http超时与码头桥接网络,但端口80是开放的防火墙。
http超时与码头桥接网络,但端口80是开放的防火墙。
提问于 2022-03-11 01:42:01
我正试图在我的服务器上安装经过编辑的邮件,但是我在Docker网络上遇到了麻烦。我尝试了几种方法,但是我在容器中得到了很多连接超时。
为了解决这个问题,我决定把Mailcow抛在脑后,只安装Docker来尝试识别这些连接超时的来源。
因此,我从我的VPS供应商安装了一个新的Ubuntu20.04映像,并安装了如下所示的ufw防火墙:
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw limit ssh
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow smtp
sudo ufw allow submission
sudo ufw allow submissions
sudo ufw allow pop3
sudo ufw allow pop3s
sudo ufw allow imap2
sudo ufw allow imaps
sudo ufw allow 4190/tcp
sudo ufw allow 8080/tcp
sudo systemctl enable ufw
sudo ufw enable我用来自https://get.docker.com的脚本C2安装了Docker
然后,我在/etc/docker/daemon.json文件中启用了IPV6:
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}重新启动服务器并创建一个docker-come.yaml:
version: '2.1'
services:
S2:
image: nginx:latest
ports:
- 80:80
restart: always
networks:
n1:
ipv4_address: 172.22.1.254
aliases:
- s2
S3:
image: nginx:latest
ports:
- 8080:80
restart: always
networks:
n1:
ipv4_address: 172.22.1.248
aliases:
- s3
networks:
n1:
driver: bridge
driver_opts:
com.docker.network.bridge.name: n1
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.22.1.0/24
- subnet: fd4d:6169:6c63:6f77::/64这个网络配置是我从邮箱git中的docker-compose.yaml获得的,并对其进行了修改,以适应我的测试。
我用docker-compose up -d运行容器。
当我在主机服务器中执行curl localhost 80时,it从Nginx返回默认的index.html内容,但是.连接暂停几分钟,然后shell在末尾显示以下消息:
curl: (28) Failed to connect to 80 port 80: Connection timed out
当我在本地计算机上运行curl 80时,它也会从默认的Nginx返回index.html内容,但最后是消息:
curl: (7) Failed to connect to 0.0.0.80 port 80 after 0 ms: Network unreachable
知道我为什么会犯这些错误吗?
PS:我的ufw状态:
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
25/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
465/tcp ALLOW IN Anywhere
110/tcp ALLOW IN Anywhere
995/tcp ALLOW IN Anywhere
143/tcp ALLOW IN Anywhere
993/tcp ALLOW IN Anywhere
4190/tcp ALLOW IN Anywhere
8080/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
25/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
465/tcp (v6) ALLOW IN Anywhere (v6)
110/tcp (v6) ALLOW IN Anywhere (v6)
995/tcp (v6) ALLOW IN Anywhere (v6)
143/tcp (v6) ALLOW IN Anywhere (v6)
993/tcp (v6) ALLOW IN Anywhere (v6)
4190/tcp (v6) ALLOW IN Anywhere (v6)
8080/tcp (v6) ALLOW IN Anywhere (v6)和综合评价结果:
# lsof -i -P -n | grep LISTEN
sshd 967 root 3u IPv4 35459 0t0 TCP *:22 (LISTEN)
sshd 967 root 4u IPv6 35461 0t0 TCP *:22 (LISTEN)
docker-pr 1290 root 4u IPv4 39102 0t0 TCP *:80 (LISTEN)
docker-pr 1308 root 4u IPv6 38124 0t0 TCP *:80 (LISTEN)
docker-pr 1322 root 4u IPv4 38165 0t0 TCP *:8080 (LISTEN)
docker-pr 1328 root 4u IPv6 38172 0t0 TCP *:8080 (LISTEN)在主机中运行curl localhost 80时对Termshark的监视:
No. - Time - Source - Destination - Protocol - Length - Info -
1 0.000000 fd4d:6169:6c63 fd4d:6169:6c63 TCP 94 39946 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=
2 0.000047 fd4d:6169:6c63 fd4d:6169:6c63 TCP 94 80 → 39946 [SYN, ACK] Seq=0 Ack=1 Win=64260
3 0.000088 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=
4 0.000516 fd4d:6169:6c63 fd4d:6169:6c63 HTTP 159 GET / HTTP/1.1
5 0.000544 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 80 → 39946 [ACK] Seq=1 Ack=74 Win=64256 Len
