--- title: description: date: 2023-04-25 lang: zh-tw tags: - 樹莓派 - Linux - docker --- # 樹莓派筆記- Q&A:容器讀取主機端口 ## 問題 將 Glances 安裝在主機上 也開啟 Web UI 本想用容器中的caddy進行轉發 繞了很久才發現解決方法 總共遇到兩個問題 1.如何回到主機 2.caddy遇到i/0 timeout ## 解決 1 可以走gateway回主機 主機上的服務必須綁定0.0.0.0 舉例: `Caddyfile` ```Caddyfile= glances.{$MY_DOMAIN} { log { output file /var/log/caddy/access.log } forward_auth authelia:9091 { uri /api/verify?rd=https://auth.{$MY_DOMAIN}/ copy_headers Remote-User Remote-Groups Remote-Name Remote-Email ## This import needs to be included if you're relying on a trusted proxies configuration. import trusted_proxy_list } reverse_proxy 172.19.0.1:61208 { ## This import needs to be included if you're relying on a trusted proxies configuration. import trusted_proxy_list } } ``` ## 解決 2 經過嘗試，發現是ufw阻擋的 ```zsh= [UFW BLOCK] IN=br-d2a13655d22d OUT= PHYSIN=veth95d19cf MAC=#### SRC=172.19.0.2 DST=172.19.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49164 DF PROTO=TCP SPT=57318 DPT=61208 WINDOW=64240 RES=0x00 SYN URGP=0 ``` 只需要允許來自br-d2a13655d22d的流量通過 ```zsh= ufw allow in on br-d2a13655d22d ``` 或是精確到某個port ```zsh= ufw allow in on br-d2a13655d22d to any port 61208 ``` ## Ref * https://www.yiibai.com/docker/network_create.html * https://stackoverflow.com/questions/39493490/provide-static-ip-to-docker-containers-via-docker-compose * https://stackoverflow.com/questions/24319662/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-mach * https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal/48547074#48547074 * https://benjr.tw/98079 * https://stackoverflow.com/questions/64768618/ufw-forbids-docker-container-to-connect-to-postgres * https://stackoverflow.com/questions/54059174/docker-localhost-connection-blocked-by-ufw * https://godleon.github.io/blog/Docker/docker-network-bridge/