来自外部机器的Docker Remote Api不响应
我想这样做:
curl --insecure --cert cert.pem --key key.pem https://192.168.30.53:2376/images/json 我有一个虚拟networking(NAT)的服务器上有2个虚拟机:
mh-keystore 192.168.2.103 -> 192.168.30.52 swarm-master 192.168.2.100 -> 192.168.30.53
本地NAT ips链接到外部IP。 我可以通过SSH访问这些机器。
docker-machine安装在mh-keystore上。 我使用通用驱动程序将docker部署到swarm-master
当我从docker-machine主机(mh-keystore)调用API时,它工作正常:
$curl --insecure --cert .docker/machine/certs/cert.pem --key .docker/machine/certs/key.pem https://192.168.2.100:2376/images/json [{"Id":"6b40fe7724bd29107f6182ca2befec011cdf524b23ebc4c9a33591d6b7aea4ee","ParentId":"2b4c55187a27a43f6c5aebab707e75cffee14f7c3cc02e4f74429992bd5f7db2","RepoTags":["swarm:latest"],"RepoDigests":[],"Created":1446581252,"Size":0,"VirtualSize":15602184,"Labels":null},{"Id":"ded5e192a685b2c5f048ea98ca24f4c8c4dccc012185448a0247b49b24645007","ParentId":"8f17e9411cf6e7467e630b369a0216b582a8a811901befc800de41537bde1f04","RepoTags":["docker/whalesay:latest"],"RepoDigests":[],"Created":1432591463,"Size":0,"VirtualSize":247049019,"Labels":{}}]
所以我想从我自己的电脑中调用它。
curl --insecure --cert cert.pem --key key.pem https://192.168.30.53:2376/images/json curl --insecure --cert cert.pem --key key.pem https://192.168.30.52:2376/images/json
curl不响应。
密钥和证书是mh-keystore的副本。 (我不知道这是不错的解决scheme)
哪里不对 ?
谢谢
问题是我的学校的防火墙,我绕过它使用iptables来使用8080端口:
iptables -t nat -A DOCKER ! -i docker0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.2:3376