是否可以让主机打开Docker容器访问端口?具体来说,我让MongoDB和RabbitMQ在主机上运行,我想在Docker容器中运行一个进程来监听队列并(可选地)写入数据库.
我知道我可以将一个端口从容器转发到主机(通过-p选项),并从Docker容器内连接到外部世界(即互联网),但我不想将RabbitMQ和MongoDB端口从主机expose 到外部世界.
编辑:一些澄清:
Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-22 22:39 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00027s latency).
PORT STATE SERVICE
6311/tcp open unknown
joelkuiper@vps20528 ~ % docker run -i -t base /bin/bash
root@f043b4b235a7:/# apt-get install nmap
root@f043b4b235a7:/# nmap 172.16.42.1 -p 6311 # IP found via docker inspect -> gateway
Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-22 20:43 UTC
Nmap scan report for 172.16.42.1
Host is up (0.000060s latency).
PORT STATE SERVICE
6311/tcp filtered unknown
MAC Address: E2:69:9C:11:42:65 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 13.31 seconds
我必须用这个小把戏才能用这个容器连接到互联网:My firewall is blocking network connections from the docker container to outside
EDIT:最终,我使用pipework创建了一个自定义网桥,并让服务在网桥IP上侦听.我采用了这种方法,而不是让MongoDB和RabbitMQ在docker网桥上侦听,因为它提供了更大的灵活性.