Docker作为服务器

我试图从本地机器暴露各种docker集装箱到外面的世界。 我暴露端口7050,7051和7053.问题是，当我curl从另一台机器我得到一个部分响应，然后“连接重置对等”。 我该如何解决这个问题？

我的iptables看起来像这样：

# Generated by iptables-save v1.6.0 on Thu Nov 9 15:52:53 2017 *nat :PREROUTING ACCEPT [116:7924] :INPUT ACCEPT [2:100] :OUTPUT ACCEPT [3:478] :POSTROUTING ACCEPT [12:1018] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.20.0.0/16 ! -o br-07afd2287e48 -j MASQUERADE -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE -A POSTROUTING -s 172.20.128.6/32 -d 172.20.128.6/32 -p tcp -m tcp --dport 7050 -j MASQUERADE -A POSTROUTING -s 172.20.128.4/32 -d 172.20.128.4/32 -p tcp -m tcp --dport 7053 -j MASQUERADE -A POSTROUTING -s 172.20.128.4/32 -d 172.20.128.4/32 -p tcp -m tcp --dport 7051 -j MASQUERADE -A DOCKER -i br-07afd2287e48 -j RETURN -A DOCKER -i docker0 -j RETURN -A DOCKER ! -i br-07afd2287e48 -p tcp -m tcp --dport 7050 -j DNAT --to-destination 172.20.128.6:7050 -A DOCKER ! -i br-07afd2287e48 -p tcp -m tcp --dport 7053 -j DNAT --to-destination 172.20.128.4:7053 -A DOCKER ! -i br-07afd2287e48 -p tcp -m tcp --dport 7051 -j DNAT --to-destination 172.20.128.4:7051 COMMIT # Completed on Thu Nov 9 15:52:53 2017 # Generated by iptables-save v1.6.0 on Thu Nov 9 15:52:53 2017 *filter :INPUT ACCEPT [313:21234] :FORWARD DROP [0:0] :OUTPUT ACCEPT [219:157256] :DOCKER - [0:0] :DOCKER-ISOLATION - [0:0] :DOCKER-USER - [0:0] -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION -A FORWARD -o br-07afd2287e48 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o br-07afd2287e48 -j DOCKER -A FORWARD -i br-07afd2287e48 ! -o br-07afd2287e48 -j ACCEPT -A FORWARD -i br-07afd2287e48 -o br-07afd2287e48 -j ACCEPT -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A DOCKER -d 172.20.128.6/32 ! -i br-07afd2287e48 -o br-07afd2287e48 -p tcp -m tcp --dport 7050 -j ACCEPT -A DOCKER -d 172.20.128.4/32 ! -i br-07afd2287e48 -o br-07afd2287e48 -p tcp -m tcp --dport 7053 -j ACCEPT -A DOCKER -d 172.20.128.4/32 ! -i br-07afd2287e48 -o br-07afd2287e48 -p tcp -m tcp --dport 7051 -j ACCEPT -A DOCKER-ISOLATION -i docker0 -o br-07afd2287e48 -j DROP -A DOCKER-ISOLATION -i br-07afd2287e48 -o docker0 -j DROP -A DOCKER-ISOLATION -j RETURN -A DOCKER-USER -j RETURN COMMIT 

