

系统:centos 7(mac和windows请自行百度)


1. sudo yum update


2. sudo yum install -y yum-utils device-mapper-persistent-data lvm2


3. sudo yum-config-manager --add-repo


4. sudo yum list docker-ce --showduplicates | sort -r


5. sudo yum install docker-ce



$ vim /etc/docker/daemon.json


	"registry-mirrors": [ ""]



sudo systemctl start docker.service


sudo systemctl status docker.service

服务状态为:active (running) 则启动成功

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since 五 2019-08-16 23:20:34 CST; 26min ago
 Main PID: 14607 (dockerd)
    Tasks: 10
   Memory: 47.5M
   CGroup: /system.slice/docker.service
           └─14607 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.139865587+08:00" level=info msg="pickfirstBalancer: HandleSubConnS...ule=grpc
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.140183319+08:00" level=info msg="pickfirstBalancer: HandleSubConnS...ule=grpc
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.154104953+08:00" level=info msg="[graphdriver] using prior storage...verlay2"
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.156229778+08:00" level=info msg="Loading containers: start."
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.621663533+08:00" level=info msg="Default bridge (docker0) is assig...address"
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.827552802+08:00" level=info msg="Loading containers: done."
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.877358932+08:00" level=info msg="Docker daemon" commit=74b1e89 gra...=19.03.1
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.877408936+08:00" level=info msg="Daemon has completed initialization"
8月 16 23:20:34 localhost.localdomain dockerd[14607]: time="2019-08-16T23:20:34.894559625+08:00" level=info msg="API listen on /var/run/docker.sock"
8月 16 23:20:34 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.


运行 docker image --help

  build       Build an image from a Dockerfile	# 从一个Dockerfile中构建一个Docker镜像
  history     Show the history of an image		# 查看某个镜像的历史记录,参数跟查看镜像的id
  import      Import the contents from a tarball to create a filesystem image	# 使用系统中某个文件构建一个镜像
  inspect     Display detailed information on one or more images				# 查看一个或多个镜像的详细信息
  load        Load an image from a tar archive or STDIN							# 从一个压缩文件中加载镜像
  ls          List images						# 列出已加载的镜像
  prune       Remove unused images				# 移除没使用的镜像
  pull        Pull an image or a repository from a registry	# 从远程镜像仓库或本地镜像仓库拉取镜像
  push        Push an image or a repository to a registry	# 推送镜像到远程镜像仓库或本地镜像仓库
  rm          Remove one or more images						# 移除一个或多个镜像,
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE



查询本地镜像使用 docker image ls

  ls, images, list	# image的一些别名, docker image ls = docker images = docker iamge list 

  -a, --all             Show all images (default hides intermediate images)	# -a 显示所有镜像,包括中间层镜像
      --digests         Show digests
  -f, --filter filter   Filter output based on conditions provided			# -f 过滤
      --format string   Pretty-print images using a Go template
      --no-trunc        Don't truncate output
  -q, --quiet           Only show numeric IDs	# 仅显示镜像的id

some example :

# 列出镜像
sudo docker images
# 列出镜像
sudo docker image ls -a
# 列出悬挂的镜像
sudo docker image ls -f dangling=true


远程镜像查询使用 docker search image-name

  -f, --filter filter   Filter output based on conditions provided
      --format string   Pretty-print search using a Go template
      --limit int       Max number of search results (default 25)
      --no-trunc        Don't truncate output

one example:

# 从远程仓库查询Ubuntu的镜像
sudo docker search ubuntu


拉取镜像使用 docker pull image-name

  -a, --all-tags                Download all tagged images in the repository
      --disable-content-trust   Skip image verification (default true)
  -q, --quiet                   Suppress verbose output

some example:

