Docker 概述
1. 什么是 Docker
所谓的 Docker 本质上是一款容器管理工具,是一种打包文件的技术。
因为 Linux 一切皆文件,容器技术本质上是将一个程序及其依赖的库文件打包管理的技术。
2. Docker 架构
属于典型的 C/S 架构,服务端由进程 “dockerd” 启动,客户端由 docker 命令进行管理。
对于 dockerd 而言,能够提供如下典型服务:
- 镜像管理
- 官方站点镜像
- 第三方镜像
- 自制镜像
- 容器管理
- 存储卷管理
- 网络管理
3. Docker 的相关站点
- 官网:
https://www.docker.com/ - 官方文档:
https://docs.docker.com/ - 官方镜像站点:
https://hub.docker.com/ - GitHub 站点:
- https://github.com/docker-archive/docker-ce # 老的弃用的,ce表示社区版,ee表示企业版
- https://github.com/moby/moby # 新docker合并到了moby项目,这是新地址
手动部署和卸载 Docker
二进制 Docker 环境部署
推荐阅读:
- https://docs.docker.com/engine/install/ubuntu/
- https://docs.docker.com/engine/install/centos/
- https://docs.docker.com/engine/install/binaries/
1. 下载 Docker
[root@elk91 ~]# wget https://download.docker.com/linux/static/stable/x86_64/docker-28.0.1.tgz若使用内部源:
[root@elk91 ~]# wget http://192.168.16.253/Resources/Docker/softwares/binary/docker-28.0.1.tgz2. 解压软件包
[root@elk91 ~]# tar xf docker-28.0.1.tgz
[root@elk91 ~]#
[root@elk91 ~]# tree docker
docker
├── containerd
├── containerd-shim-runc-v2
├── ctr
├── docker
├── dockerd
├── docker-init
├── docker-proxy
└── runc
0 directories, 8 files
[root@elk91 ~]# 3. 将二进制文件拷贝到环境变量中
拷贝脚本到$PATH随便一个路径中即可
[root@elk91 ~]# cp docker/* /usr/local/bin/
[root@elk91 ~]#
[root@elk91 ~]# ll /usr/local/bin/
total 206896
drwxr-xr-x 2 root root 4096 Mar 19 10:30 ./
drwxr-xr-x 17 root root 4096 Mar 18 17:10 ../
-rwxr-xr-x 1 root root 40415384 Mar 19 10:30 containerd*
-rwxr-xr-x 1 root root 13299864 Mar 19 10:30 containerd-shim-runc-v2*
-rwxr-xr-x 1 root root 20394136 Mar 19 10:30 ctr*
-rwxr-xr-x 1 root root 41552248 Mar 19 10:30 docker*
-rwxr-xr-x 1 root root 76659456 Mar 19 10:30 dockerd*
-rwxr-xr-x 1 root root 708448 Mar 19 10:30 docker-init*
-rwxr-xr-x 1 root root 2377328 Mar 19 10:30 docker-proxy*
-rwxr-xr-x 1 root root 16426200 Mar 19 10:30 runc*
[root@elk91 ~]# 4. 启动 Docker 服务端
[root@elk91 ~]# dockerd # 前台启动
[root@elk91 ~]# dockerd & # 或者后台启动5. 客户端测试
查看docker版本
[root@elk91 ~]# docker version
Client:
Version: 28.0.1
API version: 1.48
Go version: go1.23.6
Git commit: 068a01e
Built: Wed Feb 26 10:40:04 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.0.1
API version: 1.48 (minimum version 1.24)
Go version: go1.23.6
Git commit: bbd0a17
Built: Wed Feb 26 10:41:19 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.7.25
GitCommit: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
runc:
Version: 1.2.5
GitCommit: v1.2.5-0-g59923ef
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@elk91 ~]# 6. 镜像仓库访问问题
由于不可抗因素,目前国内无法访问 Docker 官方镜像仓库,无法拉取镜像,需要借助 “梯子”。
下面配置,虚拟机映射到win系统上的代理梯子端口即可拉取
[root@elk91 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Run 'docker run --help' for more information
[root@elk91 ~]# 卸载二进制 Docker 环境
1. 停止 Docker 服务
[root@elk91 ~]# ps -ef | grep dockerd
root 79359 24572 1 10:34 pts/0 00:00:00 dockerd
root 79587 66495 0 10:34 pts/2 00:00:00 grep --color=auto dockerd
[root@elk91 ~]#
[root@elk91 ~]# kill 79359
[root@elk91 ~]#
[root@elk91 ~]# docker version
Client:
Version: 28.0.1
API version: 1.48
Go version: go1.23.6
Git commit: 068a01e
Built: Wed Feb 26 10:40:04 2025
OS/Arch: linux/amd64
Context: default
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[root@elk91 ~]# 2. 卸载 Docker 环境
[root@elk91 ~]# ll /usr/local/bin/
total 206908
drwxr-xr-x 2 root root 4096 Mar 19 10:30 ./
drwxr-xr-x 17 root root 4096 Mar 18 17:10 ../
-rwxr-xr-x 1 root root 40415384 Mar 19 10:30 containerd*
-rwxr-xr-x 1 root root 13299864 Mar 19 10:30 containerd-shim-runc-v2*
-rwxr-xr-x 1 root root 20394136 Mar 19 10:30 ctr*
-rwxr-xr-x 1 root root 41552248 Mar 19 10:30 docker*
-rwxr-xr-x 1 root root 76659456 Mar 19 10:30 dockerd*
-rwxr-xr-x 1 root root 708448 Mar 19 10:30 docker-init*
-rwxr-xr-x 1 root root 2377328 Mar 19 10:30 docker-proxy*
-rwxr-xr-x 1 root root 16426200 Mar 19 10:30 runc*
[root@elk91 ~]#
[root@elk91 ~]# rm -f /usr/local/bin/*
[root@elk91 ~]#
[root@elk91 ~]# ll /usr/local/bin/
total 8
drwxr-xr-x 2 root root 4096 Mar 19 10:35 ./
drwxr-xr-x 17 root root 4096 Mar 18 17:10 ../
[root@elk91 ~]# 一键部署 Docker 脚本
1. 下载脚本
[root@elk91 ~]# wget http://192.168.16.253/Resources/Docker/softwares/haoshuaicongedu-autoinstall-docker-docker-compose.tar.gz2. 解压软件包
