docker 安装和使用

一、centos7 安装docker

    1:删除老版本

yum remove docker \
           docker-client \
           docker-client-latest \
           docker-common \
           docker-latest \
           docker-latest-logrotate \
           docker-logrotate \
           docker-selinux \
           docker-engine-selinux \
           docker-engine

    2:安装一些必要的系统工具

yum install -y yum-utils device-mapper-persistent-data lvm2

    3:添加软件源信息

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

    4:更新 yum 缓存

yum makecache fast

    5:安装 Docker-ce

yum -y install docker-ce

    6:启动 Docker 后台服务

systemctl enable docker
systemctl start docker

    7:docker镜像加速

   2024.06.06以上加速网站的Docker Hub加速大部分无法使用有网友测试 dockerhub.timeweb.cloud 和 huecker.io还可以使用目前还可以使用如下加速方案
   1:通过Github Action同步镜像到阿里镜像仓库
        从阿里云容器镜像服务中获取命名空间、用户名、密码、仓库地址信息->Github中fork项目github.com/tech-shrimp/docker_image_pusher->在自己的docker_image_pusher中进入Action启用Github Action功能->New Repository secret(配置环境变量将ALIYUN_NAME_SPACE-命名空间,ALIYUN_REGISTRY_USER-用户名,ALIYUN_REGISTRY_PASSWORD-密码,ALIYUN_REGISTRY-仓库地址 的值配置成环境变量)->打开项目中的images.txt添加要拉取的镜像用换行分割->提交修改后就开始拉取了同步到阿里镜像仓库了
         可以通过修改/.github/workflows/docker.yaml文件添加schedule:  -  cron: '00 23 * * *'来定时执行
    2:通过cloudflare代理
        详细步骤请阅读 Cloudflare 常用操作-CSDN博客
   创建或修改/etc/docker/daemon.json

{
  "registry-mirrors":[
    "https://docker.mirrors.ustc.edu.cn",
    "https://registry.docker-cn.com"
  ]
}
systemctl daemon-reload
systemctl restart docker

  docker info在结果中查看配置是否成功
  docker默认安装目录为/var/lib/docker
  docker服务日志:/var/log/messages
  docker容器日志:/var/lib/docker/cintainers/id/...json.log

    8:Docker 修改默认存储路径
        修改docker systemd的 docker.service配置(可以通过systemctl status docker查看路径Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled))
        修改EXECStart:EXECStart=/usr/bin/dockerd --graph /home/docker
        systemctl disabke docke && systemctl enable docke && systemctl daemon-reload && systemctl start docke
        通过docker info 查看是否修改成功

    9:Docker 修改默认容器日志大小
        vim /etc/docker/daemon.json
        {"registry-mirrors": [],"log-driver":"json-file","log-opts": {"max-size":"500m", "max-file":"3"}} // max-size 容器日志上线,max-file容器日志个数
        systemctl daemon-reload    systemctl restart docker  注:设置的大小只对新创建的容器有效

    10:开启2375端口远程访问
        vim /usr/lib/systemd/system/docker.service:
        在 ExecStart=/usr/bin/dockerd 后 增加  -H tcp://0.0.0.0:2375 -H                unix://var/run/docker.sock
        重新读取配置 systemctl daemon-reload
        重启 systemctl restart docker

    11:添加私有镜像仓库
        方式一:vim  /usr/lib/systemd/system/docker.service
                      在 ExecStart=/usr/bin/dockerd 后 增加 --insecure-registry ip
                      systemctl daemon-reload    systemctl restart docker
        方式二:vim /etc/docker/daemon.json
                       {"registry-mirrors": [], "insecure-registries": ["ip"]}
                       insecure-registries可以避免非https的私服不能pull镜像的问题
                       systemctl daemon-reload    systemctl restart docker

    12:docker启动报错
        在启动docker容器时报:Error response from daemon: driver failed programming external connectivity on endpoint XXX(端口映射或启动容器时报错)
        原因是我们启动docker后对防火墙进行了操作,需要重启docker来解决

