What should I do if the web port built by docker is blocked?

Docker is a very popular open source containerization engine. It is widely used in development and production environments because it can be quickly built, easy to manage, and ensures the portability of applications. However, when using Docker to build a web application, it is not uncommon for ports to be unable to communicate. Today we will analyze the reasons and solutions for the blocked web port built by Docker.

1. Cause analysis

1. Firewall reasons

The iptables firewall service is enabled by default in the Linux system. If you have not configured it, the firewall may block it. Your docker container communicates with the external network. Therefore, you can turn off the firewall or add rules so that Docker can communicate with the external network smoothly. The following is a reference command:

Close the firewall: $ sudo service iptables stop

Open the port: $ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

2. The reason for port mapping

After Docker starts the container, it maps the port in the container to a port on the host through port mapping to achieve communication between the container and the external network. By default, the container's network is independent and only communicates internally. Therefore, if you do not map the ports inside the container, it may cause the port to be unable to communicate. The following is the default way to map ports:

$ docker run -p 80:80 image-name

3. Container network issues

There are three types in Docker Network drivers are bridge, host and none. When using Docker containers, the bridge network driver is used by default, forming a virtual network based on the NAT network. If your container cannot access the external network, you may need to check whether your network driver is selected correctly. You can use the following command to check the network driver:

$ docker network ls

4. Container IP address problem

After Docker starts the container, it will be based on the network driver. It assigns a unique IP address. If your container IP address cannot access the external network, you need to check whether the network card connected to it is configured correctly. In the following example, we can see that the IP address of the container is 172.17.0.2:

$ docker inspect container-name | grep IPAddress

2. Solution

1. Confirm whether the port mapping is correct

You can use the following method to check the port mapping relationship:

$ docker port container-name

The output content should be:

80/tcp -> 0.0.0.0:80

The above command can view the port mapping inside the container to the port on the host.

2. Confirm whether the network driver is selected correctly

You can use the following method to check the network type used by the container:

$ docker inspect container-name | grep NetworkMode

If the output is bridge, it means that the network driver has been selected correctly. If the output is host or none, you can change it as follows:

Change the network type to bridge:

$ docker run --network bridge image-name

3. Confirm whether the firewall is turned off or the rules are set correctly

When running the Docker command, you can add a --privileged parameter so that the Docker container has relatively high permissions:

$ docker run --privileged image-name

4. Confirm whether the container IP address is correct

You can use the following command to view the container IP address:

$ docker inspect container -name | grep IPAddress

If your container IP address changes, you can use the following command to reassign a unique IP address:

$ docker run --ip 172.17.0.10 image-name

In short, when the web application port started by your Docker cannot communicate, you should first investigate what is causing this situation, and then solve the problem in the corresponding way. Hope this article can help everyone.

The above is the detailed content of What should I do if the web port built by docker is blocked?. For more information, please follow other related articles on the PHP Chinese website!