Home >Operation and Maintenance >Docker >What should I do if the web port built by docker is blocked?
Docker is a very popular open source containerization engine. It is widely used in development and production environments because it can be quickly built, easy to manage, and ensures the portability of applications. However, when using Docker to build a web application, it is not uncommon for ports to be unable to communicate. Today we will analyze the reasons and solutions for the blocked web port built by Docker.
1. Cause analysis
The iptables firewall service is enabled by default in the Linux system. If you have not configured it, the firewall may block it. Your docker container communicates with the external network. Therefore, you can turn off the firewall or add rules so that Docker can communicate with the external network smoothly. The following is a reference command:
Close the firewall: $ sudo service iptables stop
Open the port: $ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
After Docker starts the container, it maps the port in the container to a port on the host through port mapping to achieve communication between the container and the external network. By default, the container's network is independent and only communicates internally. Therefore, if you do not map the ports inside the container, it may cause the port to be unable to communicate. The following is the default way to map ports:
$ docker run -p 80:80 image-name
There are three types in Docker Network drivers are bridge, host and none. When using Docker containers, the bridge network driver is used by default, forming a virtual network based on the NAT network. If your container cannot access the external network, you may need to check whether your network driver is selected correctly. You can use the following command to check the network driver:
$ docker network ls
After Docker starts the container, it will be based on the network driver. It assigns a unique IP address. If your container IP address cannot access the external network, you need to check whether the network card connected to it is configured correctly. In the following example, we can see that the IP address of the container is 172.17.0.2:
$ docker inspect container-name | grep IPAddress
2. Solution
You can use the following method to check the port mapping relationship:
$ docker port container-name
The output content should be:
80/tcp -> 0.0.0.0:80
The above command can view the port mapping inside the container to the port on the host.
You can use the following method to check the network type used by the container:
$ docker inspect container-name | grep NetworkMode
If the output is bridge, it means that the network driver has been selected correctly. If the output is host or none, you can change it as follows:
Change the network type to bridge:
$ docker run --network bridge image-name
When running the Docker command, you can add a --privileged parameter so that the Docker container has relatively high permissions:
$ docker run --privileged image-name
You can use the following command to view the container IP address:
$ docker inspect container -name | grep IPAddress
If your container IP address changes, you can use the following command to reassign a unique IP address:
$ docker run --ip 172.17.0.10 image-name
In short, when the web application port started by your Docker cannot communicate, you should first investigate what is causing this situation, and then solve the problem in the corresponding way. Hope this article can help everyone.
The above is the detailed content of What should I do if the web port built by docker is blocked?. For more information, please follow other related articles on the PHP Chinese website!