docker 填坑记

docker 的自我填坑

安装docker

我的air 系统版本是 10.11.6, 装不了新的 docker desktop, so 只能安装:

brew install docker-toolbox

# ==> Caveats
# docker-toolbox has been officially discontinued upstream.
# It may stop working correctly (or at all) in recent versions of macOS.

# ==> Downloading https://github.com/docker/toolbox/releases/download/v19.03.1/DockerToolbox-19.03.1.pkg
# ==> Downloading from https://github-releases.githubusercontent.com/38274922/ce977100-b70d-11e9-9d55-4abada6ebba0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210413%2Fus-east
# ######################################################################## 100.0%
# All formula dependencies satisfied.
# ==> Installing Cask docker-toolbox
# ==> Running installer for docker-toolbox; your password may be necessary.
# Package installers may write to any location; options such as `--appdir` are ignored.
# Password:


# installer: Package name is Docker Toolbox
# installer: choices changes file '/private/tmp/choices20210413-69020-149osbn.xml' applied
# installer: Upgrading at base path /
# installer: The upgrade was successful.
# ==> Changing ownership of paths required by docker-toolbox; your password may be necessary.
# 🍺  docker-toolbox was successfully installed!

安装成功后会出现 Docker Quickstart Terminal.app, 执行TA:

# bash --login '/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh'
# Last login: Thu Apr  8 16:34:15 on ttys006
# echo:~ % bash --login '/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh'
# Creating CA: /Users/echo/.docker/machine/certs/ca.pem
# Creating client certificate: /Users/echo/.docker/machine/certs/cert.pem
# Running pre-create checks...
# (default) Default Boot2Docker ISO is out-of-date, downloading the latest release...
# (default) Latest release for github.com/boot2docker/boot2docker is v19.03.12
# (default) Downloading /Users/echo/.docker/machine/cache/boot2docker.iso from https://github.com/boot2docker/boot2docker/releases/download/v19.03.12/boot2docker.iso...
# (default) 0%....10%....20%....30%....40%....50%....60%....70%....80%....90%....100%
# Creating machine...
# (default) Copying /Users/echo/.docker/machine/cache/boot2docker.iso to /Users/echo/.docker/machine/machines/default/boot2docker.iso...
# (default) Creating VirtualBox VM...
# (default) Creating SSH key...
# (default) Starting the VM...
# (default) Check network to re-create if needed...
# (default) Found a new host-only adapter: "vboxnet1"
# (default) Waiting for an IP...
# Waiting for machine to be running, this may take a few minutes...
# Detecting operating system of created instance...
# Waiting for SSH to be available...
# Detecting the provisioner...
# Provisioning with boot2docker...
# Copying certs to the local machine directory...
# Copying certs to the remote machine...
# Setting Docker configuration on the remote daemon...
# Checking connection to Docker...
# Docker is up and running!
# To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: /usr/local/bin/docker-machine env default


#                         ##         .
#                   ## ## ##        ==
#                ## ## ## ## ##    ===
#            /"""""""""""""""""\___/ ===
#       ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
#            \______ o           __/
#              \    \         __/
#               \____\_______/


# docker is configured to use the default machine with IP 192.168.99.100
# For help getting started, check out the docs at https://docs.docker.com


echo:~ % /usr/local/bin/docker-machine env default
# export DOCKER_TLS_VERIFY="1"
# export DOCKER_HOST="tcp://192.168.99.100:2376"
# export DOCKER_CERT_PATH="/Users/echo/.docker/machine/machines/default"
# export DOCKER_MACHINE_NAME="default"
# # Run this command to configure your shell:
# # eval $(/usr/local/bin/docker-machine env default)


echo:~ % docker version
# Client: Docker Engine - Community
#  Version:           19.03.1
#  API version:       1.40
#  Go version:        go1.12.5
#  Git commit:        74b1e89
#  Built:             Thu Jul 25 21:18:17 2019
#  OS/Arch:           darwin/amd64
#  Experimental:      false

