以看到,报告中没有80端口或443端口。某种原因导致 workflows-django
的8000端口在IPv6接口上开放。此外,我忘了在主机上禁用postgres,但它们仍然不与postgres容器 workflows-db
冲突。
所有东西都在我的本地笔记本电脑上运行,所以我想主机不会有任何混淆。
我的docker版本是:
docker --version
Docker version 1.10.3, build 20f81dd
回答:这与Docker的EXPOSE参数有关。如果你在Dockerfile中编写了这行代码,并使用-p运行容器,则端口将在netstat中可见。如果你使用-p但没有编写EXPOSE,则你的端口不会在netstat中列出。