Domain-Name-System

在同一主機上執行正向代理容器和 DNS 伺服器容器的問題

  • October 7, 2018

這是 Docker、pi-hole(容器)和蟲洞代理(容器)在同一主機上執行的家庭實驗。我的 docker 主機的作業系統是 RHEL 7.x。

我最初的目的是了解更多關於 pi-hole 的資訊,因此我將服務作為容器託管在 VMWare ESXI 中託管的 VM 上。在我的一些 Linux 虛擬機上,我可以通過編輯/etc/resolv.conf文件指向 pi-hole 來使用 pi-hole 作為我的 DNS 伺服器。那裡一切正常。

因此,當我想在我的物理主桌面(Windows 10)上對其進行測試時,我認為與其通過網路適配器設置更改 DNS 伺服器,不如在 pi- 旁邊託管一個轉發代理伺服器(wormhole-proxy)容器。同一個 docker 主機上的洞容器。然後我可以簡單地告訴正向代理伺服器使用 pi-hole 作為 DNS 伺服器。

當轉發代理伺服器使用 pi-hole 作為 DNS 伺服器時會出現問題。我會在正向代理伺服器日誌中看到以下錯誤消息。

wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,528 wormhole[5]: [691dd8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,692 wormhole[5]: [643358][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)
wormhole_1_e0b4b0824de0 | 2018-10-07 05:32:28,693 wormhole[5]: [654eb8][192.168.20.40]: CONNECT 502 incoming.telemetry.mozilla.org:443 (gaierror: -3 Try again)

在同一個 docker 主機上同時託管轉發代理伺服器容器和 pi-hole 容器時,如果我沒有明確告訴代理伺服器使用 pi-hole 作為 DNS,那麼它會正常工作。如果我將轉發代理伺服器容器託管在不同的虛擬機上,然後指定代理伺服器使用 pi-hole 作為 DNS 伺服器,那麼它也可以正常工作。這使我相信存在某些形式的衝突,但我不確定會是什麼,因為它們不共享任何埠。

為了輕鬆複製我的問題,這docker-compose.yml是我使用的 s。

下面是docker-compose.yml用於蟲洞代理(Forward Proxy)的伺服器。 dns:指向 docker 主機。

version: "3"
services:
 wormhole:
   image: bashell/wormhole:latest
   ports:
     - "8888:8800/tcp"
     - "8888:8800/udp"
   environment:
     TZ: "America/New_York"
   restart: always
   dns:
     - 192.168.10.120

下面是docker-compose.yml用於 pi 孔的。您將需要更改卷的主機安裝點。

version: "3"
services:
 pihole:
   image: pihole/pihole:v4.0_amd64
   ports:
     - "53:53/tcp"
     - "53:53/udp"
     - "67:67/udp"
     - "80:80/tcp"
     - "443:443/tcp"
   environment:
     # enter your docker host IP here
     ServerIP: 192.168.10.120
     # IPv6 Address if your network supports it
     # ServerIPv6:
     # jwilder/proxy envs, see readme for more info
     PROXY_LOCATION: pihole
     VIRTUAL_HOST: pihole.local
     VIRTUAL_PORT: 80
     TZ: "America/New_York"
     DNS1: 208.67.222.222
     DNS2: 1.1.1.1
     WEBPASSWORD: stackexchange
   # Add your own custom hostnames you need for your domain
   # extra_hosts:
     #   Point any of the jwilder virtual_host addresses
     # to your docker host ip address
     # - 'pihole.yourdomain.local:192.168.1.55'
   volumes:
     - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
     # WARNING: if this log don't exist as a file on the host already
     # docker will try to create a directory in it's place making for lots of errors
     - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
     - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
   restart: always

我沒有讓轉發代理伺服器作為 DNS 伺服器指向 Docker 主機,而是確保轉發代理伺服器和 DNS 伺服器都駐留在同一個 Docker 網路上,並讓轉發代理伺服器指向 Docker 分配的 DNS 伺服器 IP 地址.