[root@elk91 ~]# tar xf haoshuaicongedu-autoinstall-docker-docker-compose.tar.gz 3. 安装 Docker 环境
[root@elk91 ~]# ./install-docker.sh i4. 测试及网络问题
此命令依旧无法翻墙。
[root@elk91 ~]# which docker
/usr/bin/docker
[root@elk91 ~]#
[root@elk91 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
[root@elk91 ~]# 5. 卸载 Docker 环境
[root@elk91 ~]# ./install-docker.sh 启动镜像。如果本地没有该镜像会去公网拉取镜像。官方仓库,第三方仓库
docker 获取境外的官方镜像
1. 下载软件包
[root@elk92 ~]# wget http://192.168.16.253/Resources/Docker/softwares/yinzhengjie-autoinstall-docker-docker-compose.tar.gz
# 此脚本为自己编写,可以安装和卸载docker
# 此脚本安装的docker 的 systemctl 启动脚本自带端口映射,映射到Windows的7890梯子的端口,实现docker科学上网
# 另外此脚本带docker tab补全命令功能2. 解压软件包
[root@elk92 ~]# tar xf yinzhengjie-autoinstall-docker-docker-compose.tar.gz 3. 安装 docker 环境
[root@elk92 ~]# ./install-docker.sh i4. 测试翻墙成功
[root@elk92 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
e6590344b1a5: Pull complete
Digest: sha256:7e1a4e2d11e2ac7a8c3f768d4166c2defeb09d2a750b010412b6ea13de1efb19
Status: Downloaded newer image for hello-world:latest
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@elk92 ~]# 5. 验证为什么能够上外网【前提是你的 windows 有对应的代理。】
因为这个包里的systemcl脚本已经更改了
[root@elk92 ~]# systemctl cat docker
# /lib/systemd/system/docker.service
[Unit]
Description=haoshuaicongedu linux Docke Engine
Documentation=https://docs.docker.com,https://www.haoshuaicongedu.com
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
# 配置docker代理
Environment="HTTP_PROXY=http://10.0.0.1:7890"
Environment="HTTPS_PROXY=http://10.0.0.1:7890"
[Install]
WantedBy=multi-user.target
[root@elk92 ~]# 6. 使用 docker 运行 nginx 服务
[root@elk92 ~]# docker run -p 81:80 --name myweb -d nginx:1.27.4-alpine
Unable to find image 'nginx:1.27.4-alpine' locally
1.27.4-alpine: Pulling from library/nginx
f18232174bc9: Pull complete
ab3286a73463: Pull complete
0c7e4c092ab7: Pull complete
Digest: sha256:4ff102c5d78d254a6f0da062b3cf39eaf07f01eec0927fd21e219d0af8bc0591
Status: Downloaded newer image for nginx:1.27.4-alpine
b03c97981ceacd43c4977dc176b53da242f61c1601e1cdc25ea7e75af14d8f2d
[root@elk92 ~]#
[root@elk92 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b03c97981cea nginx:1.27.4-alpine "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 0.0.0.0:81->80/tcp, :::81->80/tcp myweb
[root@elk92 ~]# 7. 部署服务测试
[root@elk93 ~]# curl -I http://10.0.0.92:81/镜像导入和导出
1. 导出镜像
docker image save
[root@elk92 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
hello-world latest 74cc54e27dc4 8 weeks ago 10.1kB
[root@elk92 ~]#
[root@elk92 ~]# docker image save nginx:1.27.4-alpine > haoshuaicongedu-nginx-1.27.4-alpine.tar.gz
[root@elk92 ~]# 2. 下载镜像
[root@elk93 ~]# wget http://192.168.16.253/Resources/Docker/images/Nginx/haoshuaicongedu-nginx-1.27.4-alpine.tar.gz3. 导入镜像
load < 或者 load -i
[root@elk93 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@elk93 ~]#
[root@elk93 ~]# docker load < haoshuaicongedu-nginx-1.27.4-alpine.tar.gz
08000c18d16d: Loading layer [==================================================>] 8.121MB/8.121MB
c1761f3c364a: Loading layer [==================================================>] 4.504MB/4.504MB
Loaded image: nginx:1.27.4-alpine
[root@elk93 ~]#
[root@elk93 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
[root@elk93 ~]# 4. 运行 nginx 服务
注意:run表示先创建docker容器,然后再启动容器。相当于两步合二唯一
[root@elk93 ~]# docker run -p 81:80 --name myweb -d nginx:1.27.4-alpine
12cc25debc85e85a5e556da96ee8909e038efbcd0dd25b06f3f7d5fc0bd25fa95. 访问测试
[root@elk93 ~]# curl -I http://10.0.0.93:81/
[root@elk93 ~]# curl http://10.0.0.93:81/Docker 本地镜像管理实战 * * * * *💋
1. 查看本地镜像仓库
[root@elk92 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
hello-world latest 74cc54e27dc4 8 weeks ago 10.1kB
[root@elk92 ~]# 以上ls命令输出:相关字段说明:
- REPOSITORY:远程仓库。其格式为
[远程仓库主机名或者IP地址/][项目仓库名称/]镜像名称[:镜像版本]。 - 如果下载的镜像是 Docker Hub 官方的,则无需指定前缀
[远程仓库主机名或者IP地址/][项目仓库名称/],默认为docker.io/library/。 - 如果下载的镜像非 Docker Hub 官方的,则需要指定
[远程仓库主机名或者IP地址/][项目仓库名称/]。 - 示例:
registry.cn - hangzhou.aliyuncs.com/yinzhengjie - k8s/apps:v1 - TAG:对镜像做版本标记,例如
nginx:1.27.4,表示部署的是 Nginx 的 1.27.4 版本。如果拉取镜像时未指定TAG,则默认标签为latest,生产环境中不推荐使用该标签。 - IMAGE ID:表示镜像的唯一标识,用于判断该镜像是否被篡改。
- CREATED:表示镜像的创建时间。
