无法访问使用Docker和Google Cloud部署的应用
我目前通过Google Cloud Platform设置了Linux Debian VM.我已经安装了docker,并想开始在其中运行应用程序容器.
I currently have a Linux Debian VM set up through Google Cloud Platform. I have docker installed and would like to start running application containers within it.
我正在遵循Docker网站在此处找到的下的文档在Docker中运行Web应用程序"我下载了映像并运行了它.然后我运行 $ sudo docker ps 并获取端口为0.0.0.0:32768-> 5000/tcp
I'm following the documentation under Docker's website Found Here under
"Running a web application in Docker" I download the image and run it with no issue. I then run $sudo docker ps and get the port which is 0.0.0.0:32768->5000/tcp
然后,我尝试浏览至http://"MyExternalVMIP":32768的网站,但应用程序没有显示.我想念什么吗?
I then try to browse to the website at http://"MyExternalVMIP":32768 but the applications doesn't come up. Am I missing something?
首先,测试一下您的服务是否可以正常工作.为此,请从VM本身运行:
First, test to see if your service works at all. To do this, from the VM itself, run:
wget http://localhost:32768
或
curl http://localhost:32768
如果这行得通,则意味着该服务运行正常,因此让我们进一步进行调试.
If that works, that means the service is operating properly, so let's move further with the debugging.
可能有两个防火墙阻止了对docker进程的外部访问:
There may be two firewalls that are blocking external access to your docker process:
- 虚拟机的操作系统防火墙
- Google Compute Engine防火墙
通过从虚拟机本身和同一GCE网络上的另一个虚拟机访问URL(使用URL中的虚拟机名称,而不是外部IP),可以查看是否受到第一个问题的影响:
You can see if you're affected by the first issue by accessing the URL from the VM itself and from another VM on the same GCE network (use the VM name in the URL, not the external IP):
wget http://[vm-name]:32768
要解决第一个问题,您必须打开单个端口(推荐):
To fix the first issue, you would have to either open up the single port (recommended):
iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 32768 -j ACCEPT
或完全禁用防火墙,例如,通过停止iptables(不推荐).
or disable firewall entirely, e.g., by stopping iptables (not recommended).
如果在解决此问题后,可以从同一GCE网络上的其他主机访问该URL,但仍然无法从Google Compute Engine外部访问该URL,则可能会受到第二个问题的影响.要对其进行修复,您需要在GCE防火墙中打开端口;也可以通过开发人员控制台中的网络界面完成此操作.
If, after fixing this, you can access the URL from another host on the same GCE network, but still can't access it from outside of Google Compute Engine, you're affected by the second issue. To fix it, you will need to open the port in the GCE firewall; this can also be done via the web UI in the Developers Console.