# Server: Docker Engine - Community
#  Engine:
#   Version:          19.03.12
#   API version:      1.40 (minimum version 1.12)
#   Go version:       go1.13.10
#   Git commit:       48a66213fe
#   Built:            Mon Jun 22 15:49:35 2020
#   OS/Arch:          linux/amd64
#   Experimental:     false
#  containerd:
#   Version:          v1.2.13
#   GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
#  runc:
#   Version:          1.0.0-rc10
#   GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
#  docker-init:
#   Version:          0.18.0
#   GitCommit:        fec3683


echo:~ % docker info
# Client:
#  Debug Mode: false

# Server:
#  Containers: 0
#   Running: 0
#   Paused: 0
#   Stopped: 0
#  Images: 0
#  Server Version: 19.03.12
#  Storage Driver: overlay2
#   Backing Filesystem: extfs
#   Supports d_type: true
#   Native Overlay Diff: true
#  Logging Driver: json-file
#  Cgroup Driver: cgroupfs
#  Plugins:
#   Volume: local
#   Network: bridge host ipvlan macvlan null overlay
#   Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
#  Swarm: inactive
#  Runtimes: runc
#  Default Runtime: runc
#  Init Binary: docker-init
#  containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
#  runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
#  init version: fec3683
#  Security Options:
#   seccomp
#    Profile: default
#  Kernel Version: 4.19.130-boot2docker
#  Operating System: Boot2Docker 19.03.12 (TCL 10.1)
#  OSType: linux
#  Architecture: x86_64
#  CPUs: 1
#  Total Memory: 1.947GiB
#  Name: default
#  ID: MUD7:NG5K:C5CZ:W4DM:A4EP:BZUK:WZYD:6DKA:SOII:PYQL:FDQK:WB23
#  Docker Root Dir: /mnt/sda1/var/lib/docker
#  Debug Mode: false
#  Registry: https://index.docker.io/v1/
#  Labels:
#   provider=virtualbox
#  Experimental: false
#  Insecure Registries:
#   127.0.0.0/8
#  Live Restore Enabled: false
#  Product License: Community Engine
 
 
echo:~ % cat "/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh"
# #!/bin/bash

# VM=default
# DOCKER_MACHINE=/usr/local/bin/docker-machine
# VBOXMANAGE=/Applications/VirtualBox.app/Contents/MacOS/VBoxManage

# BLUE='\033[0;34m'
# GREEN='\033[0;32m'
# NC='\033[0m'

# unset DYLD_LIBRARY_PATH
# unset LD_LIBRARY_PATH

# #clear all_proxy if not socks address
# if  [[ $ALL_PROXY != socks* ]]; then
#   unset ALL_PROXY
# fi
# if  [[ $all_proxy != socks* ]]; then
#   unset all_proxy
# fi

# clear

# if [ ! -f "${DOCKER_MACHINE}" ]; then
#   echo "Docker Machine is not installed. Please re-run the Toolbox Installer and try again."
#   exit 1
# fi

# if [ ! -f "${VBOXMANAGE}" ]; then
#   echo "VirtualBox is not installed. Please re-run the Toolbox Installer and try again."
#   exit 1
# fi

# "${VBOXMANAGE}" list vms | grep \""${VM}"\" &> /dev/null
# VM_EXISTS_CODE=$?

# if [ $VM_EXISTS_CODE -eq 1 ]; then
#   "${DOCKER_MACHINE}" rm -f "${VM}" &> /dev/null
#   rm -rf ~/.docker/machine/machines/"${VM}"
#   #set proxy variables inside virtual docker machine if they exist in host environment
#   if [ "${HTTP_PROXY}" ]; then
#     PROXY_ENV="$PROXY_ENV --engine-env HTTP_PROXY=$HTTP_PROXY"
#   fi
#   if [ "${HTTPS_PROXY}" ]; then
#     PROXY_ENV="$PROXY_ENV --engine-env HTTPS_PROXY=$HTTPS_PROXY"
#   fi
#   if [ "${NO_PROXY}" ]; then
#     PROXY_ENV="$PROXY_ENV --engine-env NO_PROXY=$NO_PROXY"
#   fi
#   "${DOCKER_MACHINE}" create -d virtualbox $PROXY_ENV --virtualbox-memory 2048 --virtualbox-disk-size 204800 "${VM}"
# fi

# VM_STATUS="$( set +e ; ${DOCKER_MACHINE} status ${VM} )"
# if [ "${VM_STATUS}" != "Running" ]; then
#   "${DOCKER_MACHINE}" start "${VM}"
#   yes | "${DOCKER_MACHINE}" regenerate-certs "${VM}"
# fi

# eval "$(${DOCKER_MACHINE} env --shell=bash --no-proxy ${VM})"

# clear
# cat << EOF


#                         ##         .
#                   ## ## ##        ==
#                ## ## ## ## ##    ===
#            /"""""""""""""""""\___/ ===
#       ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
#            \______ o           __/
#              \    \         __/
#               \____\_______/