- SIZE:镜像的大小。
2. 拉取镜像
2.1 拉取官方的镜像
[root@elk92 ~]# docker pull busybox:1.36.1
1.36.1: Pulling from library/busybox
aef0d3bb86ca: Pull complete
Digest: sha256:e9daaecf76a040744e68e1436515ddba4127fdc84b0735095b392b1d343f904b
Status: Downloaded newer image for busybox:1.36.1
docker.io/library/busybox:1.36.1
[root@elk92 ~]# 2.2 拉取非官方镜像
[root@elk92 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
v1: Pulling from yinzhengjie-k8s/apps
5758d4e389a3: Pull complete
2dd61e30a21a: Pull complete
Digest: sha256:3bee216f250cfd2dbda1744d6849e27118845b8f4d55dda3ca3c6c1227cc2e5c
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
[root@elk92 ~]# 2.3 拉取最新的镜像
默认不指定tag版本标签,默认拉取最新版
[root@elk92 ~]# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
f18232174bc9: Already exists
Digest: sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
[root@elk92 ~]# 3. 给镜像打标签
[root@elk92 ~]# docker image tag alpine:latest www.haoshuaicongedu.com/haoshauicong/alpine:2025-03-19
[root@elk92 ~]#
[root@elk92 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest aded1e1a5b37 4 weeks ago 7.83MB
www.haoshuaicongedu.com/haoshauicong/alpine 2025-03-19 aded1e1a5b37 4 weeks ago 7.83MB
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
hello-world latest 74cc54e27dc4 8 weeks ago 10.1kB
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps v1 f28fd43be4ad 14 months ago 23MB
busybox 1.36.1 2d61ae04c2b8 22 months ago 4.27MB
[root@elk92 ~]# 4. 删除镜像
注意:这里删除的是镜像,不是容器。
image 管理的是镜像
container 管理的是容器
[root@elk92 ~]# docker image rm www.haoshuaicongedu.com/haoshauicong/alpine:2025-03-19
Untagged: www.haoshuaicongedu.com/haoshauicong/alpine:2025-03-19
[root@elk92 ~]#
[root@elk92 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest aded1e1a5b37 4 weeks ago 7.83MB
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
hello-world latest 74cc54e27dc4 8 weeks ago 10.1kB
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps v1 f28fd43be4ad 14 months ago 23MB
busybox 1.36.1 2d61ae04c2b8 22 months ago 4.27MB
[root@elk92 ~]# 5. 导出镜像
[root@elk92 ~]# docker pull jasonyin2020/haoshuaicongedu-games:v0.6 # 此处我成功拉取了镜像,如果你拉取不了,则可以使用镜像导入。
v0.6: Pulling from jasonyin2020/haoshuaicongedu-games
5758d4e389a3: Already exists
51d66f629021: Already exists
ff9c6add3f30: Already exists
163456ff6f09: Pull complete
fd8f88d41a37: Pull complete
Digest: sha256:6e20088543038ce8c142409255f6affd03d8ca703e6de57f4a2ab666b2d2bfe2
Status: Downloaded newer image for jasonyin2020/haoshuaicongedu-games:v0.6
docker.io/jasonyin2020/haoshuaicongedu-games:v0.6
[root@elk92 ~]#
[root@elk92 ~]# docker image save jasonyin2020/haoshuaicongedu-games:v0.6 -o haoshuaicongedu-games-v0.6.tar.gz # 导出镜像
[root@elk92 ~]#
[root@elk92 ~]# scp haoshuaicongedu-games-v0.6.tar.gz 10.0.0.93:~6. 导入镜像
[root@elk93 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker load -i haoshuaicongedu-games-v0.6.tar.gz
7fcb75871b21: Loading layer [==================================================>] 5.904MB/5.904MB
15d7cdc64789: Loading layer [==================================================>] 18.32MB/18.32MB
5f66747c8a72: Loading layer [==================================================>] 3.072kB/3.072kB
c39c1c35e3e8: Loading layer [==================================================>] 4.096kB/4.096kB
b8dbe22b95f7: Loading layer [==================================================>] 3.584kB/3.584kB
9d5b000ce7c7: Loading layer [==================================================>] 7.168kB/7.168kB
24f6c2496534: Loading layer [==================================================>] 288.1MB/288.1MB
df2c564d255b: Loading layer [==================================================>] 6.144kB/6.144kB
ce4dda5fa1c1: Loading layer [==================================================>] 7.168kB/7.168kB
1d0291efebc6: Loading layer [==================================================>] 70.73MB/70.73MB
Loaded image: jasonyin2020/haoshuaicongedu-games:v0.6
[root@elk93 ~]#
[root@elk93 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
jasonyin2020/haoshuaicongedu-games v0.6 b55cbfca1946 12 months ago 376MB
[root@elk93 ~]# 温馨提示:如果你下载不了镜像,则可以使用已下载好的镜像进行导入。
[root@elk91 ~]# wget http://192.168.16.253/Resources/Docker/images/haoshuaicongedu-games-v0.6.tar.gz镜像和容器的关系
