文章最后更新时间:2025年06月12日
前言:
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 或 Windows 操作系统的机器上,也可以实现虚拟化。容器完全使用沙箱机制,相互之间不会有任何接口。
容器对比 KVM 的好处:
- 容器能够提供宿主机的性能,而 KVM 虚拟机是分配宿主机的硬件资源,性能较弱。
- 同样配置的宿主机,若最多启动 10 个虚拟机,容器数量可启动 100+ 以上。
- 启动 KVM 虚拟机需完整开机过程,耗时约 20 秒,而启动容器仅需 1 秒。
- KVM 需要硬件 CPU 的虚拟化支持,容器不需要。
一个完整的 Docker 组成部分:
- Docker Client 客户端
- Docker Daemon 守护进程
- Docker Image 镜像
- Docker Container 容器
环境配置
# 安装常用包及更换阿里源
yum install -y vim lrzsz wget net-tools nmap tree dos2unix iftop unzip
cd /etc/yum.repos.d/
mkdir bak
# 备份原有的 repo 文件
mv *.repo bak/
wget https://mirrors.aliyun.com/repo/Centos-7.repo
wget https://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
开启 Linux 内核的转发流量
[root@localhost yum.repos.d]# cd /etc/sysctl.d/
[root@localhost sysctl.d]# ls
99-sysctl.conf
[root@localhost sysctl.d]# touch docker.conf
[root@localhost sysctl.d]# echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> docker.conf
[root@localhost sysctl.d]# echo 'net.bridge.bridge-nf-call-iptables = 1' >> docker.conf
[root@localhost sysctl.d]# echo 'net.ipv4.conf.default.rp_filter = 0' >> docker.conf
[root@localhost sysctl.d]# echo 'net.ipv4.conf.all.rp_filter = 0' >> docker.conf
[root@localhost sysctl.d]# echo 'net.ipv4.ip_forward = 1' >> docker.conf
[root@localhost sysctl.d]# modprobe br_netfilter
[root@localhost sysctl.d]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
安装 Docker
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
ll /etc/yum.repos.d/
yum clean all
yum makecache
# 查看 Docker 安装包
yum list docker-ce --showduplicates | sort -r
# 安装 Docker
yum install -y docker-ce-20.10.16
配置镜像加速器
用途:加速镜像文件的下载。
[root@localhost sysctl.d]# mkdir -p /etc/docker/
[root@localhost sysctl.d]# vim /etc/docker/daemon.json
[root@localhost sysctl.d]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.xuanyuan.me",
"https://docker.1panel.live"
]
}
# 加载配置文件
[root@localhost sysctl.d]# systemctl daemon-reload
# 设置开机自启
[root@localhost sysctl.d]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# 启动 docker
[root@localhost sysctl.d]# systemctl start docker
[root@localhost sysctl.d]# ps aux |grep docker
root 18776 0.5 3.2 1029568 60836 ? Ssl 21:40 0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 18913 0.0 0.0 112824 980 pts/0 S+ 21:41 0:00 grep --color=auto docker
# 查看 docker 镜像文件
[root@localhost sysctl.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
# 查看 docker 的版本
[root@localhost sysctl.d]# docker version
Client: Docker Engine - Community
Version: 20.10.18
API version: 1.41
Go version: go1.18.6
Git commit: b40c2f6
Built: Thu Sep 8 23:14:08 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.16
API version: 1.41 (minimum version 1.12)
Go version: go1.17.10
Git commit: f756502
Built: Thu May 12 09:18:08 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
启动第一个 Docker 容器
# 1、在镜像仓库,搜索镜像文件是否存在 nginx
[root@localhost sysctl.d]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 17536 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 178
bitnami/nginx Bitnami nginx Docker Image 141 [OK]
ubuntu/nginx Nginx, a high-performance reverse proxy & we… 63
bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 20 [OK]
rancher/nginx-ingress-controller 11
webdevops/nginx Nginx container 10 [OK]
ibmcom/nginx-ingress-controller Docker Image for IBM Cloud Private-CE (Commu… 4
bitnami/nginx-ldap-auth-daemon 3
bitnami/nginx-exporter 3
vmware/nginx 2
rancher/nginx-ingress-controller-defaultbackend 2
rapidfort/nginx RapidFort optimized, hardened image for NGINX 2
kasmweb/nginx An Nginx image based off nginx:alpine and in… 2
rancher/nginx 2
bitnami/nginx-intel 1
wallarm/nginx-ingress-controller Kubernetes Ingress Controller with Wallarm e… 1
vmware/nginx-photon 1
rancher/nginx-conf 0
rapidfort/nginx-ib RapidFort optimized, hardened image for NGIN… 0
ibmcom/nginx-ingress-controller-ppc64le Docker Image for IBM Cloud Private-CE (Commu… 0
rancher/nginx-ssl 0
continuumio/nginx-ingress-ws 0
rancher/nginx-ingress-controller-amd64 0
ibmcom/nginx-ppc64le Docker image for nginx-ppc64le 0
# 2、拉取 nginx 镜像
[root@localhost sysctl.d]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
a2abf6c4d29d: Pull complete
a9edb18cadd1: Pull complete
589b7251471a: Pull complete
186b1aaa4aa6: Pull complete
b4df32aa5a72: Pull complete
a0bcbecc962e: Pull complete
Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
# 3、查看本地镜像文件
[root@localhost sysctl.d]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 9 months ago 141MB
# 4、删除镜像文件(记录使用,别操作,不然还得重新下载 nginx 镜像)
[root@localhost sysctl.d]# docker rmi 605c77e624dd
Untagged: nginx:latest
Untagged: nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5
Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14
Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4
Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c
Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f
# 5、通过 nginx 镜像运行出 nginx 容器,提供 nginx 服务
# docker run 镜像名字/镜像id
# -d 表示后台运行
# -p 80:80 表示端口映射 宿主机端口:容器内端口 访问宿主机端口即可访问容器内端口
[root@localhost sysctl.d]# docker run -d -p 80:80 nginx
39174b8eee2b9768ec3d534a359549636a6f92e6a9e8ea2f5e0492060eca4822
# 6、查看容器是否在运行
[root@localhost sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39174b8eee2b nginx "/docker-entrypoint.…" 42 seconds ago Up 42 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp gifted_wing
# 查看端口:80 端口已被 docker 调用
[root@localhost sysctl.d]# netstat -pltun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 965/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1591/master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19319/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 965/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1591/master
tcp6 0 0 :::80 :::* LISTEN 19326/docker-proxy
udp 0 0 0.0.0.0:68 0.0.0.0:* 8442/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 697/chronyd
udp6 0 0 ::1:323 :::* 697/chronyd
网页访问:
关闭容器:
[root@localhost sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39174b8eee2b nginx "/docker-entrypoint.…" 12 minutes ago Up 12 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gifted_wing
# docker stop 容器 ID
[root@localhost sysctl.d]# docker stop 39174b8eee2b
39174b8eee2b
[root@localhost sysctl.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost sysctl.d]# netstat -pltun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 965/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1591/master
tcp6 0 0 :::22 :::* LISTEN 965/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1591/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 8442/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 697/chronyd
udp6 0 0 ::1:323 :::* 697/chronyd
文章版权声明:除非注明,否则均为柳三千运维录原创文章,转载或复制请以超链接形式并注明出处。
