0x00:介绍
Docker 属于 Linux 容器的一种封装,提供简单易用的容器使用接口。它是目前最流行的 Linux 容器解决方案。Docker 将应用程序与该程序的依赖,打包在一个文件里面。运行这个文件,就会生成一个虚拟容器。程序在这个虚拟容器里运行,就好像在真实的物理机上运行一样。有了 Docker,就不用担心环境问题。 虚拟机和Docker不同,虚拟机是模拟了硬件和环境,安装时需要选择硬件属性等,而Docker 只有环境,其硬件是使用主机的硬件,比虚拟机更加方便快捷。
0x01:安装
Docker安装有很多教程,这里我放一个教程
https://baijiahao.baidu.com/s?id=1592846051245987256&wfr=spider&for=pc
0x02:基本使用
如果你的docker安装完毕,在命令行中输入 docker 显示了如下信息代表安装成功
root@Thunder_J-virtual-machine:~/桌面# docker
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/home/Thunder_J/.docker")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/home/Thunder_J/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/home/Thunder_J/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/home/Thunder_J/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
Doker信息查询
| 操作 | 命令 | 说明 |
|---|---|---|
| 版本 | docker version | 查看docker版本 |
| 信息 | docker info | 查看详细的docker信息 |
| 历史 | docker history 容器名或id | 查看docker修改历史 |
关于 docker 的查找
- 可以在hub.docker.com上查找需要下载的docker
- 输入命令docker search xxx,AUTOMATED表示是否是官方提供的,ok表示是官方认证,STARS表示收藏人数,下面我搜索与pwn有关的docker显示如下
root@Thunder_J-virtual-machine:~/桌面# docker search pwn
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
superkojiman/pwnbox Docker container with tools for binary rever… 6 [OK]
pwntools/pwntools CTF framework and exploit development library 4 [OK]
skysider/pwndocker a docker environment for pwn 4 [OK]
grazfather/pwndock Pwning docker 3
stefanscherer/pwned-passwords Docker image to search for pwned passwords 3
pwntr/samba-alpine Simple and lightweight Samba docker containe… 2 [OK]
edibledinos/pwnbook Create a container which runs pwnypack's pwn… 1 [OK]
gedigi/pwntainer A Docker container for pwning 1 [OK]
pwntr/nzbget-alpine A simple and super lightweight nzbget docker… 0 [OK]
pwntus/visualbox-node 0
pwntr/headphones-alpine A simple and super lightweight headphones do… 0 [OK]
moreapps/pwn-hook pwn-hook 0
edibledinos/pwnypack Docker image to run pwnypack shell. 0 [OK]
pwntr/minimserver-alpine A simple and super lightweight MinimServer D… 0 [OK]
robertlarsen/pwntools 0
pwnwb/busybox 0
lflare/pwnbox 0
ryarnyah/docker-pwndbg docker-pwndbg 0 [OK]
bsidespdx2018/pwn200 0
pwntr/acd_cli-alpine A simple and lightweight acd_cli docker cont… 0 [OK]
iotsec/pwnable pwnable image for the iotsec box 0
glarsen/apex-pwn-ret2lost 0
torque59/pwnlabs A kubernetes pwn cluster 0
bsidespdx2018/pwn300 0
n0b0dyvn/pwnctf Docker Images for CTF play. Include gdb peda… 0
systemclt命令
| 操作 | 命令 | 说明 |
|---|---|---|
| 查看 | systemctl status docker | 查看docker状态 |
| 关闭 | systemctl stop docker | 关闭docker |
| 开启 | systemctl start docker | 开启docker |
| 重启 | systemctl restart docker | 重启docker |
| 开机自动启动 | systemctl enable docker | 设置开机自动启动 |
测试运行
输入 docker run hello-world 命令下载hello-world镜像并运行
root@Thunder_J-virtual-machine:~/桌面# docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
上面是通过在docker官方网站下载的镜像,建议注册一个阿里云的账号(dev.aliyun.com),在阿里云容器镜像服务中找到自己专属的加速器地址并更改路径中的daemon.json文件为自己的加速器地址,这样下载容器速度会快很多
vi /etc/docker/daemon.json
xxx 修改为你的专属加速地址
{
"registry-mirrors": ["https://xxx.mirror.aliyuncs.com"]
}
镜像操作
| 操作 | 命令 | 说明 |
|---|---|---|
| 拉取 | docker pull xxx:tag | 拉取镜像,tag为版本信息,如果不指定版本默认为latest |
| 查看 | docker images | 查看本地镜像 |
| 元信息 | docker inspect 容器id | 获取容器的元信息 |
| 删除 | docker rmi 镜像id或镜像名 | 删除指定的本地镜像,加-f表示强制删除 |