- 镜像就好比使用
apt -y install nginx安装 Nginx,但该 Nginx 并未运行,只是包含配置文件、启动脚本、程序文件等信息。 - 容器就相当于启动服务,好比
systemctl start nginx,是将一个程序运行为一个进程的过程。
值得注意的是,镜像是不可修改的,即只读的;而容器是可读写的,也就是可以进行修改的。
容器实现端口映射原理
1. 查看现有的容器列表
[root@elk93 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
35167301d7e1 jasonyin2020/haoshuaicongedu-games:v0.6 "/docker-entrypoint.…" 3 hours ago Up 3 hours 0.0.0.0:90->80/tcp, :::90->80/tcp mygame
12cc25debc85 nginx:1.27.4-alpine "/docker-entrypoint.…" 4 hours ago Up 4 hours 0.0.0.0:81->80/tcp, :::81->80/tcp myweb
[root@elk93 ~]# 
2. 容器的网卡和宿主机的 veth 网卡是成对出现的
如下: 本段是6 ,对端是if7
6: eth0@if7:
4: eth0@if5:
7: vethbdffe29@if6:
[root@elk93 ~]# docker exec -it mygame ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker exec -it myweb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@elk93 ~]#
[root@elk93 ~]# docker exec -it myweb route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
[root@elk93 ~]#
[root@elk93 ~]# docker exec -it mygame route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
[root@elk93 ~]#
[root@elk93 ~]# ip a
...
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:b7:be:c3 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:feb7:bec3/64 scope link
valid_lft forever preferred_lft forever
5: veth98182e6@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8e:ac:88:5a:ba:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::8cac:88ff:fe5a:baa1/64 scope link
valid_lft forever preferred_lft forever
7: vethbdffe29@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 72:b3:09:9d:78:54 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::70b3:9ff:fe9d:7854/64 scope link
valid_lft forever preferred_lft forever
[root@elk93 ~]# 3. 所有的容器网卡都会桥接到 docker0
[root@elk93 ~]# apt -y install bridge-utils
[root@elk93 ~]# brctl show docker0
bridge name bridge id STP enabled interfaces
docker0 8000.0242c0b7bec3 no veth98182e6
vethbdffe29
[root@elk93 ~]# 4. 外部访问宿主机的某个端口会被 DNAT 到对应的容器端口
[root@elk93 ~]# iptables-save | grep 90
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 90 -j DNAT --to-destination 172.17.0.3:80
[root@elk93 ~]# 5. 容器需要访问外网的前提是开启内核转发参数
注:-w是临时修改
[root@elk93 ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@elk93 ~]#
[root@elk93 ~]# sysctl -q net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@elk93 ~]# 容器和虚拟机的对比
- 小(轻量级):
- 容器镜像体积小,可达到 MB 级别。
- 虚拟机的 ISO 文件可达 GB 级别。
- 快:
- 容器没有开机启动流程,直接以进程的方式在宿主机运行。
- 虚拟机存在开机启动流程。
- 性能高:
- 容器直接使用物理机的内核。
- 虚拟机使用的是虚拟的 CPU 内核,需要 VMM 程序做一次转换为物理 CPU 能够识别的指令,VMM 程序本身也会消耗一些资源。
- 迁移方便:
- 容器迁移时,可以直接迁移镜像,镜像是不可变的基础设施,只要有 Docker 环境都可以运行镜像。
- 虚拟机在迁移应用时,需要目标主机的 VMM 版本一致,如果不一致则会面临问题,而且虚拟机本身就是很大的文件,甚至有些平台不兼容则需要手动重新部署服务。
- 隔离性:
- 从隔离性角度来说,虚拟机比容器隔离性要好,所以,二者在此处可以互补。
容器和镜像的关系
- 镜像:是不可变的基础设施,即只读的。
- 容器:基于镜像启动的进程,将来对容器进行修改时,会采用 Copy On Write(COW)机制。
总结:
- 一个镜像可以运行多个容器。
- 镜像就好比 VM 的 “模板机”,容器就好比克隆的 “虚拟机”。
基于一个镜像启动多个容器案例
1. 下载镜像
[root@elk93 ~]# docker image pull registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
v1: Pulling from yinzhengjie-k8s/apps
5758d4e389a3: Pull complete
2c6e86e57dfd: Pull complete
2dd61e30a21a: Pull complete
Digest: sha256:3bee216f250cfd2dbda1744d6849e27118845b8f4d55dda3ca3c6c1227cc2e5c
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.27.4-alpine 1ff4bb4faebc 5 weeks ago 47.9MB
jasonyin2020/haoshuaicongedu-games v0.6 b55cbfca1946 12 months ago 376MB
registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps v1 f28fd43be4ad 14 months ago 23MB
[root@elk93 ~]# 2. 基于镜像启动多个容器
就是改个容器名字,改个映射端口即可
[root@elk93 ~]# docker run -p 81:80 --name c1 -d registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
2846f7d526c7f3211998865f0d86d7e8d691031cdc2c93539bd28a7e1dd15897
[root@elk93 ~]#
[root@elk93 ~]# docker run -p 82:80 --name c2 -d registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
668fed180ff4fe52735841e1ffc166f7f11eff764ec07edf835787f0d5be07d4
[root@elk93 ~]#
[root@elk93 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 12 seconds ago Up 11 seconds 0.0.0.0:81->80/tcp, :::81->80/tcp c1
[root@elk93 ~]# 常用参数说明
-p:指定端口映射,格式为宿主机端口:容器端口。--name:指定容器的名称。-d:让容器在后台运行。
3. 访问测试
http://10.0.0.93:81/容器的基础管理 * * * * *💋
1. 查看正在运行的容器列表