# 拉取java-8镜像
sudo docker pull java:8
# 拉取最新的centos镜像
sudo docker pull centos


删除镜像使用 docker rmi image-id 前提是该镜像的所有容器已经停止或移除

  -f, --force      Force removal of the image
      --no-prune   Do not delete untagged parents

iamge-id可以用docker images 查看
one example

sudo docker rmi image-id




构建镜像使用 docker build命令

      --add-host list           Add a custom host-to-IP mapping (host:ip)
      --build-arg list          Set build-time variables
      --cache-from strings      Images to consider as cache sources
      --cgroup-parent string    Optional parent cgroup for the container
      --compress                Compress the build context using gzip
      --cpu-period int          Limit the CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int           Limit the CPU CFS (Completely Fair Scheduler) quota
  -c, --cpu-shares int          CPU shares (relative weight)
      --cpuset-cpus string      CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string      MEMs in which to allow execution (0-3, 0,1)
      --disable-content-trust   Skip image verification (default true)
  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --force-rm                Always remove intermediate containers
      --iidfile string          Write the image ID to the file
      --isolation string        Container isolation technology
      --label list              Set metadata for an image
  -m, --memory bytes            Memory limit
      --memory-swap bytes       Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --network string          Set the networking mode for the RUN instructions during build (default "default")
      --no-cache                Do not use cache when building the image
      --pull                    Always attempt to pull a newer version of the image
  -q, --quiet                   Suppress the build output and print image ID on success
      --rm                      Remove intermediate containers after a successful build (default true)
      --security-opt strings    Security options
      --shm-size bytes          Size of /dev/shm
  -t, --tag list                Name and optionally a tag in the 'name:tag' format
      --target string           Set the target build stage to build.
      --ulimit ulimit           Ulimit options (default [])


  • -f 指定Dockerfile的路径
  • -t 指定镜像名称以及镜像tag image-name:image-tag

one example:

# /home/user/Dockerfile 是一个文件,Docker构建文件
# myapp:app => myapp是名称app是tag
# /home/user/app-dir 是一个目录,包含Dockerfile中所需要的所有文件
sudo docker build -f /home/user/Dockerfile -t myapp:app /home/user/app-dir



