2023年7月26日发(作者：)

Docker⽹络host模式Use host networkingIf you use the

host network mode for a container, that container's networkstack is not isolated from the Docker host (the container shares the host'snetworking namespace), and the container does not get its own IP-address instance, if you run a container which binds to port 80 and you use

hostnetworking, the container's application is available on port 80 on the host's IPaddress.如果对容器使⽤host⽹络模式，则该容器的⽹络堆栈不会与Docker主机隔离（该容器共享主机的⽹络命名空间），并且该容器不会获得⾃⼰分配的IP地址。例如，如果您运⾏⼀个绑定到端⼝80的容器并使⽤host⽹络，则该容器的应⽤程序在主机IP地址的端⼝80上可⽤。Note: Given that the container does not have its own IP-address when usinghost mode networking, port-mapping does nottake effect, and the

-p,

--publish,

-P, and

--publish-all option areignored, producing a warning instead:假设容器在使⽤host模式⽹络时没有⾃⼰的IP地址，则端⼝映射不会⽣效，并且会忽略-p、-publish、-P和--publish all选项，从⽽⽣成警告：WARNING: Published ports are discarded when using host network modeHost mode networking can be useful to optimize performance, and in situations wherea container needs to handle a large range of ports, as it does not require networkaddress translation (NAT), and no "userland-proxy" is created for each 模式⽹络对于优化性能⾮常有⽤，在容器需要处理⼤量端⼝的情况下，因为它不需要⽹络地址转换（NAT），并且不为每个端⼝创建"userland-proxy"。The host networking driver only works on Linux hosts, and is not supported onDocker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows ⽹络驱动程序仅适⽤于Linux主机，在Docker Desktop for Mac、Docker Desktop for Windows或Docker EE for Windows Server上不受⽀持。You can also use a

host network for a swarm service, by passing

--network hostto the

docker service create command. In this case, control traffic (trafficrelated to managing the swarm and the service) is still sent across an overlaynetwork, but the individual swarm service containers send data using the Dockerdaemon's host network and ports. This creates some extra limitations. For instance,if a service container binds to port 80, only one service container can run on agiven swarm node.您还可以将host⽹络⽤于swarm服务，⽅法是将--network host传递给docker service create命令。在这种情况下，控制流量（与管理swarm和服务相关的流量）仍然通过overlay⽹络发送，但是各个swarm服务容器使⽤Docker守护进程的host⽹络和端⼝发送数据。这造成了⼀些额外的限制。例如，如果服务容器绑定到端⼝80，那么在给定的swarm节点上只能运⾏⼀个服务容器。Next stepsGo through the host networking tutorialLearn about networking from the container's point of viewLearn about bridge networksLearn about overlay networksLearn about Macvlan networks