[root@elk93 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 27 minutes ago Up 27 minutes 0.0.0.0:81->80/tcp, :::81->80/tcp c1
[root@elk93 ~]# 上面ps命令,相关字段说明
- CONTAINER ID:容器的唯一标识。
- IMAGE:容器基于哪个镜像启动的。
- COMMAND:容器启动时运行的命令。
- CREATED:容器的创建时间。
- STATUS:容器的运行状态及时间。常见的状态有以下几种:
- Up:容器正在运行。
- Create:容器已经创建但是未运行。
- Exited:容器处于退出状态,未运行。
- Paused:容器处于暂停状态,既没有停止也没有运行,只是临时不对外提供服务。
- PORTS:配置端口映射信息,或者端口暴露信息。
- NAMES:容器的名称,每个容器的名称不能重复,必须唯一。
2. 停止容器
[root@elk93 ~]# docker stop c1
c1
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 32 minutes ago Up 32 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 32 minutes ago Exited (0) 1 second ago c1
[root@elk93 ~]# 3. 暂停容器
[root@elk93 ~]# docker pause c2
c2
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 33 minutes ago Up 33 minutes (Paused) 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 33 minutes ago Exited (0) 51 seconds ago c1
[root@elk93 ~]# 4. 恢复暂停
[root@elk93 ~]# docker unpause c2
c2
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 34 minutes ago Up 34 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 34 minutes ago Exited (0) About a minute ago c1
[root@elk93 ~]# 5. 创建容器
[root@elk93 ~]# docker create --name c3 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
bae123232da08d4f1bed833a28bbaefedbcb1dfa986ffaaac0e9d8c135cdc8cb
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a # 其中'-a'查看容器的所有状态
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bae123232da0 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 2 seconds ago Created c3
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 34 minutes ago Up 34 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 34 minutes ago Exited (0) 2 minutes ago c1
[root@elk93 ~]# 6. 修改容器的名称
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bae123232da0 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" About a minute ago Created c3
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 36 minutes ago Up 36 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp c2
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 36 minutes ago Exited (0) 3 minutes ago c1
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker rename c2 xixi
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bae123232da0 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" About a minute ago Created c3
668fed180ff4 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 36 minutes ago Up 36 minutes 0.0.0.0:82->80/tcp, :::82->80/tcp xixi
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 36 minutes ago Exited (0) 4 minutes ago c1
[root@elk93 ~]# 7. 停止容器
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 80/tcp c3
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker stop c3
c3
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 12 seconds ago Exited (0) 2 seconds ago c3
[root@elk93 ~]#
[root@elk93 ~]# 8. 启动容器
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 23 seconds ago Exited (0) 13 seconds ago c3
[root@elk93 ~]#
[root@elk93 ~]#
[root@elk93 ~]# docker start c3
c3
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 28 seconds ago Up 1 second 80/tcp c3
[root@elk93 ~]# 9. 重启容器
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 46 seconds ago Up 19 seconds 80/tcp c3
[root@elk93 ~]#
[root@elk93 ~]# docker restart c3
c3
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fe2025dda0cd registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 54 seconds ago Up 1 second 80/tcp c3
[root@elk93 ~]# 10. 删除容器
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0f4b8ecc47fb registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 80/tcp c2
9b9fbe9a1a54 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 11 seconds ago Created c3
2846f7d526c7 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 38 minutes ago Exited (0) 6 minutes ago c1
[root@elk93 ~]#
[root@elk93 ~]# docker container rm -f c1 c2 c3
c1
c2
c3
[root@elk93 ~]#
[root@elk93 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@elk93 ~]# 查看容器的详细信息
1. 查看容器的所有信息
[root@elk93 ~]# docker inspect c3
[
{
"Id": "fe2025dda0cddc4b81edae9618018dc932bc9bb48725bc921068039b6db82bb8", # 容器的ID
"Created": "2025-03-19T08:33:55.629687118Z", # 容器的创建时间
...