docker 启动一个镜像使用docker run命令

      --add-host list                  Add a custom host-to-IP mapping (host:ip)
  -a, --attach list                    Attach to STDIN, STDOUT or STDERR
      --blkio-weight uint16            Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
      --blkio-weight-device list       Block IO weight (relative device weight) (default [])
      --cap-add list                   Add Linux capabilities
      --cap-drop list                  Drop Linux capabilities
      --cgroup-parent string           Optional parent cgroup for the container
      --cidfile string                 Write the container ID to the file
      --cpu-period int                 Limit CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int                  Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int              Limit CPU real-time period in microseconds
      --cpu-rt-runtime int             Limit CPU real-time runtime in microseconds
  -c, --cpu-shares int                 CPU shares (relative weight)
      --cpus decimal                   Number of CPUs
      --cpuset-cpus string             CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string             MEMs in which to allow execution (0-3, 0,1)
  -d, --detach                         Run container in background and print container ID
      --detach-keys string             Override the key sequence for detaching a container
      --device list                    Add a host device to the container
      --device-cgroup-rule list        Add a rule to the cgroup allowed devices list
      --device-read-bps list           Limit read rate (bytes per second) from a device (default [])
      --device-read-iops list          Limit read rate (IO per second) from a device (default [])
      --device-write-bps list          Limit write rate (bytes per second) to a device (default [])
      --device-write-iops list         Limit write rate (IO per second) to a device (default [])
      --disable-content-trust          Skip image verification (default true)
      --dns list                       Set custom DNS servers
      --dns-option list                Set DNS options
      --dns-search list                Set custom DNS search domains
      --domainname string              Container NIS domain name
      --entrypoint string              Overwrite the default ENTRYPOINT of the image
  -e, --env list                       Set environment variables
      --env-file list                  Read in a file of environment variables
      --expose list                    Expose a port or a range of ports
      --gpus gpu-request               GPU devices to add to the container ('all' to pass all GPUs)
      --group-add list                 Add additional groups to join
      --health-cmd string              Command to run to check health
      --health-interval duration       Time between running the check (ms|s|m|h) (default 0s)
      --health-retries int             Consecutive failures needed to report unhealthy
      --health-start-period duration   Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
      --health-timeout duration        Maximum time to allow one check to run (ms|s|m|h) (default 0s)
      --help                           Print usage
  -h, --hostname string                Container host name
      --init                           Run an init inside the container that forwards signals and reaps processes
  -i, --interactive                    Keep STDIN open even if not attached
      --ip string                      IPv4 address (e.g.,
      --ip6 string                     IPv6 address (e.g., 2001:db8::33)
      --ipc string                     IPC mode to use
      --isolation string               Container isolation technology
      --kernel-memory bytes            Kernel memory limit
  -l, --label list                     Set meta data on a container
      --label-file list                Read in a line delimited file of labels
      --link list                      Add link to another container
      --link-local-ip list             Container IPv4/IPv6 link-local addresses
      --log-driver string              Logging driver for the container
      --log-opt list                   Log driver options
      --mac-address string             Container MAC address (e.g., 92:d0:c6:0a:29:33)
  -m, --memory bytes                   Memory limit
      --memory-reservation bytes       Memory soft limit
      --memory-swap bytes              Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --memory-swappiness int          Tune container memory swappiness (0 to 100) (default -1)
      --mount mount                    Attach a filesystem mount to the container
      --name string                    Assign a name to the container
      --network network                Connect a container to a network
      --network-alias list             Add network-scoped alias for the container
      --no-healthcheck                 Disable any container-specified HEALTHCHECK
      --oom-kill-disable               Disable OOM Killer
      --oom-score-adj int              Tune host's OOM preferences (-1000 to 1000)
      --pid string                     PID namespace to use
      --pids-limit int                 Tune container pids limit (set -1 for unlimited)
      --privileged                     Give extended privileges to this container
  -p, --publish list                   Publish a container's port(s) to the host
  -P, --publish-all                    Publish all exposed ports to random ports
      --read-only                      Mount the container's root filesystem as read only
      --restart string                 Restart policy to apply when a container exits (default "no")
      --rm                             Automatically remove the container when it exits
      --runtime string                 Runtime to use for this container
      --security-opt list              Security Options
      --shm-size bytes                 Size of /dev/shm
      --sig-proxy                      Proxy received signals to the process (default true)
      --stop-signal string             Signal to stop a container (default "SIGTERM")
      --stop-timeout int               Timeout (in seconds) to stop a container
      --storage-opt list               Storage driver options for the container
      --sysctl map                     Sysctl options (default map[])
      --tmpfs list                     Mount a tmpfs directory
  -t, --tty                            Allocate a pseudo-TTY
      --ulimit ulimit                  Ulimit options (default [])
  -u, --user string                    Username or UID (format: <name|uid>[:<group|gid>])
      --userns string                  User namespace to use
      --uts string                     UTS namespace to use
  -v, --volume list                    Bind mount a volume
      --volume-driver string           Optional volume driver for the container
      --volumes-from list              Mount volumes from the specified container(s)
  -w, --workdir string                 Working directory inside the container


  • -h 使用指定ip启动容器
  • -p 指定端口映射 宿主机port:容器port,可指定多个
  • -v 指定挂载目录,可指定多个

some example:

# 启动一个容器
sudo docker run -it container-name
# 启动一个容器指定一个端口映射
sudo docker run -it -p 80:8080 container-name
# 启动一个容器指定一个挂载目录
sudo docker run -it -v /tmp:tmp container-name


挂载目录后出现没有权限可以加上 –privileged=true来解决

sudo docker run -it -v /var:/var -v /root/.zconfig:/root/.zconfig --privileged=true  container-name


# 列出所有镜像
sudo docker images
# 停止指定id的容器,多个id用空格隔开
sudo docker stop container-id
# 停止运行中的所有容器
sudo docker stop $(docker ps -a -q)
# 移除所有容器
sudo docker rm $(docker ps -a -q)
# 移除指定id的容器,多个id用空格隔开
sudo docker rm container-id
# 移除指定id的镜像,多个id用空格隔开(移除镜像必须先关闭移除镜像的容器)
sudo docker rmi image-id
# 使用Dockerfile和jar构建一个镜像
sudo docker build -f Dockerfile-path -t image-name:image-tag dir-path

End, thanks !





