도커 컨테이너 다루기(2) - 컨테이너 외부 노출

컨테이너는 VM과 마찬가지로 Virtual IP를 할당 받습니다.

도커는 기본적으로 172.17.0.x 의 IP를 순차적으로 할당합니다.

 

컨테이너 생성 후 네트워크 인터페이스를 확인해보면 다음과 같습니다.

 

[root@localhost ~]# docker run -t -i --name network_test ubuntu:18.04
Unable to find image 'ubuntu:18.04' locally
18.04: Pulling from library/ubuntu
4bbfd2c87b75: Pull complete 
d2e110be24e1: Pull complete 
889a7173dcfe: Pull complete 
Digest: sha256:04919776d30640ce4ed24442d5f7c1a8e4bd0e4793ed9469843cedaecb0d72fb
Status: Downloaded newer image for ubuntu:18.04
root@7bfd7ba5d8b6:/#

 

ubuntu 컨테이너를 하나 생성하여 진입하였습니다.

 

root@7bfd7ba5d8b6:/# ifconfig
bash: ifconfig: command not found
root@7bfd7ba5d8b6:/# apt install net-tools
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package net-tools

 

생성 직후 ifconfig 명령어가 없어 net-tools 인스톨 하려고 하니 unable 에러가 확인됩니다.

 

root@7bfd7ba5d8b6:/# apt update
Get:1 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]           
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:3 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1412 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]        
Get:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]        
Get:6 http://archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [186 kB]
Get:7 http://archive.ubuntu.com/ubuntu bionic/restricted amd64 Packages [13.5 kB]
Get:8 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1344 kB]     
Get:9 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [24.7 kB]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [423 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [2152 kB]   
Get:12 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [11.3 MB]           
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [2183 kB]                                                       
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [31.6 kB]                                                     
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [452 kB]                                                      
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2583 kB]                                                           
Get:17 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [11.3 kB]                                                         
Get:18 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [11.4 kB]                                                     
Fetched 22.7 MB in 9s (2634 kB/s)                                                                                                              
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
root@7bfd7ba5d8b6:/# apt install net-tools
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 194 kB of archives.
After this operation, 803 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 net-tools amd64 1.60+git20161116.90da8a0-1ubuntu1 [194 kB]
Fetched 194 kB in 2s (112 kB/s)     
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 4045 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20161116.90da8a0-1ubuntu1_amd64.deb ...
Unpacking net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...
Setting up net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...

 

apt update 후 install 이 잘 됩니다.

 

root@7bfd7ba5d8b6:/# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 10538  bytes 23556933 (23.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8167  bytes 658339 (658.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

도커의 NAT IP인 172.17.0.2를 할당ㅂ당느 eth0 과 로컬호스트인 lo 인터페이스가 확인됩니다.

아무런 설정을 하지 않았다면 이 컨테이너는 외부에서 접근이 불가합니다.

외부에 노출하기 위해서는 eth0의 IP/Port 를 호스트의 IP/Port 에 바인딩해야 합니다.

 

[root@localhost ~]# docker run -t -i -p 33006:3306 -p 192.168.1.166:7777:80 ubuntu:18.04
root@cdcb99b617ae:/# 

호스트의 33006 포트를 컨테이너의 3306 포트와 바인딩하며 호스트 특정 IP를 입력하여 7777포트와 바인딩 했습니다.

여러 개의 포트를 외부에 개방하려면 -p 옵션을 여러번 써서 설정합니다.

 

-. 호스트 IP/Port와 컨테이너의 IP/Port 연결의 개념

 

호스트 IP의 33006 포트로 접근 => 33006 포트는 컨테이너의 3306 포트로 포워딩 => 3306 서비스 접근