"State": { # 容器的运行状态
...
"Pid": 260929, # 容器在宿主机的进程ID
...
},
...
"Name": "/c3", # 容器的名称
...
},
"NetworkSettings": {
"...
"Gateway": "172.17.0.1", # 容器的网关地址
..
"IPAddress": "172.17.0.2", # 容器的IP地址
...
"Networks": {
"bridge": {
...,
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
...
}
}
}
}
]
[root@elk93 ~]# 2. 查看的进程 ID
[root@elk93 ~]# docker inspect -f '{{.State.Pid}}' c3
260929
[root@elk93 ~]# 3. 查看容器的 IP 地址
[root@elk93 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' c3
172.17.0.2
[root@elk93 ~]#
[root@elk93 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' c3
172.17.0.2
[root@elk93 ~]# 4. 查看最新创建容器的 IP 地址【彩蛋】
[root@elk93 ~]#docker inspect -f '{{.NetworkSettings.IPAddress}}' `docker ps -l | awk 'NR==2{print $NF}'`
172.17.0.2
[root@elk93 ~]#
[root@elk93 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' `docker ps -lq` # 推荐
172.17.0.2
[root@elk93 ~]# 查看容器的日志信息
1. 启动容器
[root@elk93 ~]# docker run -d --name myweb -p 90:80 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
e62f820d18b257d7ec67e0d9da8625a5d603b40f3e1a929527f5c88c21904b76
[root@elk93 ~]#
[root@elk93 ~]# docker container inspect -f "{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}" `docker container ps -lq`
172.17.0.3
[root@elk93 ~]#
[root@elk93 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e62f820d18b2 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 "/docker-entrypoint.…" 22 seconds ago Up 22 seconds 0.0.0.0:90->80/tcp, :::90->80/tcp myweb
[root@elk93 ~]# 2. 本地访问测试
[root@elk93 ~]# curl 172.17.0.3
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙传 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@elk93 ~]# 3. 在其他节点访问测试
[root@elk91 ~]# curl 10.0.0.93:90
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙传 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@elk91 ~]# curl 10.0.0.93:90/haoshuaicongedu.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@elk91 ~]# 3. 实时查看容器的日志信息
[root@elk93 ~]# docker logs -f myweb
...
172.17.0.1 - - [19/Mar/2025:09:03:44 +0000] "GET / HTTP/1.1" 200 357 "-" "curl/7.81.0" "-"
10.0.0.91 - - [19/Mar/2025:09:04:41 +0000] "GET / HTTP/1.1" 200 357 "-" "curl/7.81.0" "-"
2025/03/19 09:04:58 [error] 33#33: *3 open() "/usr/share/nginx/html/haoshuaicongedu.html" failed (2: No such file or directory), client: 10.0.0.91, server: localhost, request: "GET /haoshuaicongedu.html HTTP/1.1", host: "10.0.0.93:90"
10.0.0.91 - - [19/Mar/2025:09:04:58 +0000] "GET /haoshuaicongedu.html HTTP/1.1" 404 153 "-" "curl/7.81.0" "-"4. 查看容器 20 分钟内的日志
[root@elk93 ~]# docker logs -f --since 20m myweb 5. 查看 5 分钟之前的数据
[root@elk93 ~]# docker logs -f --until 5m myweb EFK 架构采集 docker 日志
1. 编写 Filebeat 配置文件
[root@elk93 filebeat]# cat 19-docker-to-es-tls.yaml
filebeat.inputs:
- type: container
paths:
- '/var/lib/docker/containers/*/*.log'
# 添加处理器
processors:
# 添加Docker的元数据信息,包括但不限于"Container ID","Name","Image","Labels"
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
output.elasticsearch:
hosts:
- https://10.0.0.91:9200
- https://10.0.0.92:9200
- https://10.0.0.93:9200
api_key: "m1wPlJUBrDbi_DeiIc-1:RcEw7Mk2QQKH_CGhMBnfbg"
index: haoshuaicongedu-haoshauicong-es-apikey-tls-2025-docker
# 配置es集群的tls,此处跳过证书校验。默认值为: full
# 参考链接:
# https://www.elastic.co/guide/en/beats/filebeat/7.17/configuration-ssl.html#client-verification-mode
ssl.verification_mode: none
setup.ilm.enabled: false
setup.template.name: "haoshuaicongedu-haoshauicong"
setup.template.pattern: "haoshuaicongedu-haoshauicong-*"
setup.template.overwrite: true
setup.template.settings:
index.number_of_shards: 3
index.number_of_replicas: 0
[root@elk93 filebeat]# 2. 启动 Filebeat 实例
[root@elk93 filebeat]# filebeat -e -c `pwd`/19-docker-to-es-tls.yaml 3. kibana 查看数据
略
基于 docker 部署 wordpress
1. 部署 MySQL 数据库
1.1 下载镜像
[root@elk92 ~]# docker pull mysql:8.0.36-oracle
8.0.36-oracle: Pulling from library/mysql
Digest: sha256:a532724022429812ec797c285c1b540a644c15e248579c6bfdf12a8fbaab4964
Status: Image is up to date for mysql:8.0.36-oracle
docker.io/library/mysql:8.0.36-oracle
[root@elk92 ~]#
svip:
[root@elk92 ~]# wget http://192.168.16.253/Resources/Docker/images/WordPress/haoshuaicongedu-mysql-v8.0.36-oracle.tar.gz
[root@elk92 ~]# docker load -i haoshuaicongedu-mysql-v8.0.36-oracle.tar.gz 1.2 运行 MySQL 数据库
[root@elk92 ~]# docker run -p 3306:3306 -d --name mysql-server -e MYSQL_DATABASE=wordpress -e MYSQL_USER=haoshuaicong -e MYSQL_PASSWORD=haoshuaicong -e MYSQL_ALLOW_EMPTY_PASSWORD="yes" mysql:8.0.36-oracle --character-set-server=utf8 --collation-server=utf8_bin --default-authentication-plugin=mysql_native_password
3486517bdce4e2fc72d4dabcb8767b0c554aa5313dd53a9c043cda4f7d49a75f
[root@elk92 ~]#
[root@elk92 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3486517bdce4 mysql:8.0.36-oracle "docker-entrypoint.s…" 3 seconds ago Up 2 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql-server
[root@elk92 ~]# 1.3 查看容器的信息
[root@elk92 ~]# docker exec -it mysql-server mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.36 MySQL Community Server - GPL
Copyright (c) 2000, 2024, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
5 rows in set (0.00 sec)
mysql>
mysql> SELECT user,host,plugin FROM mysql.user;
+------------------+-----------+-----------------------+
| user | host | plugin |
+------------------+-----------+-----------------------+
| haoshauicong | % | mysql_native_password |
| root | % | mysql_native_password |
| mysql.infoschema | localhost | caching_sha2_password |
| mysql.session | localhost | caching_sha2_password |
| mysql.sys | localhost | caching_sha2_password |
| root | localhost | mysql_native_password |
+------------------+-----------+-----------------------+
6 rows in set (0.00 sec)
mysql>
mysql> SHOW GRANTS FOR haoshauicong;
+--------------------------------------------------------+
| Grants for haoshauicong@% |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO `haoshauicong`@`%` |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO `haoshauicong`@`%` |
+--------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> 2. 部署 WordPress
2.1 下载镜像
[root@elk93 ~]# docker pull wordpress:6.7.1-php8.1-apache
SVIP :
[root@elk93 ~]# wget http://192.168.16.253/Resources/Docker/images/WordPress/haoshuaicongedu-wordpress-v6.7.1-php8.1-apache.tar.gz
[root@elk93 ~]# docker load -i haoshuaicongedu-wordpress-v6.7.1-php8.1-apache.tar.gz 2.2 运行 WordPress
[root@elk93 ~]# docker run -d --name wp -p 80:80 -e WORDPRESS_DB_HOST=10.0.0.92 -e WORDPRESS_DB_USER=haoshauicong -e WORDPRESS_DB_PASSWORD=haoshuaicongedu -e WORDPRESS_DB_NAME=wordpress wordpress:6.7.1-php8.1-apache
8531c43a6a2d4b282f3f3a41ab7024aee1a1bbb6db72b2e79f5c5ce48dbf095a
[root@elk93 ~]#
[root@elk93 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8531c43a6a2d wordpress:6.7.1-php8.1-apache "docker-entrypoint.s…" 4 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp wp
[root@elk93 ~]# 2.3 访问 wordpress 的 WebUI
http://10.0.0.93/wp-admin/install.php3. 发布文章测试
略,见视频。
docker基础命令总结* * * * *💋
镜像管理
# 从仓库拉取镜像到本地
docker image pull ----> docker pull
# 列出本地所有镜像(含镜像ID、仓库名、标签等信息)
docker image ls ----> docker images
# 为镜像添加新标签(常用于版本管理和私有仓库推送)
docker image tag ----> docker tag
# 删除本地镜像(需先停止关联容器)
docker image rm ----> docker rmi
# 加载本地镜像包(导入镜像)
docker image load ---> docker load
# 将镜像保存为 .tar 文件(支持压缩)(导出镜像)
docker image save ---> docker save 容器管理
# 查看运行中的容器(加 -a 显示所有容器)
docker container ls|ps ---> docker ps
# 删除已停止的容器(加 -f 强制删除运行中的容器)
docker container rm ---> docker rm
# 创建容器但不启动(需后续手动启动)
docker container create --->docker create
# 启停容器
docker container start ----> docker start
docker container stop ----> docker stop
docker container restart ----> docker restart
# 暂停/恢复容器进程(不释放资源)
docker container pause ----> docker pause
docker container unpause ---> docker unpause
# 创建并启动容器(常用参数:-d 后台运行,-p 端口映射)
docker container run ---> docker run
# 查看容器日志(加 -f 实时跟踪,--tail 显示末尾行数)
docker container logs ---> docker logs
# 查看容器20分钟内的日志
docker logs -f --since 20m myweb
# 查看5分钟之前的数据
docker logs -f --until 5m myweb
# 查看容器详细信息
docker container inspect ---> docker inspectdocker进阶命令总结* * * * *💋
# -a 表示全部的容器,-l最新的一个容器
docker ps -l
# 操作容器内的系统
docker exec ......
