打开(Bluemix)容器到所有传入的连接
新年快乐2017!
大家好!
当我尝试将Docker镜像部署到BlueMix容器(其中cf ic run = docker run docker cf ic run = docker run )时,出现了一些问题,
即使图像在内部运行,我也无法从networking访问容器。 我咬住了绑定的地址:
ping 169.46.18.91 PING 169.46.18.91 (169.46.18.91): 56 data bytes 64 bytes from 169.46.18.91: icmp_seq=0 ttl=48 time=124.247 ms 64 bytes from 169.46.18.91: icmp_seq=1 ttl=48 time=122.701 ms
该图像在本地工作,但现在,我给它一个IP,并承载它在Bluemix容器服务,我报告了一个问题,而图像设置后, cf ic -v run命令
这里是命令的日志:
cf ic -v run -p 3000 --name bootingtest 1ed1b527771b DEMANDE : [2017-01-18T10:32:31+01:00] POST /UAALoginServerWAR/oauth/token HTTP/1.1 Host: login.ng.bluemix.net Accept: application/json Authorization: [DONNEES PRIVEES MASQUEES] Connection: close Content-Type: application/x-www-form-urlencoded User-Agent: go-cli 6.22.2+a95e24c / darwin grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwNzJlYTFmNy._gxevCN9cCYX3Fw_FUEYvxFsRhHqfOT9KhjZFiHcNao&scope= REPONSE : [2017-01-18T10:32:32+01:00] HTTP/1.1 200 OK Connection: close Transfer-Encoding: chunked Cache-Control: no-cache, no-store, max-age=0, must-revalidate,no-store Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline'; Content-Type: application/json;charset=UTF-8 Date: Wed, 18 Jan 2017 09:32:31 GMT Expires: 0 Pragma: no-cache,no-cache Server: Apache-Coyote/1.1 Strict-Transport-Security: max-age=2592000 ; includeSubDomains X-Backside-Transport: OK OK,OK OK X-Client-Ip: 91.151.65.169 X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Global-Transaction-Id: 1804077409 X-Powered-By: Servlet/3.1 X-Vcap-Request-Id: e683d47d-28aa-43c1-6356-d5818dfd86f1 X-Xss-Protection: 1; mode=block 6f6 {"access_token":"[DONNEES PRIVEES MASQUEES]","token_type":"[DONNEES PRIVEES MASQUEES]","refresh_token":"[DONNEES PRIVEES MASQUEES]","expires_in":1209599,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"edcd9c51-4521-4f49-bf03-def030e81626"} 0 a9dc3ad4-1a34-4848-9b16-8d1410b79a06
那么当我运行或构build映像时,是否有一种方法可以将连接从“closures”状态设置为“等待传入连接”状态?
像一个选项cf ic (docker) run -p 3000 --accept_all imageid cmd (我没有看到它在 – 帮助菜单)或者你在其他地方看到了什么错?
我想用docker exec -it ID /bin/bashlogin容器,但我不知道一个bash命令来接受所有传入的连接…(此外,我认为这是虚拟机,而不是容器本身)
谢谢你的回答,祝你有美好的一天!
灵光
其他信息
Dockerfile
FROM ubuntu:14.04 RUN apt-get update && apt-get -y install python2.7 RUN apt-get -y install python-pip RUN pip install Flask RUN pip install ibmiotf RUN pip install requests RUN pip install flask-socketio RUN pip install cloudant ENV PORT=12345 EXPOSE 12345 ADD ./SIARA /opt/SIARA/ WORKDIR /opt/SIARA/ CMD sleep 80 && python testGUI.py
Flask服务器端口映射和运行:
if __name__ == '__main__': # Bind to PORT if defined, otherwise default to 5000. port = int(os.environ.get('PORT', 5000)) socketio.run(app, host='0.0.0.0', port=port)
线索
当我用本地testing镜像的时候,我有这个警告信息,他们不会对任何崩溃负责,但是现在它在云端,这种错误是造成从Web失败的连接尝试的责任?
tl; dr:显然SSH连接是不可用的,因为(显然)我的python(2.7)版本需要更新(??)但是SSH不应该仅在https://连接的情况下才是相关的?
cf ic logs -ft guiplay 2017-01-19T09:17:38.870006264Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings 32017-01-19T09:17:38.870062551Z SNIMissingWarning 2017-01-19T09:17:38.870081733Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings 92017-01-19T09:17:38.870089026Z InsecurePlatformWarning 2017-01-19T09:17:39.145906849Z /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings 92017-01-19T09:17:39.145950355Z InsecurePlatformWarning 2017-01-19T09:17:39.186165706Z WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance. Y2017-01-19T09:17:39.192990810Z * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
嗯 – 我看到你已经发布了3000端口(运行命令中的-p 3000参数),但默认的端口是5000.在dockerfile中,你将它切换到了12345,所以这大概是你在那里听到的。 猜测这就是你想打开所有端口的原因吗?
Docker只公开你告诉它的端口 – 为该默认值添加一个额外的-p 5000,或者根据该Dockerfile添加-p 12345,或者两者都允许你在这些情况下连接到应用程序。 或者,如果您只想通过Dockerfile发布所有EXPOSED端口(本例中为12345),请使用-P参数。
更多信息:在云中运行,还有额外的安全措施,只能通过您希望发布的端口访问您的容器。 在一个空间内(在同一个空间的其他容器中,或者在容器本身内部的其他容器中),你仍然应该能够访问这些端口。 但是,从外部来看,只有你发布的端口应该可以访问。 我没有办法有效地发布*(从安全的angular度来看,这似乎是一个相当可疑的做法)
看起来像Bluemix单容器服务有点棘手,直到我添加一个“可伸缩”的容器,要求所需的HTTP端口,很难从networking上达到。
我觉得问题是这个http端口没有暴露,但是现在问题就解决了我上面说的方式。