hi again, some calrification : I'm on archlinux and systemd version is systemd 228 +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
the systemd-nspawn documentation <http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html> says *-p, --port= If private networking is enabled, maps an IP port on the host onto an IP port on the container. Takes a protocol specifier (either "tcp" or "udp"), separated by a colon from a host port number in the range 1 to 65535, separated by a colon from a container port number in the range from 1 to 65535. The protocol specifier and its separating colon may be omitted, in which case "tcp" is assumed. The container port number and its colon may be omitted, in which case the same port as the host port is implied. This option is only supported if private networking is used*, such as with --network-veth or --network-bridge=. with "systemd-nspawn -b -D my_container --private-network --port 1234", *private networking is enabled* and we could imagine that the port association is done on the loopback interface, no ? it would be good for isolating container without having to set a network configuration (bridge or other)... for example, in my container, I've redis and nodebb, with redis listening on 127.0.0.1:6379 and nodebb on 127.0.0.1:4567, and, on my host, nginx which listening on 0.0.0.0:80 and act as reverse proxy for nodebb : with "systemd-nspawn -b -D nodebb --private-network --port 4567" and without other network setting, I could access nodebb just with "proxy_pass http://127.0.0.1:4567;"; in nginx. regards, lacsaP. 2016-01-25 0:10 GMT+01:00 Pascal <[email protected]>: > hi, > > I'm discovering and playing with systemd-nspawn and I must say it's > pretty cool ! > > I have a question about the --port option : why it doesn't work on the > loopback with --private-network option ? > > eg "systemd-nspawn -b -D my_container --private-network --port 1234" > doesn't connect the port 1234 of the loopback host with the port 1234 of > the loopback container. > > regards, lacsaP. >
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
