docker容器啟用ipv6地址的方法流程

更新時間：2024年08月26日 11:38:07 作者：人間無事人

Docker默認(rèn)不開啟IPv6配置,某些場景我們又需要IPv6網(wǎng)絡(luò)支持,隨著IPv6的普及,以后的使用場景會越來越多,所以本文給大家介紹了docker容器啟用ipv6地址方法,用ipv6地址訪問容器方法流程、創(chuàng)建一個nginx容器用ipv6地址訪問測試流程,需要的朋友可以參考下

Docker-Compose啟用IPv6

你如果沒用使用Docker-Compose，就忽略配置，以了解為主，直接去看下面的docker配置。
- docker-compose.yaml 文件必須使用 version: “2.*”，version: “3.*” 不支持 enable_ipv6 配置
- 如果已有舊的容器在運行（網(wǎng)絡(luò)配置發(fā)生了變化），則需要先銷毀容器 docker-compose down 然后再重新創(chuàng)建 docker-compose up
- 僅需在network下添加如下內(nèi)容即可，其他信息正常配置。

networks:
      local_bridge:
        enable_ipv6: true
        driver: bridge
        ipam:
          config:
            - subnet: "2409:807e::/80"

啟用ipv6

說明
docker默認(rèn)是不支持ipv6的，所以想要使用ipv6，就得單獨開啟這個功能。
前提條件
主機需要具備ipv6地址并能正常使用，如下，2409開頭的正規(guī)v6地址，而非fe80這種內(nèi)部用的v6地址哈。

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:67:77:58 brd ff:ff:ff:ff:ff:ff
    inet 10.241.102.245/24 brd 10.241.102.255 scope global dynamic noprefixroute ens3
       valid_lft 63404sec preferred_lft 63404sec
    inet6 2409:807e:58cc:114::a2d/120 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe67:7758/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

執(zhí)行vim /etc/docker/daemon.json 配置文件【沒有這個配置文件是正常的】，寫入如下內(nèi)容"fixed-cidr-v6": "2409::/80",這個后面的ip是自定義的。

[root@xz-docker-tes-01 ~]# cat /etc/docker/daemon.json 
{
    "ipv6": true,
    "fixed-cidr-v6": "2409::/80",
    "experimental": true,
    "ip6tables": true
}
[root@xz-docker-tes-01 ~]#

重啟docker生效

重啟不報錯，實際上此時docker就能支持ipv6了。

[root@xz-docker-tes-01 ~]# systemctl restart docker
[root@xz-docker-tes-01 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2023-12-01 11:40:31 CST; 9s ago
     Docs: https://docs.docker.com
 Main PID: 14470 (dockerd)
    Tasks: 13
   Memory: 47.3M
   CGroup: /system.slice/docker.service
           └─14470 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

創(chuàng)建一個ipv6的docker網(wǎng)絡(luò)

這一步其實是不需要做的，因為，不使用這個網(wǎng)絡(luò)的docker容器，也可以正常使用ipv6地址。我這多做一步是為了做測試而已。具體區(qū)別見下面測試說明?！緶y試后，我覺得這個沒意義】

[root@xz-docker-tes-01 ~]# docker network create -d bridge --ipv6 --subnet "2409:807e::/80" ipv6_bridge
09663034b21493f64d2484dc21923a789bc8ac51c403d422e397435df74f204b
[root@xz-docker-tes-01 ~]#

創(chuàng)建好后的網(wǎng)絡(luò)信息如下

[root@xz-docker-tes-01 ~]# docker network  list
NETWORK ID     NAME          DRIVER    SCOPE
bf1937081949   bridge        bridge    local
e98be3082c27   host          host      local
09663034b214   ipv6_bridge   bridge    local
7cee98cd58fe   none          null      local
[root@xz-docker-tes-01 ~]#

創(chuàng)建容器測試v6地址

使用ipv6的網(wǎng)絡(luò)創(chuàng)建容器

我這使用上面創(chuàng)建的一個ipv6的網(wǎng)絡(luò)做測試測試

[root@xz-docker-tes-01 ~]# docker run -dit --name=v6 --restart=always --network=ipv6_bridge hub.c.163.com/library/centos:latest 
49af16d7dd9c63afd2a43b24b6dfdb8b39d70ef8e39c1d1c067dcbe28c242efa
[root@xz-docker-tes-01 ~]# 
[root@xz-docker-tes-01 ~]# docker ps
CONTAINER ID   IMAGE                                 COMMAND       CREATED         STATUS         PORTS     NAMES
49af16d7dd9c   hub.c.163.com/library/centos:latest   "/bin/bash"   3 seconds ago   Up 2 seconds             v6
[root@xz-docker-tes-01 ~]#