二、docker常用命令

    docker pull name:latest获取镜像
    docker run -d name:latest快速部署和启动镜像
                      --name name容器名称
                      --hostname=""   -h指定容器的主机名 
                      --add-host host:127.0.0.1启动时增加hosts到容器
                      --add-host host.docker.internal:host-gateway 这样可以通过host.docker.internal访问宿主机
                      --link name:name链接到另一个容器1.12可被network替代
                      --net bridge指定容器的网络连接类型
                      --network name指定加入到名为name的网络中可通过docker network ls查看
                      --network-alias指定容器name网络中的别名是bvrfis-net
    docker start [NAME|ID]启动容器服务
    docker stop [NAME|ID]停止容器服务
    docker restart [NAME|ID]重启容器服务
    docker rm [NAME|ID]删除容器
    docker rm $(docker ps -a -q)删除所有非启动状态的容器
    docker images 查看本机镜像
    docker search [name]查找镜像
    docker tag [NAME|ID] msg给镜像设置标签
    docker ps -a 查看镜像进程 后面加 --no-trunc 可看详情
    docker logs -f [NAME|ID]查看容器日志 --tail 100
    docker port [NAME|ID]查看容器进程
    docker top [NAME|ID]查看容器端口
    docker inspect [NAME|ID]查看容器底层信息JSON
    docker attach [NAME|ID]进入容器exit会导致容器停止
    docker exec -it [NAME|ID] /bin/bash
    docker run -it --rm -v "$(pwd)":/app -w /app  my/maven mvn clean package -DskipTests=true
    docker cp [NAME|ID]:/etc/mysql/my.cnf /home/tom/
    docker stats 查看容器资源使用情况

    docker network的常用命令如下:docker run --name mynginx2 --network my-bridge -p 8080:80 -d nginx:latest
                connect : 将容器加入到指定网络中docker network connect  (--link test2:t2) --alias name my_bridge test2
                create : 创建网络docker network create -d bridge my_bridge
                disconnect : 将容器中网络中移除;
                inspect:查看指定网络的详情;
                ls:列出所有网络docker network ls
                rm:删除指定网络

三、docker容器日期和主机同步

    启动容器docker run时挂载:-e TZ="Asia/Shanghai" (-v /etc/timezone:/etc/timezone) -v /etc/localtime:/etc/localtime

四、Dockerfile使用

FROM centos #制作base image 基础镜像

LABEL version="1.0" #容器元信息,帮助信息
LABEL maintainer="xxx@qq.com"

#尽量使用一条命令,避免无用分层
RUN yum update && yum install -y vim \
    Python-dev #反斜杠换行

WORKDIR /root #改变路径尽可能使用绝对路径
WORKDIR test #如果没有会自动创建
RUN pwd

ADD test.tar.gz / #添加到根目录并解压
COPY test.tar.gz / #添加到根目录

EXPOSE 8630 #指定暴露端口
ENV MYSQL_VERSION 5.6 #设置一个mysql常量

ADD ./myspringcloud-auth/target/myspringcloud-auth.jar ./

CMD java -Djava.security.egd=file:/dev/./urandom -jar myspringcloud-auth.jar
#Dockerfile
FROM java # 基础镜像1.8_111 此版本对于java-weixin-pay的jdk有问题
ENTRYPOINT ["java", "-jar", "/common-api-4.2.2.jar"]

FROM openjdk:8-jdk # 基础镜像1.8_132
COPY target/*.jar app.jar
ENV PORT 8890
EXPOSE $PORT
ENTRYPOINT ["java","-Dserver.port=${PORT}","-jar","app.jar"]
#Dockerfile

#Dockerfile
FROM moxm/java:1.8-full
RUN mkdir -p /common-api
WORKDIR /common-api
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app.jar
EXPOSE 8890
ENV TZ=Asia/Shanghai JAVA_OPTS="-Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom"
CMD sleep 60; java $JAVA_OPTS -jar app.jar
#Dockerfile

# 上面两个Dockerfile中启动命令一个是ENTRYPOINT 一个是 CMD
# 这两个区别在于CMD会覆盖文件中的命令,而ENTRYPOINT是追加
# 用CMD ["ls","-a"] 时如果运行docker时加参数 docker run xxx -l 其结果不是 docker run xxx ls -al
# 而是docker run xxx -l
# 用ENTRYPOINT ["ls","-a"] 时如果运行docker时加参数docker run xxx -l 其结果是docker run xxx ls -al
#Dockerfile
FROM alpine # 基础镜像 基于Musl libc和busybox 最小的docker镜像另外scratch是docker默认的空镜像
RUN apk add --no-cache  nodejs npm
COPY app.js /future/
COPY package.json /future/
WORKDIR /future
RUN npm install --registry=https://registry.npm.taobao.org
EXPOSE 8000

