Docker/Networking: Difference between revisions
From charlesreid1
| Line 2: | Line 2: | ||
==Stunnel== | ==Stunnel== | ||
===Configuring=== | |||
Stunnel networking configuration: | Stunnel networking configuration: | ||
| Line 23: | Line 25: | ||
Note this is the same as is in the d-stunnel repo on git.charlesreid1.com: https://charlesreid1.com:3000/docker/d-stunnel | Note this is the same as is in the d-stunnel repo on git.charlesreid1.com: https://charlesreid1.com:3000/docker/d-stunnel | ||
===Binding Ports 443 and 22=== | |||
Stunnel server listens on port 443 (internal). This is mapped to port 443 (external) on the host using the <code>-p 443:443</code> flag when executing docker run. | Stunnel server listens on port 443 (internal). This is mapped to port 443 (external) on the host using the <code>-p 443:443</code> flag when executing docker run. | ||
Stunnel forwards traffic on to 127.0.0.1 port 22. This port needs to be bound, somehow, to somewhere. Keep it simple: bind container port 22 (internal) to host port 22 (external) using <code>-p 22:22</code> when executing docker run. | Stunnel forwards traffic on to 127.0.0.1 port 22. This port needs to be bound, somehow, to somewhere. Keep it simple: bind container port 22 (internal) to host port 22 (external) using <code>-p 22:22</code> when executing docker run. | ||
===Running Container=== | |||
Now the container should be started up, and stunnel should be run from within the container: | Now the container should be started up, and stunnel should be run from within the container: | ||
| Line 35: | Line 41: | ||
... | ... | ||
root@localhost# | root@localhost# | ||
</pre> | |||
===Checking Container Networking=== | |||
Use two commands to check that the container has been correctly bound to the two ports: | |||
<pre> | |||
$ nmap localhost | |||
$ netstat -tulpn | |||
</pre> | |||
Here is what the output of nmap looks like after running the Docker container: | |||
<pre> | |||
$ nmap localhost | |||
Starting Nmap 7.01 ( https://nmap.org ) at 2017-03-30 23:27 UTC | |||
Nmap scan report for localhost (127.0.0.1) | |||
Host is up (0.00012s latency). | |||
Other addresses for localhost (not scanned): ::1 | |||
Not shown: 997 closed ports | |||
PORT STATE SERVICE | |||
22/tcp open ssh | |||
80/tcp open http | |||
443/tcp open https | |||
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds | |||
</pre> | |||
And here is the output of the netstat command: | |||
<pre> | |||
$ netstat -tulpn | |||
(Not all processes could be identified, non-owned process info | |||
will not be shown, you would have to be root to see it all.) | |||
Active Internet connections (only servers) | |||
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | |||
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - | |||
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - | |||
tcp6 0 0 :::80 :::* LISTEN - | |||
tcp6 0 0 :::22 :::* LISTEN - | |||
</pre> | </pre> | ||
Revision as of 23:31, 30 March 2017
Setting up networking between containers and host.
Stunnel
Configuring
Stunnel networking configuration:
The stunnel server is running in a Docker container. Here is the stunnel server configuration file:
# server config, # stunnel server will listen for stunnel clients connecting on port 443 # traffic will be decrypted and forwarded to local port 22 output = /var/log/stunnel4/stunnel.log cert = /etc/stunnel/stunnel.fullchain.pem key = /etc/stunnel/stunnel.key.pem pid = /var/run/stunnel4/stunnel.pid client = no [ssh] accept = 443 connect = 127.0.0.1:22
Note this is the same as is in the d-stunnel repo on git.charlesreid1.com: https://charlesreid1.com:3000/docker/d-stunnel
Binding Ports 443 and 22
Stunnel server listens on port 443 (internal). This is mapped to port 443 (external) on the host using the -p 443:443 flag when executing docker run.
Stunnel forwards traffic on to 127.0.0.1 port 22. This port needs to be bound, somehow, to somewhere. Keep it simple: bind container port 22 (internal) to host port 22 (external) using -p 22:22 when executing docker run.
Running Container
Now the container should be started up, and stunnel should be run from within the container:
$ ./run_docker.sh root@localhost# stunnel ... root@localhost#
Checking Container Networking
Use two commands to check that the container has been correctly bound to the two ports:
$ nmap localhost $ netstat -tulpn
Here is what the output of nmap looks like after running the Docker container:
$ nmap localhost Starting Nmap 7.01 ( https://nmap.org ) at 2017-03-30 23:27 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.00012s latency). Other addresses for localhost (not scanned): ::1 Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
And here is the output of the netstat command:
$ netstat -tulpn (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN -
Network Equals Host Flag
Note that you can also configure the container to share networks with the host, by adding --network=host when executing docker run.