在同一主機上執行正向代理容器和 DNS 伺服器容器的問題
這是 Docker、pi-hole(容器)和蟲洞代理(容器)在同一主機上執行的家庭實驗。我的 docker 主機的作業系統是 RHEL 7.x。
我最初的目的是了解更多關於 pi-hole 的資訊,因此我將服務作為容器託管在 VMWare ESXI 中託管的 VM 上。在我的一些 Linux 虛擬機上,我可以通過編輯
/etc/resolv.conf
文件指向 pi-hole 來使用 pi-hole 作為我的 DNS 伺服器。那裡一切正常。因此,當我想在我的物理主桌面(Windows 10)上對其進行測試時,我認為與其通過網路適配器設置更改 DNS 伺服器,不如在 pi- 旁邊託管一個轉發代理伺服器(wormhole-proxy)容器。同一個 docker 主機上的洞容器。然後我可以簡單地告訴正向代理伺服器使用 pi-hole 作為 DNS 伺服器。
當轉發代理伺服器使用 pi-hole 作為 DNS 伺服器時會出現問題。我會在正向代理伺服器日誌中看到以下錯誤消息。
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,528 wormhole[5]: [691dd8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again) wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,692 wormhole[5]: [643358][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again) wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,693 wormhole[5]: [654eb8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
在同一個 docker 主機上同時託管轉發代理伺服器容器和 pi-hole 容器時,如果我沒有明確告訴代理伺服器使用 pi-hole 作為 DNS,那麼它會正常工作。如果我將轉發代理伺服器容器託管在不同的虛擬機上,然後指定代理伺服器使用 pi-hole 作為 DNS 伺服器,那麼它也可以正常工作。這使我相信存在某些形式的衝突,但我不確定會是什麼,因為它們不共享任何埠。
為了輕鬆複製我的問題,這
docker-compose.yml
是我使用的 s。下面是
docker-compose.yml
用於蟲洞代理(Forward Proxy)的伺服器。dns:
指向 docker 主機。version: "3" services: wormhole: image: bashell/wormhole:latest ports: - "8888:8800/tcp" - "8888:8800/udp" environment: TZ: "America/New_York" restart: always dns: - 192.168.10.120
下面是
docker-compose.yml
用於 pi 孔的。您將需要更改卷的主機安裝點。version: "3" services: pihole: image: pihole/pihole:v4.0_amd64 ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" environment: # enter your docker host IP here ServerIP: 192.168.10.120 # IPv6 Address if your network supports it # ServerIPv6: # jwilder/proxy envs, see readme for more info PROXY_LOCATION: pihole VIRTUAL_HOST: pihole.local VIRTUAL_PORT: 80 TZ: "America/New_York" DNS1: 208.67.222.222 DNS2: 1.1.1.1 WEBPASSWORD: stackexchange # Add your own custom hostnames you need for your domain # extra_hosts: # Point any of the jwilder virtual_host addresses # to your docker host ip address # - 'pihole.yourdomain.local:192.168.1.55' volumes: - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z' # WARNING: if this log don't exist as a file on the host already # docker will try to create a directory in it's place making for lots of errors - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z' - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z' restart: always
我沒有讓轉發代理伺服器作為 DNS 伺服器指向 Docker 主機,而是確保轉發代理伺服器和 DNS 伺服器都駐留在同一個 Docker 網路上,並讓轉發代理伺服器指向 Docker 分配的 DNS 伺服器 IP 地址.
以下是
docker-compose.yml
轉發代理伺服器version: "3" services: wormhole: image: bashell/wormhole:latest ports: - "8888:8800/tcp" - "8888:8800/udp" environment: TZ: "America/New_York" restart: always dns: - 172.20.0.99 networks: - beyonddc networks: beyonddc: external: true
以下是
docker-compose.yml
我的 DNS 伺服器version: "3.5" services: pihole: image: pihole/pihole:v4.0_amd64 ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" networks: beyonddc: ipv4_address: 172.20.0.99 environment: # enter your docker host IP here ServerIP: 192.168.10.120 # IPv6 Address if your network supports it ServerIPv6: 2601:189:4200:eb2:250:56ff:febf:d245 # jwilder/proxy envs, see readme for more info PROXY_LOCATION: pihole VIRTUAL_HOST: pihole.local VIRTUAL_PORT: 80 TZ: "America/New_York" DNS1: 208.67.222.222 DNS2: 1.1.1.1 WEBPASSWORD: stackexchange # Add your own custom hostnames you need for your domain # extra_hosts: # Point any of the jwilder virtual_host addresses # to your docker host ip address # - 'pihole.yourdomain.local:192.168.1.55' volumes: - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z' # WARNING: if this log don't exist as a file on the host already # docker will try to create a directory in it's place making for lots of errors - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z' - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z' restart: always networks: beyonddc: driver: bridge # Must specify the name for the network again otherwise by default # Docker will use the folder name as prefix of the network. # The name field is only available in version 3.5 and beyond name: beyonddc ipam: config: - subnet: 172.20.0.0/16
我建議將這兩個 docker-compose.yml 文件合併為一個:
version: "3" services: wormhole: image: bashell/wormhole:latest link: pihole:dns.local ports: - "8888:8800/tcp" - "8888:8800/udp" environment: TZ: "America/New_York" restart: always dns: - dns.local pihole: image: pihole/pihole:v4.0_amd64 ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" environment: # enter your docker host IP here ServerIP: 192.168.10.120 # IPv6 Address if your network supports it # ServerIPv6: # jwilder/proxy envs, see readme for more info PROXY_LOCATION: pihole VIRTUAL_HOST: pihole.local VIRTUAL_PORT: 80 TZ: "America/New_York" DNS1: 208.67.222.222 DNS2: 1.1.1.1 WEBPASSWORD: stackexchange # Add your own custom hostnames you need for your domain # extra_hosts: # Point any of the jwilder virtual_host addresses # to your docker host ip address # - 'pihole.yourdomain.local:192.168.1.55' volumes: - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z' # WARNING: if this log don't exist as a file on the host already # docker will try to create a directory in it's place making for lots of errors - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z' - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z' restart: always
這樣做會自動將兩個容器添加到同一個 docker 網路中,並允許連結容器(請參閱上面的 wormhole 服務,我在其中指定
dns.local
了 pihole 容器的主機名,但僅限於 wormhole 容器的範圍內。這句話有什麼意義嗎? ?)