又是一個找問題的辛酸過程,一個開發者排坑的過程。 (爲了紀念今天的坑,排查過程略有贅述,直奔主題請拉低)
最初項目在本地是可以訪問外網,發佈到linux上就無法訪問,日誌報錯如下:
2020-09-11T10:41:27.390995876Z java.net.UnknownHostException: www.baidu.com
2020-09-11T10:41:27.390998638Z at java.net.InetAddress.getAllByName0(InetAddress.java:1280)
2020-09-11T10:41:27.391001304Z at java.net.InetAddress.getAllByName(InetAddress.java:1192)
2020-09-11T10:41:27.391003772Z at java.net.InetAddress.getAllByName(InetAddress.java:1126)
2020-09-11T10:41:27.391006291Z at org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45)
2020-09-11T10:41:27.391008936Z at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112)
2020-09-11T10:41:27.391011509Z at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
2020-09-11T10:41:27.391014090Z at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
2020-09-11T10:41:27.391016619Z at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
2020-09-11T10:41:27.391019208Z at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
2020-09-11T10:41:27.391021712Z at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
2020-09-11T10:41:27.391024157Z at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
2020-09-11T10:41:27.391026603Z at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
2020-09-11T10:41:27.391029383Z at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
2020-09-11T10:41:27.391031895Z at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
2020-09-11T10:41:27.391034372Z at com.example.eurekaclient2.utils.HttpClientUtil.doGet(HttpClientUtil.java:84)
首先,添加日誌自查程序,本地設置斷點反覆排查,確認只有linux上存在問題。
然後,根據度孃的指引,認爲是域名解析問題,但是ping域名是可以ping通的(curl一下地址也是沒有問題),但還是去改了/etc/hosts,還有DNS解析、網絡重啓,經過多次嘗試無效。後根據InetAddress的UnknowHostException問題查詢到,可以加如下日誌,查看獲取域名解析,也是抱着試試的態度。
System.out.print(InetAddress.getByName("http://www.baidu.com").toString());
顯示空指針異常,因爲InetAddress.getByName("http://www.baidu.com")爲null,突然想起來使用的docker曾經配置過橋接網絡,然後果斷去重新配置,有經驗的運維會很快發現。現在知道問題了,有了方向。
先是查到,認爲是docker的mtu不一致問題,去修改了docker0的mtu=1450。結果還是失敗。
最後上解決方案,原因是系統默認採用firewelld管理防火牆規則, CentOS 7、 8 中,Docker採用bridge網絡的Container無法連接外網的問題。先執行下面這幾行,然後在啓動容器的時候設置參數爲固定的ip,同時將nginx反向代理也配置上這個ip,困擾的問題終於得到解決。
[woods@localhost ~]$ nmcli connection modify docker0 connection.zone trusted
[woods@localhost ~]$ systemctl stop NetworkManager.service
[woods@localhost ~]$ firewall-cmd --permanent --zone=trusted --change-interface=docker0
success
[woods@localhost ~]$ systemctl start NetworkManager.service
[woods@localhost ~]$ nmcli connection modify docker0 connection.zone trusted
[woods@localhost ~]$ systemctl restart docker.service
[woods@localhost ~]$ firewall-cmd --get-active-zone
libvirt
interfaces: virbr0
public
interfaces: ens37
trusted
interfaces: docker0