docker exec c1 ifconfig
docker exec c1 cat /etc/hosts
docker exec c2 ip a
# 进入容器,i表示交互,t表示开启一个终端,指定使用sh解释器默认是bash
docker exec -it c1 sh
# 拷贝容器内的文件,拷贝进或者拷贝出。默认自带递归
docker cp /etc/hosts c1:/usr/
docker cp c1:/usr/1.txt ./
# 取出详细信息中的某一个字段内容,注意不要跳层级,要带单引号
docker inspect -f '{{.字段路径}}' c1
# 操作存储卷,可以实现存储在宿主机磁盘实现容器的持久化存储
docker volume ls # 查看存储卷
docker volume rm xxx # 删除存储卷
docker volume prune -f # 删除所有未使用的卷
docker volume create xxx # 创建存储卷(没必要,因为指定的存储卷不存在会自动创建),若不指定则默认会生成随机1个
docker volume inspect xxx # 查看卷的详细信息
# 启动的时候,指定一个存储卷,将html这个目录挂载到hsc存储卷,容器使用宿主机的目录存储,持久化存储数据到宿主机,只要不删除这个存储卷
docker run -d --name c2 -v hsc:/usr/share/nginx/html xxx镜像
docker run -d --name c3 -v hsc:/usr/share/nginx/html xxx镜像 # 这俩数据存储到一个地方了,相当于nfs
docker run -d --name c5 --volumes-from c4 xx镜像 #c5使用c4的存储卷
docker run -d --name c2 -v /data:/usr/share/nginx/html xxx镜像 # 也可以直接指定路径
# 删除c1 的存储卷
docker container rm -f -v c1
# docker之所以exec进入容器后有一个家目录,是因为使用了linux底层的chroot技术,指定了一个容器的家目录
docker exec c1 touch /xixi.log
ls /var/lib/docker/overlay2/ee96862518138d9c297fe86e95da53c9c4b3ba2d7737028371fe90b4413918c5/merged
xixi.log
# info 查看docker环境的全局状态,可以看到底层使用的是linux的overlay技术
[root@elk92 ~]# docker info | grep "Storage Driver"
Storage Driver: overlay2
# docker底层使用iptables实现端口映射转发DNAT,如果上网需要开启内核转发net.ipv4.ip_forward=1
[root@elk91 html]# iptables-save | grep 85
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 85 -j DNAT --to-destination 172.17.0.2:80
[root@elk91 html]#
# docker底层使用linux的cgroup可以实现容器资源限制
docker run -d --name stress --cpu-quota 30000 -m 209715200 xxx镜像 #指定cpu不能超过百分30内存不能超过200m
# 容器压测(注,这个镜像特殊,)
docker pull jasonyin2020/haoshuaicongedu-linux-tools:v0.1
#docker的网络类型
none # 不分配网络,只有127.0.0.1
bridge # 正常分配,容器宿主机一对一网卡,默认
host # 容器使用宿主机网卡,一模一样
container # c2 --network c1 表示c2使用c1的网卡,一模一样
custom network # 自定义网络
# 创建自定义网络
docker network create -d bridge --subnet 172.30.0.0/16 --gateway 172.30.0.254 --ip-range 172.30.1.0/24 hsc
c1 --network hsc # 使用自定义互联网
docker network disconnect hsc c2 # 容器移除这个网络
docker network connect hsc c2 # 添加网络
docker network prune -f # 删除未被使用的网络
docker network rm -f hsc # 强制删除这个网络
# 容器的启动命令,重启规则策略
always # 只要容器停止,就会被重启
no # 只要容器停止,始终不重启
unless-stopped # 容器因任何原因(非手动停止)退出时自动重启
on-failure # 仅当容器以非零退出码(程序异常终止)退出时自动重启
#如何使用
docker run -d --name c1 --restart no xxx镜像