解決したいこと
次のような構成でバックエンドと通信ができない。(Host is unreachable)
- CentOS 8.2
- docker-ce
- docker-compose
192.168.10.100
browser -- nginx[80] ------ backend container[80]
(front) (webmail)
192.168.203.2 192.168.203.9
nginxからbackend containerに通信できない。(curlコマンドで試しても同様)
ただし、pingは通る。
解決方法
publicゾーン(default)に、マスカレードを有効にする。
※試行錯誤の結果なので、これが正しいかは未確認です...
sudo firewall-cmd --zone=public --add-masquerade --permanent
sudo firewall-cmd --reload
sudo systemctl restart docker
参考文献
https://forums.docker.com/t/docker-connection-refused-between-two-containers/68040/12
解決したいことの詳細情報
以下は現象が発生したコードや環境の詳細情報です。
解決できた方法は、前述の項目を参照ください。
発生している問題・エラー
[user@centos8 mailu]$ sudo docker-compose exec front sh
/ # curl -LsS http://192.168.203.9
curl: (7) Failed to connect to 192.168.203.9 port 80: Host is unreachable
/ # ping 192.168.203.9
PING 192.168.203.6 (192.168.203.9): 56 data bytes
64 bytes from 192.168.203.9: seq=0 ttl=64 time=0.103 ms
64 bytes from 192.168.203.9: seq=1 ttl=64 time=0.094 ms
^C
--- 192.168.203.9 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.094/0.098/0.103 ms
該当するソースコード
https://setup.mailu.io/1.7/ から自動生成したものに対象変更を加えたもの。
mailu.env
# Mailu main configuration file
#
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at
# https://mailu.io
###################################
# Common configuration variables
###################################
# Set to a randomly generated 16 bytes string
SECRET_KEY=SECRETAAAAAAAAAA
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET=192.168.203.0/24
# Main mail domain
DOMAIN=example.org
# Hostnames for this server, separated with comas
HOSTNAMES=example.org
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
TLS_FLAVOR=notls
# Authentication rate limit (per source IP address)
AUTH_RATELIMIT=10/minute;1000/hour
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=False
###################################
# Optional features
###################################
# Expose the admin interface (value: true, false)
ADMIN=true
# Choose which webmail to run if any (values: roundcube, rainloop, none)
WEBMAIL=rainloop
# Dav server implementation (value: radicale, none)
WEBDAV=none
# Antivirus solution (value: clamav, none)
ANTIVIRUS=none
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
# Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000
# Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=192.168.10.0/24
# Will relay all outgoing mails if configured
RELAYHOST=
# Fetchmail delay
FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part
RECIPIENT_DELIMITER=+
# DMARC rua and ruf email
DMARC_RUA=admin
DMARC_RUF=admin
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
# Maildir Compression
# choose compression-method, default: none (value: bz2, gz)
COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
###################################
# Web settings
###################################
# Path to redirect / to
WEBROOT_REDIRECT=/webmail
# Path to the admin interface if enabled
WEB_ADMIN=/webmin
# Path to the webmail if enabled
WEB_WEBMAIL=/webmail
# Website name
SITENAME=Mailu
# Linked Website URL
WEBSITE=https://mailu.io
###################################
# Advanced settings
###################################
# Log driver for front service. Possible values:
# json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
# LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Default password scheme used for newly created accounts and changed passwords
# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
PASSWORD_SCHEME=BLF-CRYPT
# Header to take the real ip from
REAL_IP_HEADER=
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
REAL_IP_FROM=
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
LOG_LEVEL=WARNING
###################################
# Database settings
###################################
DB_FLAVOR=sqlite
docker-compose.yml
# This file is auto-generated by the Mailu configuration wizard.
# Please read the documentation before attempting any change.
# Generated for compose flavor
version: '3'
services:
# External dependencies
redis:
image: redis:alpine
restart: always
volumes:
- "/usr/local/docker/mailu/redis:/data"
# Core services
front:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
logging:
driver: json-file
ports:
- "192.168.10.100:80:80"
- "::1:80:80"
- "192.168.10.100:443:443"
- "::1:443:443"
- "192.168.10.100:25:25"
- "::1:25:25"
- "192.168.10.100:465:465"
- "::1:465:465"
- "192.168.10.100:587:587"
- "::1:587:587"
- "192.168.10.100:110:110"
- "::1:110:110"
- "192.168.10.100:995:995"
- "::1:995:995"
- "192.168.10.100:143:143"
- "::1:143:143"
- "192.168.10.100:993:993"
- "::1:993:993"
volumes:
- "/usr/local/docker/mailu/certs:/certs"
- "/usr/local/docker/mailu/overrides/nginx:/overrides"
admin:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
ports:
- 192.168.10.100:8080:80
- 80
volumes:
- "/usr/local/docker/mailu/data:/data"
- "/usr/local/docker/mailu/dkim:/dkim"
depends_on:
- redis
imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
volumes:
- "/usr/local/docker/mailu/mail:/mail"
- "/usr/local/docker/mailu/overrides:/overrides"
depends_on:
- front
smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
volumes:
- "/usr/local/docker/mailu/overrides:/overrides"
depends_on:
- front
antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
volumes:
- "/usr/local/docker/mailu/filter:/var/lib/rspamd"
- "/usr/local/docker/mailu/dkim:/dkim"
- "/usr/local/docker/mailu/overrides/rspamd:/etc/rspamd/override.d"
depends_on:
- front
# Optional services
webdav:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
volumes:
- "/usr/local/docker/mailu/dav:/data"
# Webmail
webmail:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:${MAILU_VERSION:-1.7}
restart: always
env_file: mailu.env
volumes:
- "/usr/local/docker/mailu/webmail:/data"
depends_on:
- imap
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.203.0/24
# 以下はお試し
driver_opts:
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
自分で試したこと
-
enable_iccが有効になっていないため、コンテナ間で通信ができない?