查看镜像
root@Thunder_J-virtual-machine:~/桌面# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest 4ab4c602aa5e 6 months ago 1.84kB
删除指定的本地镜像
root@Thunder_J-virtual-machine:~/桌面# docker rmi 4ab4c602aa5e
Error response from daemon: conflict: unable to delete 4ab4c602aa5e (must be forced) - image is being used by stopped container 2c8d8795bd2e
root@Thunder_J-virtual-machine:~/桌面# docker rmi -f 4ab4c602aa5e
Untagged: hello-world:latest
Untagged: hello-world@sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788
Deleted: sha256:4ab4c602aa5eed5528a6620ff18a1dc4faef0e1ab3a5eddeddb410714478c67f
容器操作
| 操作 | 命令 | 说明 |
|---|---|---|
| 运行 | docker run --name 容器名 -i -t -p 主机端口:容器端口 -d 镜像id或镜像名称:tag | --name指定容器名,名称自定义,如果不指定则会自动命名;-i 以交互模式运行;-t 分配一个伪终端,通常组合使用 -it;-p 将主机端口映射到容器端口;-d 表示后台运行 |
| 列表 | docker ps -a -q | 查看正在运行的容器,-a 表示显示所有容器,-q 表示只显示容器id |
| 启动 | docker start 容器id或容器名称 | 启动容器 |
| 停止 | docker stop 容器id或容器名称 | 停止正在运行的容器 |
| 删除 | docker rm -f 容器id或容器名称 | 删除容器,-f 表示强制删除 |
| 全部删除 | docker rm -f $(docker ps -aq) | 删除全部容器 |
| 日志 | docker logs 容器id或容器名称 | 获取容器的日志 |
| 在容器中执行 | docker exec -it 容器id或容器名称 /bin/bash | 进入正在运行的容器中并开启一个交互模式的终端,可以在容器中执行操作 |
| 拷贝文件 | docker cp 主机中的文件路径 容器id或容器名称:容器路径 | 拷贝主机中的文件到容器中,当然也可以从容器中拷贝文件到主机,将路径改一下即可 |
这里我从网上随便下载了一个镜像,下面演示如何运行这个容器
root@Thuder_J-virtual-machine:~/桌面# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu stack1 d03f80550adf 4 months ago 467MB
root@Thuder_J-virtual-machine:~/桌面# docker run -it d03f80550adf
pwn@4c75f4b58012:/$ ls
bin boot dev etc home lib lib32 lib64 media mnt opt proc root run sbin srv sys tmp usr var
pwn@4c75f4b58012:/$ whoami
pwn
更新镜像
| 操作 | 命令 | 说明 |
|---|---|---|
| 更新镜像 | docker commit -m="描述消息" -a="作者" 容器id或容器名 镜像名:tag | 更新镜像内容 |
| 构建镜像 | docker build | 构建镜像,需要创建 DockerFile 文件 |
通过命令修改docker中内容,这里以tomcat为例,我们修改其主页面
步骤
- 根据基础镜像创建容器
docker run --name mytomcat -p 8080:8080 -d tomcat
- 修改容器
docker exec -it bcd08edac78d /bin/bash
cd webapps/ROOT
rm -f index.jsp
echo welcome to tomcat > index.html
exit
- 提交为新镜像
docker commit -m="修改默认索引页" -a="Thunder_J" 容器id或容器名 bcd08edac78d itany/tomcat:v1
- 使用新镜像运行容器
docker run --name tomca_v1 -p 8080:8080 -d itany/tomcat:v1
Dockerfile
Dockerfile 是一个用来构建docker镜像的文件,Dockerfile 是一个包涵创建镜像所有命令的文本文件,最终会生成一个新的镜像,第一条指令必须是FROM,使用Docker build命令可以根据Dockerfile内容创建镜像,达到上面更新镜像的目的
步骤
- 创建Dockerfile文件
vi Dockerfile
内容如下,指令必须大写,后面必须接参数
#基础镜像
FROM tomcat
#作者
MAINTAINER Thunder_J
#执行命令
RUN rm -f /usr/local/tomacat/webapps/ROOT/index.jsp
RUN echo "Welcome to tomcat!" > /usr/local/tomacat/webapps/ROOT/index.html
- 构建新镜像
docker build语法:docker build -f Dockerfile文件的路径 -t 镜像名:tag 命令执行上下文(.代表当前目标)
docker build -f Dockerfile -t itany/tomcat:v2 .
- 使用新镜像运行容器
docker run --name tomca_v2 -p 9999:8080 -d itany/tomcat:v2
常用指令
| 指令 | 解释 |
|---|---|
| FROM | 指定基础镜像,即当前新镜像是基于哪个镜像的 |
| MAINTAINER | 指定作者 |
| RUN | 指定构建过程中要运行的命令 |
| ENV | 设置环境变量 |
| WORKDIR | 指定默认的工作目录,即进入容器后默认进入的目录 |
| VOLUME | 创建挂载点,用于数据共享和持久化 |
| CMD | 指定容器启动时运行的命令,与RUN不同,这些命令不是在镜像构建过程中执行的 |
| ENTRYPOINT | 指定容器启动时运行的命令,与CMD不同 |
| COPY | 拷贝文件/目录到镜像中 |
| ADD | 拷贝文件到镜像中且会自动解压缩 |
| EXPOSE | 指定对外暴露的端口 |
CMD 和 ENTRYPOINT 区别
- CMD
在Dockerfile中可以有多条CMD指令,但只有最后一条生效,CMD会被docker run后的参数覆盖 - ENTRYPOINT
docker run后的参数会和ENTRYPOINT形成新的组合指令
扫一扫
2988
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
