文章目录

docker容器启用ipv6地址方法Docker-Compose启用IPv6启用ipv6重启docker生效创建一个ipv6的docker网络创建容器测试v6地址使用ipv6的网络创建容器使用普通网络创建容器测试

创建一个nginx容器用ipv6地址访问测试容器创建ipv4地址验证ipv6地址访问验证修改nginx容器网页内容

docker容器启用ipv6地址方法

Docker-Compose启用IPv6

你如果没用使用Docker-Compose，就忽略配置，以了解为主，直接去看下面的docker配置。

docker-compose.yaml 文件必须使用 <code>version: “2.*”，version: “3.*” 不支持 enable_ipv6 配置如果已有旧的容器在运行（网络配置发生了变化），则需要先销毁容器 docker-compose down 然后再重新创建 docker-compose up仅需在network下添加如下内容即可，其他信息正常配置。

networks:

local_bridge:

enable_ipv6: true

driver: bridge

ipam:

config:

- subnet: "2409:807e::/80"

启用ipv6

说明

docker默认是不支持ipv6的，所以想要使用ipv6，就得单独开启这个功能。前提条件

主机需要具备ipv6地址并能正常使用，如下，2409开头的正规v6地址，而非fe80这种内部用的v6地址哈。

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether fa:16:3e:67:77:58 brd ff:ff:ff:ff:ff:ff

inet 10.241.102.245/24 brd 10.241.102.255 scope global dynamic noprefixroute ens3

valid_lft 63404sec preferred_lft 63404sec

inet6 2409:807e:58cc:114::a2d/120 scope global noprefixroute

valid_lft forever preferred_lft forever

inet6 fe80::f816:3eff:fe67:7758/64 scope link noprefixroute

valid_lft forever preferred_lft forever

执行vim /etc/docker/daemon.json 配置文件【没有这个配置文件是正常的】，写入如下内容

"fixed-cidr-v6": "2409::/80",这个后面的ip是自定义的。。。

[root@xz-docker-tes-01 ~]# cat /etc/docker/daemon.json

{

"ipv6": true,

"fixed-cidr-v6": "2409::/80",

"experimental": true,

"ip6tables": true

}

[root@xz-docker-tes-01 ~]#

重启docker生效

重启不报错，实际上此时docker就能支持ipv6了。

[root@xz-docker-tes-01 ~]# systemctl restart docker

[root@xz-docker-tes-01 ~]# systemctl status docker

● docker.service - Docker Application Container Engine

Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)

Active: active (running) since Fri 2023-12-01 11:40:31 CST; 9s ago

Docs: https://docs.docker.com

Main PID: 14470 (dockerd)

Tasks: 13

Memory: 47.3M

CGroup: /system.slice/docker.service

└─14470 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

创建一个ipv6的docker网络

这一步其实是不需要做的，因为，不使用这个网络的docker容器，也可以正常使用ipv6地址。

我这多做一步是为了做测试而已。具体区别见下面测试说明。【测试后，我觉得这个没意义】

[root@xz-docker-tes-01 ~]# docker network create -d bridge --ipv6 --subnet "2409:807e::/80" ipv6_bridge

09663034b21493f64d2484dc21923a789bc8ac51c403d422e397435df74f204b

[root@xz-docker-tes-01 ~]#

创建好后的网络信息如下

[root@xz-docker-tes-01 ~]# docker network list

NETWORK ID NAME DRIVER SCOPE

bf1937081949 bridge bridge local

e98be3082c27 host host local

09663034b214 ipv6_bridge bridge local

7cee98cd58fe none null local

[root@xz-docker-tes-01 ~]#

创建容器测试v6地址

使用ipv6的网络创建容器

我这使用上面创建的一个ipv6的网络做测试测试

[root@xz-docker-tes-01 ~]# docker run -dit --name=v6 --restart=always --network=ipv6_bridge hub.c.163.com/library/centos:latest

49af16d7dd9c63afd2a43b24b6dfdb8b39d70ef8e39c1d1c067dcbe28c242efa

[root@xz-docker-tes-01 ~]#

[root@xz-docker-tes-01 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

49af16d7dd9c hub.c.163.com/library/centos:latest "/bin/bash" 3 seconds ago Up 2 seconds v6