- 前述の設定の通り設定したが、結果は同じだった(通信できない)
- Enable or Disable Inter Container Connectivity docker bridge-driver-options
-
docker0ネットワークをtrustedゾーンへ移動
- 結果は同じだった(通信できない)
-
CentOS8で、docker-ceでは通信できない?!
- stackoverflow
- CentOS7では同じソースで正しく動作するとのこと
環境
env
[user@centos8 mailu]$ cat /etc/centos-release
CentOS Linux release 8.2.2004 (Core)
[user@centos8 mailu]$ sudo docker system info
Client:
Debug Mode: false
Server:
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 10
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-193.19.1.el8_2.x86_64
Operating System: CentOS Linux 8 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.784GiB
Name: centos8
ID: EENH:WZZJ:FROE:QNUP:QGVT:RRIN:RUR3:THIT:F22Q:IMVS:4GEL:DYIC
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
[user@centos8 mailu]$ sudo docker-compose --version
docker-compose version 1.27.4, build 40524192
docker-inspect
[user@centos8 ~]$ sudo docker inspect mailu_default
[
{
"Name": "mailu_default",
"Id": "27df81922313814a564c7a551a0c8cf3ea21603dba58002e73ba8f944e565c20",
"Created": "2020-09-27T21:02:05.901818833-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "192.168.203.0/24"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"1facc50c2feb49fca0033ed6642a6610c9bf79e616627fc957eacbb0638a5545": {
"Name": "mailu_antispam_1",
"EndpointID": "db33492d3378ecee9c057343493e6f1666f5166db94ed0c29830fb6821bc0cf3",
"MacAddress": "02:42:c0:a8:cb:06",
"IPv4Address": "192.168.203.6/24",
"IPv6Address": ""
},
"3a4cd121bc28240d46699040f407afdd0702b7c31e8272f7da7a80c743ba7357": {
"Name": "mailu_front_1",
"EndpointID": "2588705b19c4d8b79c429d2cda66881fa93545a704f7763c912a764676185893",
"MacAddress": "02:42:c0:a8:cb:02",
"IPv4Address": "192.168.203.2/24",
"IPv6Address": ""
},
"51c2da8ef177eb6a33d3e67af20aba5d791703a2d705e307ab9a458a7c4c4209": {
"Name": "mailu_webmail_1",
"EndpointID": "eb3d2b060aed84eb814d9d52dbe808a7073a52bb87d7dc7f335cbfe23bc03c28",
"MacAddress": "02:42:c0:a8:cb:09",
"IPv4Address": "192.168.203.9/24",
"IPv6Address": ""
},
"80f0b528ea72121e8281a7734264989d2740bf5c89b7df866dc219b6016d52f5": {
"Name": "mailu_admin_1",
"EndpointID": "6770a86d9d3678ca98af052b9fc3e8fb2daf046166f8dbf819af5b7e7d49a1a5",
"MacAddress": "02:42:c0:a8:cb:05",
"IPv4Address": "192.168.203.5/24",
"IPv6Address": ""
},
"95f81670bd10572ccaf6f778228bab6a808b5bcc74061a09c44090359b89b58e": {
"Name": "mailu_redis_1",
"EndpointID": "593ddd4e0ff2082ee9243b9eff0b4cc8301ace0438e84c0af02cc9f775a07eae",
"MacAddress": "02:42:c0:a8:cb:04",
"IPv4Address": "192.168.203.4/24",
"IPv6Address": ""
},
"bbeb23a885a4e41ac47a25bc1c296b817f6eeff9baf2d23b26f4ac9513f04cae": {
"Name": "mailu_smtp_1",
"EndpointID": "b4e3b3c2e3676069039660ff5aab6529ed224a343d3eca60262cfea3341b6b4a",
"MacAddress": "02:42:c0:a8:cb:08",
"IPv4Address": "192.168.203.8/24",
"IPv6Address": ""
},
"bc78cf9b396530c65ff202acb9e925f236e9e655a7e35cf1159d502b653f2d05": {
"Name": "mailu_imap_1",
"EndpointID": "c92a0e46b68bb2f594dfb7395a6e6d206d0497c2b30103395edcafa547153c10",
"MacAddress": "02:42:c0:a8:cb:07",
"IPv4Address": "192.168.203.7/24",
"IPv6Address": ""
},
"f25bec8296de7375d78c190b8fbe8dc2ed1eff3d3adbe53655428341f53b3da1": {
"Name": "mailu_webdav_1",
"EndpointID": "0154fd24c909d460830539cfe55fbb8b9c201abc17b1d2ae5cbbd49964e59e1a",
"MacAddress": "02:42:c0:a8:cb:03",
"IPv4Address": "192.168.203.3/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true"
},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "mailu",
"com.docker.compose.version": "1.27.4"
}
}
]