最後更新: 2019-01-17
介紹
The docker-proxy operates in userland, and simply receives any packets arriving at the host's specified port
( the kernel hasn't 'dropped' or forwarded, and redirects them to the container's port )
By default, containers don’t see which source IP address is connecting when they have a listening port,
so every logging, banning, filters and firewalls are just pointless.
(The IP address of the gateway address from Docker)
--userland-proxy
true by default
When disabled => NAT
Example
/usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.29.0.2 -container-port 443 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.29.0.2 -container-port 80