Eu tenho um host de serviço do PostgreSQL dentro do container do docker sobre o Debian linux, aqui está o comando para criar o container:
# sudo docker run -d --name pg -p 5432:5432 -v pg_data:/var/lib/postgresql/data -e POSTGRES_DB=mydb -e POSTGRES_USER=dbowner -e POSTGRES_PASSWORD=MySecret postgres
Eu configurei o iptables para permitir conexão remota. Aqui está a saída de iptables -L , esta executada em localhost e fora do contêiner docker:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
ACCEPT tcp -- localhost anywhere tcp dpt:6379
ACCEPT tcp -- localhost anywhere tcp dpt:3000
ACCEPT tcp -- localhost anywhere tcp dpt:4000
ACCEPT tcp -- localhost anywhere tcp dpt:4001
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied:"
tcp -- anywhere anywhere tcp dpt:http state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:http state NEW recent: UPDATE seconds: 60 hit_count: 150 name: DEFAULT side: source mask: 255.255.255.255
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:postgresql
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:6379
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Aqui está a saída de netstat , esta no localhost e fora do contêiner docker:
# netstat -ntlup | grep 5432
tcp6 0 0 :::5432 :::* LISTEN 18720/docker-proxy
Eu configurei o postgressql.conf com listen_addresses='*' e em pg_hba.conf tem host all all all md5 dentro dele. No entanto, a conexão psql ainda é recusada na conexão e o telnet mostra que a porta 5432 não está aberta. Tudo testado no localhost funciona bem, mas não remotamente.
Saída de psql do controle remoto, este é executado fora do servidor:
# psql -U dbowner -d mydb -h remoteserver(my server ip)
psql: could not connect to server: Connection refused
Is the server running on host "remote-server" and accepting
TCP/IP connections on port 5432?
Saída de telnet do controle remoto, este é executado fora do servidor:
# telnet remoteserver 5432
Trying remoteserver...
telnet: connect to address 207.148.86.13: Connection refused
telnet: Unable to connect to remote host
Tags docker debian postgresql remote port