# EOF
# echo -e "${BLUE}docker${NC} is configured to use the ${GREEN}${VM}${NC} machine with IP ${GREEN}$(${DOCKER_MACHINE} ip ${VM})${NC}"
# echo "For help getting started, check out the docs at https://docs.docker.com"
# echo

# USER_SHELL="$(dscl /Search -read /Users/${USER} UserShell | awk '{print $2}' | head -n 1)"
# if [[ "${USER_SHELL}" == *"/bash"* ]] || [[ "${USER_SHELL}" == *"/zsh"* ]] || [[ "${USER_SHELL}" == *"/sh"* ]]; then
#   "${USER_SHELL}" --login
# else
#   "${USER_SHELL}"
# fi 

第一站: 基础使用

启动第一个镜像

# 查找镜像:
docker search {name}

# 获取镜像
docker pull {name}

# 部署镜像
docker run -d -p 80:80 --name webserver nginx
docker run -d -p 8888:80 --name webserver nginx

# -p    小写p表示docker会选择一个具体的宿主机端口映射到容器内部开放的网络端口上
# -P    大写P表示docker会随机选择一个宿主机端口映射到容器内部开放的网络端口上
# -p 80:80
# -p 来指定Docker容器中nginx实例对外开放的端口
# 本例中，第一个80端口是对外开放的端口，第二个80端口指对外开放的端口映射到容器里的端口号


# 指定外部的配置文件: -v 表示挂载一个本机目录或文件到容器里。
docker run --name nginx -p 80:80 -v /develop/nginx/nginx.conf:/etc/nginx/nginx.conf -v /develop:/develop -d nginx
# -v /develop/nginx/nginx.conf:/etc/nginx/nginx.conf：
#   将/develop/nginx/nginx.conf配置文件挂载到容器中/etc/nginx/nginx.conf文件
# -v /develop:/develop：
#   将/develop这个目录挂载到容器里的/develop这个目录里


# 服务运行后，可以访问 http://localhost，如果看到了 "Welcome to nginx!"，就说明 Docker 安装成功了。

# 要查看当前一共运行的 实例
docker ps -a

# 查看容器执行的日志, 实例id 从ps -a行获取
docker logs {id}

# 要重启/停止/删除 容器：
docker restart 
docker stop webserver
docker rm webserver

# 查看容器实例的进程信息
docker top {id}

# 进入容器内
docker exec -it {id} bash

# 杀死容器实例
docker kill -s KILL {id}

# 复制容器内的文件到宿主机下
docker cp {id}:[容器内路径] {宿主机路径}

# 查看当前系统安装的镜像
docker images

至此,基本的 docker 操作就了解的差不多了.

遇到的问题

• Unable to find image 'nginx:latest' locally

增加镜像加速器

    "registry-mirrors": [
        "https://docker.mirrors.ustc.edu.cn",
        "https://reg-mirror.qiniu.com",
        "https://registry.docker-cn.com"
    ]

• docker应用启动后浏览器无法访问

网络配置问题导致的

netstat -na|grep 80  #容器内查看端口信息
docker port {id}  #或者 ——查看端口信息
docker-machine ip default #查看ip

外网访问的配置:

# Bridge 默认模式，有独立的namespace，会有独立的IP和端口
# Host 和主机共同使用一个namespace，不需要分配IP
# None  没有网络
# –net=bridge 默认选项，用网桥的方式来连接docker容器。
# –net=host docker跳过配置容器的独立网络栈。
# –net=container:NAME_or_ID— 告诉docker让这个新建的容器使用已有容器的网络配置。
# –net=none 告诉docker为新建的容器建立一个网络栈，但不对这个网络栈进行任何配置，所以只能访问本地网络，没有外网。

# 指定网络模式：--net=bridge 默认模式

docker run -d -p 8080:80 --net=bridge --name webserver nginx

# 注意: -p port1:port2
# 参数实际只做宿主机与容器主机的端口映射,容器内部服务启动的端口号是什么, port2就只能指定什么
# 亏得老子当年也是虚拟机之家的斑竹,竟然犯这个低级错误.容器特么的也是个虚拟机.
# 还以为 port2 是指定启动的 nginx服务绑定的端口

学习资料

• 在mac上安装docker，及docker-compose
• Docker Hub 镜像加速器
• docker的版本
• 基于 Docker 安装 Nginx，启动运行，外网访问，映射配置文件
• Docker容器内部端口映射到外部宿主机端口 - 运维笔记

