Docker 容器内访问宿主机的问题

node-exporter 的话
要么暴露公网+防火墙规则限制
要么暴露公网+basic auth

你说的公网是指互联网么？

进去你的 prometheus 容器看看 host.docker.internal 实际的请求 ip ，然后 ufw 对这个 ip 开放

能确定在不开防火墙情况下 host.docker.internal:9100 可以访问吗？

host.docker.internal 是可以的 你是不是配置错了

容器内部要想使用宿主机的服务器，可以使用 host.docker.internal:host-gateway 映射的方式来解决：
1. 命令行启动
--add-host=host.docker.internal:host-gateway
2. compose file （注意，在 build 时不支持）
extra_hosts:
- "host.docker.internal:host-gateway"
3. 在容器内可以通过 host.docker.internal 来访问宿主机的 127.0.0.1

Prometheus 和 Node Exporter 都开--net-host
Prometheus 和 Node Exporter 配置中指定都监听 127.0.0.1
Prometheus 通过 127.0.0.1 访问 NodeExporter

不要映射到 127.0.0.1 ，映射到 docker0 的 ip 地址。

直接访问 172.18.0.1:9100 不行吗？你的 network_mode 都是 host 了，理论上就是 0.0.0.0 的监听吧？那 172.18.0.1 不就是宿主机 ip 了吗？反正看你的 prometheus-bridge 也是固定的

问题依然还在
关闭防火墙后就可以使用???
有没有更好的解决方案? 或者我哪里配置错了?

prometheus 配置:
```
docker run -d -p 127.0.0.1:9090:9090 \
-v /storage/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \
--add-host=host.docker.internal:host-gateway \
--restart=always \
--name=prometheus \
--net=prometheus-bridge \
--ip 172.18.0.2 \
prom/prometheus
```

node_exporter 配置:
```
version: '3.8'

services:
node_exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
command:
- '--path.rootfs=/host'
network_mode: host
pid: host
restart: unless-stopped
volumes:
- '/:/host:ro,rslave'
```

网桥信息:
```
root@it7:~# docker inspect prometheus-bridge
[
{
"Name": "prometheus-bridge",
"Id": "9db3ba11ccefb523a85ef3713777c780c49f0bf64f6065dd7bbd0d77d45da612",
"Created": "2024-05-17T15:56:49.735352162+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/24",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"028e10760ce3a47680d4b9b0c7bce38ecfb7e8588be860d5523ab93dcbc8b5ae": {
"Name": "prometheus",
"EndpointID": "c5675e399cf1e0fe1e843a9995e31836ab21de23db25c8bfdd54ba9197d28405",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/24",
"IPv6Address": ""
},
"29b6830a07165ac45fb176e48a14b4b31e4f1925c9b580c4528c836a5978dd3c": {
"Name": "xxx",
"EndpointID": "52acddb87f3515af70c39d38784dbef7dd0506ce94881410cddfdbdea04bb6f5",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/24",
"IPv6Address": ""
},
"70edf1712821c9efd62dbb57f15f78329923409ac874157bc07b547535062478": {
"Name": "xxx",
"EndpointID": "dd32442417a928a22477c587dc9cecebb6162ee1b93b748310e57109f341ebca",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/24",
"IPv6Address": ""
},
"eddd3efc96103784a7a5e961b988d56503131eefdd934657532441edf75b15d7": {
"Name": "xxx",
"EndpointID": "255eb88cb2e8706383f4aabc4d7be8de7cc9916929ddb71480b541d4c4399a5e",
"MacAddress": "02:42:ac:12:00:05",
"IPv4Address": "172.18.0.5/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
```

docker 版本:
```
root@it7:~# docker version
Client: Docker Engine - Community
Version: 26.1.3
API version: 1.45
Go version: go1.21.10
Git commit: b72abbb
Built: Thu May 16 08:33:29 2024
OS/Arch: linux/amd64
Context: default

Server: Docker Engine - Community
Engine:
Version: 26.1.3
API version: 1.45 (minimum version 1.24)
Go version: go1.21.10
Git commit: 8e96db1
Built: Thu May 16 08:33:29 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@it7:~#
```


@Etuloser
@fmd12345
@LoliconInside 普罗米修斯已经设置网桥很多东西都连在上面，设 host 会冲突


懂了，你 ufw 允许一下内网 ip 呢？ ufw allow from xx.xx.xx.xx to any port 22

了解下 pushgateway ？

unix domain socket 转一下？

@fmd12345 ufw 9100 ALLOW 172.18.0.2 就允许了这一个 IP , 之前没想到，算是曲线救国了 :)

@Etuloser #5 请问下, 这个--add-host=host.docker.internal:host-gateway
中的 host-gateway 是宿主机的 ip, 还是这个容器网络的网关 ip? 还是说直接就是 --add-host=host.docker.internal:host-gateway

https://github.com/qoomon/docker-host 推荐下这个,可以转发所有或指定的 docker 的流量, 我也面对你这个问题, 折腾了很久.