这是我在AWS EC2实例上使用的相同规则，并且像魅力一样工作

另外我configuration我的调制解调器分配我的MAC地址一个静态IP是：192.168.1.121

端口转发看起来像：

最后，docker-compose文件如下所示：

 version: '2' networks: default: ipam: config: - subnet: 172.20.0.0/16 ip_range: 172.28.5.0/24 services: ca.peers.aabo.tech: image: hyperledger/fabric-ca:$ARCH-1.0.3 environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca.peers.aabo.tech - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.peers.aabo.tech-cert.pem - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/a64f36ae49c527e08b9b3a97443006a9668d288a8bdcd2ca1e11a5f40ccf114e_sk ports: - "7054:7054" expose: - "7054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./crypto-config/peerOrganizations/peers.aabo.tech/ca/:/etc/hyperledger/fabric-ca-server-config container_name: ca.peers.aabo.tech networks: default: ipv4_address: 172.20.128.2 orderer.aabo.tech: container_name: orderer.aabo.tech image: hyperledger/fabric-orderer:$ARCH-1.0.3 environment: - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - ORDERER_GENERAL_LOGLEVEL=debug - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 - ORDERER_GENERAL_GENESISMETHOD=file - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/composer-genesis.block - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer ports: - 7050:7050 expose: - "7050" volumes: - ./:/etc/hyperledger/configtx - ./crypto-config/ordererOrganizations/aabo.tech/orderers/orderer.aabo.tech:/etc/hyperledger/msp/orderer - ./crypto-config/peerOrganizations/peers.aabo.tech/peers/peer0.peers.aabo.tech/:/etc/hyperledger/msp/peerPeers networks: default: ipv4_address: 172.20.128.3 lyra1.peers.aabo.tech: container_name: lyra1.peers.aabo.tech image: hyperledger/fabric-peer:$ARCH-1.0.3 environment: - CORE_LOGGING_PEER=debug - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG - CORE_PEER_ADDRESSAUTODETECT=true - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_PEER_ID=lyra1.peers.aabo.tech - CORE_PEER_ADDRESS=lyra1.peers.aabo.tech:7051 - CORE_PEER_LOCALMSPID=PeersMSP - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp - CORE_PEER_GOSSIP_EXTERNALENDPOINT=lyra1.peers.aabo.tech:7051 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=composer_default - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984 working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: peer node start -o orderer.aabo.tech:7050 ports: - 7051:7051 - 7053:7053 expose: - "7053" - "7051" volumes: - /var/run/:/host/var/run/ - ./:/etc/hyperledger/configtx - ./crypto-config/peerOrganizations/peers.aabo.tech/peers/peer0.peers.aabo.tech/msp:/etc/hyperledger/peer/msp - ./crypto-config/peerOrganizations/peers.aabo.tech/users:/etc/hyperledger/msp/users depends_on: - orderer.aabo.tech - couchdb networks: default: ipv4_address: 172.20.128.4 cli.aabo.tech: container_name: cli.aabo.tech image: hyperledger/fabric-tools tty: true environment: - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_LOGGING_LEVEL=DEBUG - CORE_PEER_ID=cli.aabo.tech - CORE_PEER_ADDRESS=lyra1.peers.aabo.tech:7051 - CORE_PEER_LOCALMSPID=PeersMSP - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peers.aabo.tech/users/Admin@peers.aabo.tech/msp working_dir: /opt/gopath/src/sacc volumes: - /var/run/:/host/var/run/ - ./:/etc/hyperledger/configtx - /home/frhec/go/src/:/opt/gopath/src/ - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ depends_on: - orderer.aabo.tech - couchdb - lyra1.peers.aabo.tech networks: default: ipv4_address: 172.20.128.5 couchdb: container_name: couchdb image: hyperledger/fabric-couchdb:$ARCH-1.0.3 ports: - 5984:5984 expose: - "5984" environment: DB_URL: http://localhost:5984/member_db networks: default: ipv4_address: 172.20.128.6 

我正在使用ArchLinux Antergos

 Linux INSPIRON-HFR 4.13.11-1-ARCH #1 SMP PREEMPT Thu Nov 2 10:25:56 CET 2017 x86_64 GNU/Linux 

—–编辑1 —————–

目前我得到：

 $ curl WAN_IP:7050 curl: (56) Recv failure: Connection reset by peer    

我预计：

 Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: <FILE>" to save to a file. 

顺便一提。 如果从本地主机curl我得到预期的回应。

谢谢

• 使用Azure容器服务dynamic启动容器
• Docker版本无法下载Jenkins工具

• 在运行Docker容器的Debian中自动启动ntp服务
• 客户机和服务器应用程序无法在容器和主机上进行通信？
• Docker：如何恢复分离的会话屏幕？
• docker执行错误：rpc错误：代码= 13
• 在使用JSCH的docker环境中的容器内部连接
• 在Docker Container中安装pip时出错
• sudodocker运行：未绑定的variables错误
• docker-compose不启动postgres图像
• 让Jenkins在更新图像时“更新”正在运行的Docker容器的最佳方法