角落落的光
问题描述
我有一个应用程序,其唯一依赖项是烧瓶,它在 docker 外部运行良好并绑定到默认端口 5000.这是完整的来源:
i have an app whose only dependency is flask, which runs fine outside docker and binds to the default port 5000. here is the full source:
from flask import flask
app = flask(__name__)
app.debug = true
@app.route('/')
def main():
return 'hi'
if __name__ == '__main__':
app.run()
问题是当我在 docker 中部署它时,服务器正在运行但无法从容器外部访问.
the problem is that when i deploy this in docker, the server is running but is unreachable from outside the container.
下面是我的 dockerfile.该图像是安装了烧瓶的 ubuntu.tar 只包含上面列出的 index.py;
below is my dockerfile. the image is ubuntu with flask installed. the tar just contains the index.py listed above;
# dockerfile from dreen/flask maintainer dreen workdir /srv # get source run mkdir -p /srv copy perfektimprezy.tar.gz /srv/perfektimprezy.tar.gz run tar x -f perfektimprezy.tar.gz run rm perfektimprezy.tar.gz # run server expose 5000 cmd ["python", "index.py"]
这是我正在执行的部署步骤
here are the steps i am doing to deploy
<代码>$>sudo docker build -t perfektimprezy .
据我所知,上面运行良好,图像在 /srv 中有 tar 的内容.现在,让我们在容器中启动服务器:
as far as i know the above runs fine, the image has the contents of the tar in /srv. now, let's start the server in a container:
$> sudo docker run -i -p 5000:5000 -d perfektimprezy 1c50b67d45b1a4feade72276394811c8399b1b95692e0914ee72b103ff54c769
它真的在运行吗?
$> sudo docker ps container id image command created status ports names 1c50b67d45b1 perfektimprezy:latest "python index.py" 5 seconds ago up 5 seconds 0.0.0.0:5000->5000/tcp loving_wozniak $> sudo docker logs 1c50b67d45b1 * running on http://127.0.0.1:5000/ (press ctrl c to quit) * restarting with stat
是的,似乎烧瓶服务器正在运行.这就是奇怪的地方.让我们向服务器发出请求:
yep, seems like the flask server is running. here is where it gets weird. lets make a request to the server:
$> curl 127.0.0.1:5000 -v * rebuilt url to: 127.0.0.1:5000/ * hostname was not found in dns cache * trying 127.0.0.1... * connected to 127.0.0.1 (127.0.0.1) port 5000 (#0) > get / http/1.1 > user-agent: curl/7.35.0 > host: 127.0.0.1:5000 > accept: */* > * empty reply from server * connection #0 to host 127.0.0.1 left intact curl: (52) empty reply from server
空回复...但是进程正在运行吗?
empty reply... but is the process running?
$> sudo docker top 1c50b67d45b1 uid pid ppid c stime tty time cmd root 2084 812 0 10:26 ? 00:00:00 python index.py root 2117 2084 0 10:26 ? 00:00:00 /usr/bin/python index.py
现在让我们通过 ssh 进入服务器并检查...
now let's ssh into the server and check...
$> sudo docker exec -it 1c50b67d45b1 bash root@1c50b67d45b1:/srv# netstat -an active internet connections (servers and established) proto recv-q send-q local address foreign address state tcp 0 0 127.0.0.1:5000 0.0.0.0:* listen tcp 0 0 127.0.0.1:47677 127.0.0.1:5000 time_wait active unix domain sockets (servers and established) proto refcnt flags type state i-node path root@1c50b67d45b1:/srv# curl -i 127.0.0.1:5000 http/1.0 200 ok content-type: text/html; charset=utf-8 content-length: 5447 server: werkzeug/0.10.4 python/2.7.6 date: tue, 19 may 2015 12:18:14 gmt
没关系...但不是从外面.
我做错了什么?
it's fine... but not from the outside.
what am i doing wrong?
推荐答案
问题是你只是绑定到 localhost 接口,如果你想让容器绑定到 0.0.0.0可从外部访问.如果你改变:
the problem is you are only binding to the localhost interface, you should be binding to 0.0.0.0 if you want the container to be accessible from outside. if you change:
if __name__ == '__main__':
app.run()
到
if __name__ == '__main__':
app.run(host='0.0.0.0')
它应该可以工作.
请注意,这将绑定到主机上的所有接口,这在某些情况下可能存在安全风险 - 请参阅 https://stackoverflow.com/a/58138250/4332 了解有关绑定到特定接口的更多信息.
note that this will bind to all interfaces on the host, which may in some circumstances be a security risk - see https://stackoverflow.com/a/58138250/4332 for more information on binding to a specific interface.