第二站: 实战 静态站点环境构建

启动镜像

cd /Users/echo/workspace/echo-site/docker-learn

docker run -d -p 8080:80 --rm --name mynginx nginx

# -d：在后台运行
# -p：容器的 80 端口映射到宿主机的 8080
# --rm：容器停止运行后，自动删除容器文件
# --name：容器的名字为mynginx  

映射网页目录

mkdir static-site-demo
cd static-site-demo

docker run -d -p 8080:80 --rm --name mynginx --volume "$PWD/html":/usr/share/nginx/html nginx
docker run -d -p 8081:80 --rm --name mycv \
    --volume "$PWD/../../lab/easychen/lenxiong":/usr/share/nginx/html \
    nginx

docker-machine ip default

# open http://192.168.99.100:8080/
# open http://192.168.99.100:8081/

docker stop mycv

docker ps -a
# CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
# 19ffe7091020        nginx               "/docker-entrypoint.…"   27 minutes ago      Up 27 minutes       0.0.0.0:8080->80/tcp   mynginx

修改 nginx 配置

单纯修改静态页面有时候并不能完全满足诉求,比如 配置虚拟主机,增加https支持等

首先考虑的是将 容器里的 nginx 配置文件复制出来

docker cp mynginx:/etc/nginx .
mv ./nginx ./nginx-conf

docker stop mynginx

# 映射配置目录
docker run -d -p 8080:80 --rm --name mynginx \
    --volume "$PWD/html":/usr/share/nginx/html \
    --volume "$PWD/nginx-conf":/etc/nginx \
    nginx

docker ps -a
# CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
# 43cdb1ffb774        nginx               "/docker-entrypoint.…"   4 seconds ago       Up 4 seconds        0.0.0.0:8080->80/tcp   mynginx

# open http://192.168.99.100:8080/

为容器加入 HTTPS 支持 (自签名证书)

第一件事就是生成私钥和证书

首先，确定你的机器安装了 OpenSSL，然后执行下面的命令:

openssl req \
  -x509 \
  -nodes \
  -days 365 \
  -newkey rsa:2048 \
  -keyout example.key \
  -out example.crt

# 各个参数含义如下:
# req：处理证书签署请求。
# -x509：生成自签名证书。
# -nodes：跳过为证书设置密码的阶段，这样 Nginx 才可以直接打开证书。
# -days 365：证书有效期为一年。
# -newkey rsa:2048：生成一个新的私钥，采用的算法是2048位的 RSA。
# -keyout：新生成的私钥文件为当前目录下的example.key。
# -out：新生成的证书文件为当前目录下的example.crt。  
# 非 mac 下可能要加上 sudo 来获取授权
# 

其中最重要的一个问题是 Common Name，正常情况下应该填入一个域名，这里可以填 192.168.99.100

回答完问题，当前目录应该会多出两个文件：example.key和example.crt。

conf目录下新建一个子目录certs，把这两个文件放入这个子目录

mkdir nginx-conf/certs
mv example.crt example.key nginx-conf/certs

第二件事就是配置 HTTPS

首先，打开conf/conf.d/default.conf文件，在结尾添加下面的配置

server {
    listen 443 ssl http2;
    server_name  localhost;

    ssl                      on;
    ssl_certificate          /etc/nginx/certs/example.crt;
    ssl_certificate_key      /etc/nginx/certs/example.key;

    ssl_session_timeout  5m;

    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

然后，启动一个新的 Nginx 容器

docker run -d --rm --name mynginx \
  --volume "$PWD/html":/usr/share/nginx/html \
  --volume "$PWD/nginx-conf":/etc/nginx \
  -p 8080:80 \
  -p 8081:443 \
  nginx

# open https://192.168.99.100:8081/


docker run -d --rm --name mynginx \
  --volume "$PWD/html":/usr/share/nginx/html \
  --volume "$PWD/nginx-conf":/etc/nginx \
  -p 8080:80 \
  -p 443:443 \
  nginx

然后你会发现浏览器提示证书无效

学习资料

• Docker 入门教程
• Nginx 容器教程

第三站: 实战 WordPress环境构建

学习资料

• Docker 微服务教程

第N站: 实战 公司项目环境构建

学习资料

第N站: 容器资源限制

内存

学习资料

• Docker 运行时资源限制-内存限制
• Docker容器：磁盘&内存&CPU资源限制实战
• Docker配置磁盘配额限制磁盘固定大小