I have a new Spring Boot application that I just finished and am trying to deploy it to Docker. Inside the container the application works fine. It uses ports 9000 for user facing requests and 9100 for administrative tasks like health checks. When I start a docker instance and try to access port 9000 I get the following error:

我有一个刚刚完成的新 Spring Boot 应用程序，正在尝试将它部署到 Docker。在容器内，应用程序运行良好。它使用端口 9000 处理面向用户的请求，使用 9100 端口处理健康检查等管理任务。当我启动 docker 实例并尝试访问端口 9000 时，出现以下错误：

curl: (56) Recv failure: Connection reset by peer

After a lot of experimentation (via curl), I confirmed in with several different configurations that the application functions fine inside the container, but when I try to map ports to the host it doesn't connect. I've tried starting it with the following commands. None of them allow me to access the ports from the host.

经过大量实验（通过 curl），我使用几种不同的配置确认应用程序在容器内运行良好，但是当我尝试将端口映射到主机时，它无法连接。我尝试使用以下命令启动它。它们都不允许我从主机访问端口。

docker run -P=true my-app
docker run -p 9000:9000 my-app

The workaround

解决方法

The only approach that worksis using the --net host option, but this doesn't allow me to run more than one container on that host.

唯一的办法是作品使用--net主机选项，但是这并不让我在该主机上运行多个集装箱。

docker run -d --net=host my-app

Experiments with ports and expose

实验端口和暴露

I've used various versions of the Dockerfile exposing different ports such as 9000 and 9100 or just 9000. None of that helped. Here's my latest version:

我使用了 Dockerfile 的各种版本，暴露了不同的端口，例如 9000 和 9100 或只是 9000。这些都没有帮助。这是我的最新版本：

FROM ubuntu
MAINTAINER redacted

RUN apt-get update
RUN apt-get install openjdk-7-jre-headless -y
RUN mkdir -p /opt/app

WORKDIR /opt/app

ADD ./target/oauth-authentication-1.0.0.jar /opt/app/service.jar
ADD config.properties /opt/app/config.properties

EXPOSE 9000
ENTRYPOINT java -Dext.properties.dir=/opt/app -jar /opt/app/service.jar

Hello World works

你好世界工作

To make sure I can run a Spring Boot application, I tried Simplest-Spring-Boot-MVC-HelloWorldand it worked fine.

为了确保我可以运行 Spring Boot 应用程序，我尝试了Simplest-Spring-Boot-MVC-HelloWorld并且它运行良好。

Netstat Results

网络统计结果

I've used netstat to do port scans from the host and from the container:

我已经使用 netstat 从主机和容器进行端口扫描：

From the host

来自主持人

root@my-docker-host:~# nmap 172.17.0.71 -p9000-9200

Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-14 19:19 UTC Nmap
scan report for my-docker-host (172.17.0.71)
Host is up (0.0000090s latency).
Not shown: 200 closed ports
PORT     STATE SERVICE
9100/tcp open  jetdirect
MAC Address: F2:1A:ED:F4:07:7A (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.48 seconds

From the container

从容器

root@80cf20c0c1fa:/opt/app# nmap 127.0.0.1 -p9000-9200

Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-14 19:20 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 199 closed ports
PORT     STATE SERVICE
9000/tcp open  cslistener
9100/tcp open  jetdirect

Nmap done: 1 IP address (1 host up) scanned in 2.25 seconds

The container is using Ubuntu The hosts I've replicated this are Centos and Ubuntu.

容器正在使用 Ubuntu 我复制的主机是 Centos 和 Ubuntu。

This SO questionseems similar but had very few details and no answers, so I thought I'd try to document my scenario a bit more.

这个 SO 问题似乎很相似，但细节很少，也没有答案，所以我想我会尝试更多地记录我的场景。