[root@xz-docker-tes-01 ~]#

容器内 ping其他v6地址和网关都能通，一切正常

[root@xz-docker-tes-01 ~]# docker exec -it v6 bash

[root@49af16d7dd9c /]# ls

anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var

[root@49af16d7dd9c /]#

[root@49af16d7dd9c /]# ping6 2409:807e:58cc:114::a2d

PING 2409:807e:58cc:114::a2d(2409:807e:58cc:114::a2d) 56 data bytes

64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=1 ttl=64 time=0.459 ms

64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=2 ttl=64 time=0.093 ms

64 bytes from 2409:807e:58cc:114::a2d: icmp_seq=3 ttl=64 time=0.090 ms

^C

--- 2409:807e:58cc:114::a2d ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2058ms

rtt min/avg/max/mdev = 0.090/0.214/0.459/0.173 ms

[root@49af16d7dd9c /]# ping6 2409:807e:58cc:114::a01

PING 2409:807e:58cc:114::a01(2409:807e:58cc:114::a01) 56 data bytes

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=1 ttl=63 time=10.2 ms

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=2 ttl=63 time=2.04 ms

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=3 ttl=63 time=2.23 ms

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=4 ttl=63 time=2.35 ms

^C

--- 2409:807e:58cc:114::a01 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3004ms

rtt min/avg/max/mdev = 2.048/4.208/10.200/3.461 ms

[root@49af16d7dd9c /]#

[root@49af16d7dd9c /]# exit

exit

[root@xz-docker-tes-01 ~]#

该容器的网络容器里面呢，也会有一个ipv6地址，主机虽然能ping通，但这个ip是容器专属的，

[root@xz-docker-tes-01 ~]# docker inspect v6 | grep "IPv6"

"LinkLocalIPv6Address": "",

"LinkLocalIPv6PrefixLen": 0,

"SecondaryIPv6Addresses": null,

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

"IPv6Gateway": "",

"IPv6Gateway": "2409:807e::1",

"GlobalIPv6Address": "2409:807e::2",

"GlobalIPv6PrefixLen": 80,

[root@xz-docker-tes-01 ~]#

[root@xz-docker-tes-01 ~]# ping 2409:807e::2

PING 2409:807e::2(2409:807e::2) 56 data bytes

64 bytes from 2409:807e::2: icmp_seq=1 ttl=64 time=0.695 ms

64 bytes from 2409:807e::2: icmp_seq=2 ttl=64 time=0.090 ms

^C

--- 2409:807e::2 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 50ms

rtt min/avg/max/mdev = 0.090/0.392/0.695/0.303 ms

[root@xz-docker-tes-01 ~]#

容器内能ping通同样用这个网络创建的其他容器【但默认容器直接网络是隔离的哈】，具体这个v6地址的用途自行探索吧。

[root@xz-docker-tes-01 ~]# docker exec -it v6 bash

[root@49af16d7dd9c /]# ping6 2409:807e::3

PING 2409:807e::3(2409:807e::3) 56 data bytes

64 bytes from 2409:807e::3: icmp_seq=1 ttl=64 time=0.346 ms

64 bytes from 2409:807e::3: icmp_seq=2 ttl=64 time=0.108 ms

64 bytes from 2409:807e::3: icmp_seq=3 ttl=64 time=0.107 ms

^C

--- 2409:807e::3 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2085ms

rtt min/avg/max/mdev = 0.107/0.187/0.346/0.112 ms

[root@49af16d7dd9c /]#

使用普通网络创建容器测试

进入以后，能ping通网关和其他v6地址，没问题。

[root@xz-docker-tes-01 ~]# docker run --name=test1 -it hub.c.163.com/library/centos

[root@d866a511db84 /]# ping6 2409:807e:58cc:114::a17

PING 2409:807e:58cc:114::a17(2409:807e:58cc:114::a17) 56 data bytes

64 bytes from 2409:807e:58cc:114::a17: icmp_seq=1 ttl=63 time=1.85 ms

64 bytes from 2409:807e:58cc:114::a17: icmp_seq=2 ttl=63 time=0.782 ms

64 bytes from 2409:807e:58cc:114::a17: icmp_seq=3 ttl=63 time=0.793 ms

64 bytes from 2409:807e:58cc:114::a17: icmp_seq=4 ttl=63 time=0.891 ms

^C

--- 2409:807e:58cc:114::a17 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3053ms

rtt min/avg/max/mdev = 0.782/1.080/1.855/0.449 ms

[root@d866a511db84 /]#

[root@d866a511db84 /]# ping6 2409:807e:58cc:114::a01

PING 2409:807e:58cc:114::a01(2409:807e:58cc:114::a01) 56 data bytes

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=1 ttl=63 time=13.3 ms

64 bytes from 2409:807e:58cc:114::a01: icmp_seq=2 ttl=63 time=1.85 ms

^C

--- 2409:807e:58cc:114::a01 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms

rtt min/avg/max/mdev = 1.716/5.648/13.378/5.466 ms

[root@d866a511db84 /]#

默认生成的，没有这个v6地址的，但不影响使用ipv6.

