更新时间:2022-05-26 03:11:18
请参见代理所有容器:
主机服务器运行一个容器,该容器运行可以进行透明代理的代理(在这种情况下为鱿鱼).该容器具有一些iptables规则,可将NAT流量传输到代理服务器-这意味着该容器需要在特权模式下运行.
Host server runs a container running a proxy (squid, in this case) that can do transparent proxying. That container has some iptables rules that NAT traffic into the proxy server - this means that container needs to run in privileged mode.
主机服务器还包含ip路由表条目(这是神奇的地方),它们通过代理容器重新路由来自除目的地为端口80的代理之外的任何容器的所有流量.
Host server also contains (and here's the magic) ip route table entries that re-route all traffic from any container but the proxy that was destined for port 80, through the proxy container.
最后一点本质上意味着对于端口80的流量,从容器到世界其他地方的路由通过代理容器-使其有机会进行NAT和透明代理.
That last bit essentially means that for port 80 traffic, the route from container to the rest of the world goes through the proxy container - giving it the chance to NAT and transparent proxy.