|
|
# Docker环境
|
|
|
|
|
|
## 1. 安装与配置
|
|
|
|
|
|
### 1.1. 官方自动化安装脚本
|
|
|
|
|
|
- Debian
|
|
|
|
|
|
```sh
|
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
|
sudo sh get-docker.sh
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
- Ubuntu
|
|
|
|
|
|
```sh
|
|
|
curl -fsSL https://edge.docker.com -o edge-docker.sh
|
|
|
sudo sh edge-docker.sh
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
- CentOS
|
|
|
|
|
|
```sh
|
|
|
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
|
|
|
```
|
|
|
|
|
|
### 1.2. 基础配置
|
|
|
|
|
|
编辑 `/etc/docker/daemon.json`
|
|
|
|
|
|
本地私库配置和docker日志配置
|
|
|
|
|
|
```json
|
|
|
{
|
|
|
"insecure-registries": ["192.168.3.203:5000"],
|
|
|
"log-driver": "json-file",
|
|
|
"log-opts": {
|
|
|
"max-size": "10m",
|
|
|
"max-file": "3"
|
|
|
}
|
|
|
}
|
|
|
```
|
|
|
|
|
|
### 1.3. 重启
|
|
|
|
|
|
```sh
|
|
|
# 开机自启
|
|
|
systemctl enable docker
|
|
|
systemctl daemon-reload
|
|
|
systemctl restart docker
|
|
|
```
|
|
|
|
|
|
### 1.4. docker-compose
|
|
|
|
|
|
下载:[Releases · docker/compose (github.com)](https://github.com/docker/compose/releases)
|
|
|
|
|
|
```sh
|
|
|
wget https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
|
|
|
chmod +x /usr/local/bin/docker-compose
|
|
|
# 启动管理容器
|
|
|
docker-compose up # 会自动搜索当前路径下的 docker-compose.yml文件
|
|
|
docker-compose -f 指定文件 up
|
|
|
docker-compose up -d # 后台执行,一般我们看日志输出,不用这个
|
|
|
|
|
|
docker-compose stop # 停止,不会删除容器和镜像
|
|
|
docker-compose down # 停止,并删除关联的容器
|
|
|
docker-compose start # 启动yml文件管理的容器
|
|
|
docker-compose ps # 正在运行的容器
|
|
|
docker-compose images # docker-compose管理的镜像
|
|
|
|
|
|
docker-compose exec yml文件中写的service /bin/bash # 进入到容器内
|
|
|
|
|
|
docker-compose up -d --build # 启动容器但是重新构建镜像,基于重新构建的镜像启动
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
### 1.5 加速镜像
|
|
|
|
|
|
- 科大镜像:**https://docker.mirrors.ustc.edu.cn/**
|
|
|
- 网易:**https://hub-mirror.c.163.com/**
|
|
|
- 阿里云:**https://<你的ID>.mirror.aliyuncs.com**
|
|
|
- 七牛云加速器:**https://reg-mirror.qiniu.com**
|
|
|
|
|
|
编辑 `/etc/docker/daemon.json`
|
|
|
|
|
|
```json
|
|
|
{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## 2. 后续操作
|
|
|
|
|
|
### 2.1. docker服务相关操作
|
|
|
|
|
|
```sh
|
|
|
# 状态 | 启动 | 停止 | 重启 | 自启服务 | 手动服务
|
|
|
systemctl [status | start | stop | restart | enable | disable] docker
|
|
|
# 查看docker版本信息
|
|
|
docker version
|
|
|
# 修改docker配置后执行,再重启
|
|
|
systemctl daemon-reload
|
|
|
```
|
|
|
|
|
|
### 2.2. 登录docker私库
|
|
|
|
|
|
> 登录后才能pull私库中的私有镜像
|
|
|
|
|
|
```sh
|
|
|
# 登录ailiyun私库
|
|
|
docker login registry.cn-hangzhou.aliyuncs.com
|
|
|
```
|
|
|
|
|
|
### 2.3. 防火墙操作
|
|
|
|
|
|
- centos
|
|
|
|
|
|
```sh
|
|
|
# 状态 | 启动 | 停止 | 重启 | 自启服务 | 手动服务
|
|
|
systemctl [status | start | stop | restart | enable | disable] firewalld
|
|
|
|
|
|
# 开放端口
|
|
|
firewall-cmd --add-port=80/tcp --permanent
|
|
|
|
|
|
# 重启防火墙
|
|
|
firewall-cmd --reload
|
|
|
|
|
|
# 查看开放端口号
|
|
|
firewall-cmd --list-all
|
|
|
```
|
|
|
|
|
|
查看版本: firewall-cmd --version
|
|
|
查看帮助: firewall-cmd --help
|
|
|
显示状态: firewall-cmd --state
|
|
|
查看所有打开的端口: firewall-cmd --zone=public --list-ports
|
|
|
更新防火墙规则: firewall-cmd --reload
|
|
|
查看区域信息: firewall-cmd --get-active-zones
|
|
|
查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0
|
|
|
拒绝所有包:firewall-cmd --panic-on
|
|
|
取消拒绝状态: firewall-cmd --panic-off
|
|
|
查看是否拒绝: firewall-cmd --query-panic
|
|
|
|
|
|
- ubuntu
|
|
|
|
|
|
```sh
|
|
|
# 启动防火墙
|
|
|
sudo ufw enable
|
|
|
|
|
|
# 禁止开机自动启动
|
|
|
sudo ufw disable
|
|
|
|
|
|
# 允许开机自动启动
|
|
|
sudo ufw enable
|
|
|
|
|
|
# 查看防火墙状态,是否正在运行
|
|
|
sudo ufw status verbose
|
|
|
|
|
|
# 关闭防火墙
|
|
|
sudo ufw disable
|
|
|
|
|
|
# 重置防火墙配置
|
|
|
sudo ufw reset
|
|
|
|
|
|
# 开放固定端口
|
|
|
# 放行tcp或者udp端口:
|
|
|
sudo ufw allow 端口号/tcp
|
|
|
# 放行tcp与udp端口:
|
|
|
sudo ufw allow 端口号
|
|
|
# 删除指定端口:
|
|
|
sudo ufw delete allow 端口号
|
|
|
|
|
|
#查看
|
|
|
sudo ufw status
|
|
|
#查看刚添加的规则
|
|
|
sudo ufw show added
|
|
|
```
|
|
|
|
|
|
|
|
|
|