[root@xz-docker-tes-01 ~]# docker inspect test1 | grep "IP"

"LinkLocalIPv6Address": "",

"LinkLocalIPv6PrefixLen": 0,

"SecondaryIPAddresses": null,

"SecondaryIPv6Addresses": null,

"GlobalIPv6Address": "2409::242:ac11:2",

"GlobalIPv6PrefixLen": 80,

"IPAddress": "172.17.0.2",

"IPPrefixLen": 16,

"IPv6Gateway": "2409::1",

"IPAMConfig": null,

"IPAddress": "172.17.0.2",

"IPPrefixLen": 16,

"IPv6Gateway": "2409::1",

"GlobalIPv6Address": "2409::242:ac11:2",

"GlobalIPv6PrefixLen": 80,

[root@xz-docker-tes-01 ~]#

创建一个nginx容器用ipv6地址访问测试

容器创建

先创建一个映射端口的nginx容器

[root@xz-docker-tes-01 ~]# docker run -dit --name=nginx --restart=always -p 80:80 --network=ipv6_bridge nginx

4a175fb0754961537b23111bab1251e9c9f36645e9936f07c5daeea28af4d898

[root@xz-docker-tes-01 ~]# netstat -ntlp | grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 16074/docker-proxy

tcp6 0 0 :::80 :::* LISTEN 16088/docker-proxy

[root@xz-docker-tes-01 ~]#

我是指定了创建的ipv6网络的【其实不指定也一样，不影响外部访问的】

[root@xz-docker-tes-01 ~]# docker inspect nginx | grep "IPv6"

"LinkLocalIPv6Address": "",

"LinkLocalIPv6PrefixLen": 0,

"SecondaryIPv6Addresses": null,

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

"IPv6Gateway": "",

"IPv6Gateway": "2409:807e::1",

"GlobalIPv6Address": "2409:807e::3",

"GlobalIPv6PrefixLen": 80,

[root@xz-docker-tes-01 ~]#

ipv4地址验证

直接浏览器输入ipv4的地址，不报错就行【我下面显示ccx是因为我修改过nginx的默认文件内容了】

ipv6地址访问验证

验证ipv6地址之前，需要保证你测试的主机上已经配置有ipv6地址并且能正常使用

首先测试能否ping通目标ipv6地址【就上面搭建ipv6的主机v6地址，是主机，而非容器的啊】

然后网页直接输入v6地址【就上面搭建ipv6的主机v6地址，是主机，而非容器的啊】

访问格式<code>[ipv6addr] 【注意，v6地址用中括号扩起来的】其实下面内容就是nginx默认的内容，因为没有放任何东西，所以就会显示nginx界面，反正没报错就是正常的。

修改nginx容器网页内容

xian进入nginx容器内部

<code>[root@xz-docker-tes-01 ~]# docker exec -it nginx bash

root@4a175fb07549:/#

因为不知道容器的http默认文件在哪里，所以可以用find搜索

root@4a175fb07549:/# find / -name html

find: '/proc/32/map_files': Permission denied

find: '/proc/33/map_files': Permission denied

find: '/proc/34/map_files': Permission denied

find: '/proc/35/map_files': Permission denied

/usr/share/nginx/html

root@4a175fb07549:/#

通过搜索已知html路径为：/usr/share/nginx/html

那么就可以去修改了噻【懂了吧，想要显示啥内容，替换这个index.html文件就行了】

root@4a175fb07549:/usr/share/nginx/html# ls

50x.html index.html

root@4a175fb07549:/usr/share/nginx/html# vi index.html

bash: vi: command not found

root@4a175fb07549:/usr/share/nginx/html# vim index.html

bash: vim: command not found

root@4a175fb07549:/usr/share/nginx/html# cat index.html

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

body {

width: 35em;

margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>code>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>code>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

root@4a175fb07549:/usr/share/nginx/html# cp index.html index.html.bak

root@4a175fb07549:/usr/share/nginx/html# echo ccx > index.html

root@4a175fb07549:/usr/share/nginx/html#

如我上面，将ccx内容写入了index.html文件，那么正常情况，网页就只会显示ccx这3个字母