容器內(nèi) ping其他v6地址和網(wǎng)關(guān)都能通，一切正常

[root@xz-docker-tes-01 ~]# docker exec -it v6 bash
[root@49af16d7dd9c /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@49af16d7dd9c /]#
[root@49af16d7dd9c /]# ping6 2409:807e:58cc:114::a2d
PING 2409:807e:58cc:114::a2d(2409:807e:58cc:114::a2d) 56 data bytes
64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=1 ttl=64 time=0.459 ms
64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=3 ttl=64 time=0.090 ms
^C
--- 2409:807e:58cc:114::a2d ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2058ms
rtt min/avg/max/mdev = 0.090/0.214/0.459/0.173 ms
[root@49af16d7dd9c /]# ping6 2409:807e:58cc:114::a01
PING 2409:807e:58cc:114::a01(2409:807e:58cc:114::a01) 56 data bytes
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=1 ttl=63 time=10.2 ms
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=2 ttl=63 time=2.04 ms
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=3 ttl=63 time=2.23 ms
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=4 ttl=63 time=2.35 ms
^C
--- 2409:807e:58cc:114::a01 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 2.048/4.208/10.200/3.461 ms
[root@49af16d7dd9c /]# 
[root@49af16d7dd9c /]# exit
exit
[root@xz-docker-tes-01 ~]#

該容器的網(wǎng)絡(luò)容器里面呢，也會有一個ipv6地址，主機雖然能ping通，但這個ip是容器專屬的，

[root@xz-docker-tes-01 ~]# docker inspect v6 | grep "IPv6"
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPv6Gateway": "",
                    "IPv6Gateway": "2409:807e::1",
                    "GlobalIPv6Address": "2409:807e::2",
                    "GlobalIPv6PrefixLen": 80,
[root@xz-docker-tes-01 ~]# 
[root@xz-docker-tes-01 ~]# ping 2409:807e::2
PING 2409:807e::2(2409:807e::2) 56 data bytes
64 bytes from 2409:807e::2: icmp_seq=1 ttl=64 time=0.695 ms
64 bytes from 2409:807e::2: icmp_seq=2 ttl=64 time=0.090 ms
^C
--- 2409:807e::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 50ms
rtt min/avg/max/mdev = 0.090/0.392/0.695/0.303 ms
[root@xz-docker-tes-01 ~]#

容器內(nèi)能ping通同樣用這個網(wǎng)絡(luò)創(chuàng)建的其他容器【但默認(rèn)容器直接網(wǎng)絡(luò)是隔離的哈】，具體這個v6地址的用途自行探索吧。

[root@xz-docker-tes-01 ~]# docker exec -it v6 bash
[root@49af16d7dd9c /]# ping6 2409:807e::3
PING 2409:807e::3(2409:807e::3) 56 data bytes
64 bytes from 2409:807e::3: icmp_seq=1 ttl=64 time=0.346 ms
64 bytes from 2409:807e::3: icmp_seq=2 ttl=64 time=0.108 ms
64 bytes from 2409:807e::3: icmp_seq=3 ttl=64 time=0.107 ms
^C
--- 2409:807e::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2085ms
rtt min/avg/max/mdev = 0.107/0.187/0.346/0.112 ms
[root@49af16d7dd9c /]#

使用普通網(wǎng)絡(luò)創(chuàng)建容器測試

進入以后，能ping通網(wǎng)關(guān)和其他v6地址，沒問題。

[root@xz-docker-tes-01 ~]# docker run --name=test1 -it hub.c.163.com/library/centos
[root@d866a511db84 /]# ping6 2409:807e:58cc:114::a17
PING 2409:807e:58cc:114::a17(2409:807e:58cc:114::a17) 56 data bytes
64 bytes from 2409:807e:58cc:114::a17: icmp_seq=1 ttl=63 time=1.85 ms
64 bytes from 2409:807e:58cc:114::a17: icmp_seq=2 ttl=63 time=0.782 ms
64 bytes from 2409:807e:58cc:114::a17: icmp_seq=3 ttl=63 time=0.793 ms
64 bytes from 2409:807e:58cc:114::a17: icmp_seq=4 ttl=63 time=0.891 ms
^C
--- 2409:807e:58cc:114::a17 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3053ms
rtt min/avg/max/mdev = 0.782/1.080/1.855/0.449 ms
[root@d866a511db84 /]# 
[root@d866a511db84 /]# ping6 2409:807e:58cc:114::a01
PING 2409:807e:58cc:114::a01(2409:807e:58cc:114::a01) 56 data bytes
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=1 ttl=63 time=13.3 ms
64 bytes from 2409:807e:58cc:114::a01: icmp_seq=2 ttl=63 time=1.85 ms
^C
--- 2409:807e:58cc:114::a01 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.716/5.648/13.378/5.466 ms
[root@d866a511db84 /]#

默認(rèn)生成的，沒有這個v6地址的，但不影響使用ipv6.