以下是docker-compose.yml轉發代理伺服器

version: "3"
services:
 wormhole:
   image: bashell/wormhole:latest
   ports:
     - "8888:8800/tcp"
     - "8888:8800/udp"
   environment:
     TZ: "America/New_York"
   restart: always
   dns:
     - 172.20.0.99
   networks:
     - beyonddc
networks:
   beyonddc:
     external: true

以下是docker-compose.yml我的 DNS 伺服器

version: "3.5"
services:
 pihole:
   image: pihole/pihole:v4.0_amd64
   ports:
     - "53:53/tcp"
     - "53:53/udp"
     - "67:67/udp"
     - "80:80/tcp"
     - "443:443/tcp"
   networks:
      beyonddc:
        ipv4_address: 172.20.0.99
   environment:
     # enter your docker host IP here
     ServerIP: 192.168.10.120
     # IPv6 Address if your network supports it
     ServerIPv6: 2601:189:4200:eb2:250:56ff:febf:d245
     # jwilder/proxy envs, see readme for more info
     PROXY_LOCATION: pihole
     VIRTUAL_HOST: pihole.local
     VIRTUAL_PORT: 80
     TZ: "America/New_York"
     DNS1: 208.67.222.222
     DNS2: 1.1.1.1
     WEBPASSWORD: stackexchange
   # Add your own custom hostnames you need for your domain
   # extra_hosts:
     #   Point any of the jwilder virtual_host addresses
     # to your docker host ip address
     # - 'pihole.yourdomain.local:192.168.1.55'
   volumes:
     - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
     # WARNING: if this log don't exist as a file on the host already
     # docker will try to create a directory in it's place making for lots of errors
     - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
     - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
   restart: always
networks:
 beyonddc:
   driver: bridge
   # Must specify the name for the network again otherwise by default
   # Docker will use the folder name as prefix of the network.
   # The name field is only available in version 3.5 and beyond
   name: beyonddc
   ipam:
     config:
       - subnet: 172.20.0.0/16

我建議將這兩個 docker-compose.yml 文件合併為一個:

version: "3"
services:
 wormhole:
   image: bashell/wormhole:latest
   link: pihole:dns.local
   ports:
     - "8888:8800/tcp"
     - "8888:8800/udp"
   environment:
     TZ: "America/New_York"
   restart: always
   dns:
     - dns.local
 pihole:
   image: pihole/pihole:v4.0_amd64
   ports:
     - "53:53/tcp"
     - "53:53/udp"
     - "67:67/udp"
     - "80:80/tcp"
     - "443:443/tcp"
   environment:
     # enter your docker host IP here
     ServerIP: 192.168.10.120
     # IPv6 Address if your network supports it
     # ServerIPv6:
     # jwilder/proxy envs, see readme for more info
     PROXY_LOCATION: pihole
     VIRTUAL_HOST: pihole.local
     VIRTUAL_PORT: 80
     TZ: "America/New_York"
     DNS1: 208.67.222.222
     DNS2: 1.1.1.1
     WEBPASSWORD: stackexchange
   # Add your own custom hostnames you need for your domain
   # extra_hosts:
     #   Point any of the jwilder virtual_host addresses
     # to your docker host ip address
     # - 'pihole.yourdomain.local:192.168.1.55'
   volumes:
     - '/Development/Applications/pi-hole/volumes/pihole/:/etc/pihole/:z'
     # WARNING: if this log don't exist as a file on the host already
     # docker will try to create a directory in it's place making for lots of errors
     - '/Development/Applications/pi-hole/volumes/log/pihole.log:/var/log/pihole.log:z'
     - '/Development/Applications/pi-hole/volumes/dnsmasq.d:/etc/dnsmasq.d:z'
   restart: always

這樣做會自動將兩個容器添加到同一個 docker 網路中,並允許連結容器(請參閱上面的 wormhole 服務,我在其中指定dns.local了 pihole 容器的主機名,但僅限於 wormhole 容器的範圍內。這句話有什麼意義嗎? ?)

引用自:https://serverfault.com/questions/934328