6 0.000765 fd4d:6169:6c63 fd4d:6169:6c63 TCP 324 HTTP/1.1 200 OK [TCP segment of a reassemb
7 0.000791 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=239 Win=64768 L
8 0.000821 fd4d:6169:6c63 fd4d:6169:6c63 HTTP 701 HTTP/1.1 200 OK (text/html)
9 0.000829 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=854 Win=64256 L
10 65.01291 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 80 → 39946 [FIN, ACK] Seq=854 Ack=74 Win=64
11 65.05677 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [ACK] Seq=74 Ack=855 Win=64256 L
12 130.8576 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 39946 → 80 [FIN, ACK] Seq=74 Ack=855 Win=64
13 130.8577 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
14 131.0647 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
15 131.0648 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
16 131.2727 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
17 131.2728 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
18 131.6888 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
19 131.6888 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
20 132.5208 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
21 132.5209 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
22 134.1847 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
23 134.1850 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0
24 137.5129 fd4d:6169:6c63 fd4d:6169:6c63 TCP 86 [TCP Retransmission] 39946 → 80 [FIN, ACK]
25 137.5131 fd4d:6169:6c63 fd4d:6169:6c63 TCP 74 80 → 39946 [RST] Seq=855 Win=0 Len=0 在我的计算机中运行curl 80时,Termshark的结果
No. - Time - Source - Destination - Protocol - Length - Info -
1 0.000000 170.78.36.7 172.22.1.254 TCP 66 62787 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=
2 0.000063 172.22.1.254 170.78.36.7 TCP 66 80 → 62787 [SYN, ACK] Seq=0 Ack=1 Win=64240
3 0.007119 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=1 Ack=1 Win=131840 Len
4 0.009563 170.78.36.7 172.22.1.254 HTTP 133 GET / HTTP/1.1
5 0.009628 172.22.1.254 170.78.36.7 TCP 54 80 → 62787 [ACK] Seq=1 Ack=80 Win=64256 Len
6 0.009884 172.22.1.254 170.78.36.7 TCP 292 HTTP/1.1 200 OK [TCP segment of a reassemb
7 0.010001 172.22.1.254 170.78.36.7 HTTP 669 HTTP/1.1 200 OK (text/html)
8 0.019889 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=80 Ack=854 Win=130816
9 0.039001 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [FIN, ACK] Seq=80 Ack=854 Win=13
10 0.039211 172.22.1.254 170.78.36.7 TCP 54 80 → 62787 [FIN, ACK] Seq=854 Ack=81 Win=64
11 0.046453 170.78.36.7 172.22.1.254 TCP 54 62787 → 80 [ACK] Seq=81 Ack=855 Win=130816 回答 2
Server Fault用户
发布于 2022-03-11 13:49:18
请注意,对于某些防火墙,Docker添加了特定规则才能正常工作。我不确定这是否也与不明飞行物有关,但可能是。
当这种情况发生在我的Iptables上时,我不得不添加一些规则来将特定端口上的传入连接转发到我在Docker网络上的服务的特定端口。因此,如果我在端口80上接收到连接,但是我的托管服务公开了端口8080,在某些情况下,即使您指定了映射:"80:8080",仍然需要向防火墙添加一些转发规则。
另一件您可以反复检查的事情是,主机服务器是否可以“调用”自己。
可以帮助您排除故障的一个命令是:
curl -Ivvv host portServer Fault用户
发布于 2022-03-13 12:29:17
我将测试的范围更改为带有NGinx安装的简单VPS服务器,没有Docker,并且http超时问题仍然存在,因此.我发现这个问题是由我当地VPS供应商的基础设施造成的.
我把服务器换到了另一个供应商,一切都很好.
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1095892
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号