[root@xz-docker-tes-01 ~]# docker inspect test1 | grep "IP"
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "2409::242:ac11:2",
            "GlobalIPv6PrefixLen": 80,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "2409::1",
                    "IPAMConfig": null,
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "2409::1",
                    "GlobalIPv6Address": "2409::242:ac11:2",
                    "GlobalIPv6PrefixLen": 80,
[root@xz-docker-tes-01 ~]#

創(chuàng)建一個nginx容器用ipv6地址訪問測試

容器創(chuàng)建

先創(chuàng)建一個映射端口的nginx容器

[root@xz-docker-tes-01 ~]# docker run -dit --name=nginx --restart=always -p 80:80 --network=ipv6_bridge nginx
4a175fb0754961537b23111bab1251e9c9f36645e9936f07c5daeea28af4d898
[root@xz-docker-tes-01 ~]# netstat -ntlp | grep 80 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16074/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      16088/docker-proxy  
[root@xz-docker-tes-01 ~]#

我是指定了創(chuàng)建的ipv6網(wǎng)絡(luò)的【其實不指定也一樣，不影響外部訪問的】

[root@xz-docker-tes-01 ~]# docker inspect nginx | grep "IPv6"
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPv6Gateway": "",
                    "IPv6Gateway": "2409:807e::1",
                    "GlobalIPv6Address": "2409:807e::3",
                    "GlobalIPv6PrefixLen": 80,
[root@xz-docker-tes-01 ~]#

ipv4地址驗證

直接瀏覽器輸入ipv4的地址，不報錯就行【我下面顯示ccx是因為我修改過nginx的默認(rèn)文件內(nèi)容了】

在這里插入圖片描述

ipv6地址訪問驗證

驗證ipv6地址之前，需要保證你測試的主機上已經(jīng)配置有ipv6地址并且能正常使用

首先測試能否ping通目標(biāo)ipv6地址【就上面搭建ipv6的主機v6地址，是主機，而非容器的啊】

在這里插入圖片描述

然后網(wǎng)頁直接輸入v6地址【就上面搭建ipv6的主機v6地址，是主機，而非容器的啊】

訪問格式[ipv6addr] 【注意，v6地址用中括號擴起來的】
其實下面內(nèi)容就是nginx默認(rèn)的內(nèi)容，因為沒有放任何東西，所以就會顯示nginx界面，反正沒報錯就是正常的。

在這里插入圖片描述

修改nginx容器網(wǎng)頁內(nèi)容

先進入nginx容器內(nèi)部

[root@xz-docker-tes-01 ~]# docker exec -it nginx bash
root@4a175fb07549:/#

因為不知道容器的http默認(rèn)文件在哪里，所以可以用find搜索

root@4a175fb07549:/# find / -name html
find: '/proc/32/map_files': Permission denied
find: '/proc/33/map_files': Permission denied
find: '/proc/34/map_files': Permission denied
find: '/proc/35/map_files': Permission denied
/usr/share/nginx/html
root@4a175fb07549:/#

通過搜索已知html路徑為：/usr/share/nginx/html
那么就可以去修改了噻【懂了吧，想要顯示啥內(nèi)容，替換這個index.html文件就行了】

root@4a175fb07549:/usr/share/nginx/html# ls
50x.html  index.html
root@4a175fb07549:/usr/share/nginx/html# vi index.html 
bash: vi: command not found
root@4a175fb07549:/usr/share/nginx/html# vim index.html 
bash: vim: command not found
root@4a175fb07549:/usr/share/nginx/html# cat index.html 
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a  rel="external nofollow" >nginx.org</a>.

Commercial support is available at
<a  rel="external nofollow" >nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@4a175fb07549:/usr/share/nginx/html# cp index.html index.html.bak
root@4a175fb07549:/usr/share/nginx/html# echo ccx > index.html
root@4a175fb07549:/usr/share/nginx/html#

如我上面，將ccx內(nèi)容寫入了index.html文件，那么正常情況，網(wǎng)頁就只會顯示ccx這3個字母

在這里插入圖片描述