 五、构建镜像和上传镜像到dockerhub

      构建镜像:在Dockerfile目录下执行 docker build -t name:0.0.1 .
      上传镜像:
              创建账号

#默认登录dockerhub
docker login
#登录指定服务
docker login --username=xxxx xxx.com
#image名称必须为 仓库名/镜像名称:版本
docker tag name:0.0.1 username/name:0.0.1
#推送本地镜像到dockerhub
docker push username/name:0.0.1
#删除本地镜像验证远程镜像
docker rmi name:0.0.1
docker pull username/name:0.0.1

六、docker-compose使用

      安装

curl -L --fail https://github.com/docker/compose/releases/download/1.27.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#查看版本
docker-compose version

#卸载
rm /usr/local/bin/docker-compose

      使用

# mymysql-自定义mysql、redis、nginx、mysql、php7、nodepm2、nps-内网穿透服务、npc-客户端、mongo、elasticsearch、kibana、logstash、rocketmqserver、rmqbroker、rmqconsole、xxl-job、libreoffice-word转pdf模板服务、rabbit、minIO、mosquitto-mqtt服务、frps-内网穿透服务、frpc-客户端、gopeed-下载工具,mqttx-mqtt在线工具,sqlserver
#docker-compose.yml文件
version: '2'
services:
  mymysql:
    build:
      context: ./
      dockerfile: ./Dockerfile
    environment:
      MYSQL_ROOT_PASSWORD: root
      TZ=Asia/Shanghai
    restart: always
    deploy:
      resources:
        limits:
          cpus: '1.0' # 限制使用1个cpu
    cpuset: '0,1' # 指定在0和1cpu上运行
    logging: # 设置容器日志大小
      driver: "json-file" 
      options: 
        max-size: "500m" 
    container_name: my-mysql
    image: mysql
    command: mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci # 设置utf8字符集
    volumes:
      - /etc/localtime:/etc/localtime:ro # 设置容器时区与宿主机保持一致
      - /docker/lnmp/mysql/data:/var/lib/mysql
      - /docker/lnmp/mysql/conf.d:/etc/mysql/conf.d
    extra_hosts:#添加host到容器
      - aa:127.0.0.1
      - bb:127.0.0.1
      - host.docker.internal:host-gateway # 通过host.docker.internal访问宿主机
    ports:
      - 3306:3306
    networks:
      my_bridge:
        aliases:
          - mysql

  redis:
    image: redis:5.0
    ports:
      - 6379:6379
    restart: always
    logging: # 设置容器日志大小
      driver: "json-file" 
      options: 
        max-size: "500m"
    container_name: myspringcloud-redis
    hostname: myspringcloud-redis
    volumes:
      - /etc/localtime:/etc/localtime
      - ./services/redis/conf/redis.conf:/etc/redis/redis.conf:rw
      - ./services/redis/data:/data:rw
    command:
      # requirepass密码 appendonly持久化 bind绑定ip daemonize守护进程 protected-mode 开启保护模式 
      redis-server /etc/redis/redis.conf --requirepass redis --appendonly no --bind 0.0.0.0 --daemonize no --protected-mode no --databases 200
    networks:
      my_bridge:
        aliases:
          - myspringcloud-redis

  # nginx 需要先去掉挂载启动后拷贝出挂载目录下内容,然后挂载启动
  nginx:
    image: nginx
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./services/nginx/www:/www/:rw
      - ./services/nginx/ssl:/ssl:rw
      - ./services/nginx/conf.d:/etc/nginx/conf.d/:rw
      - ./services/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./services/nginx/fastcgi-php.conf:/etc/nginx/fastcgi-php.conf:ro
      - ./services/nginx/fastcgi_params:/etc/nginx/fastcgi_params:ro
      - ./logs/nginx:/var/log/nginx/:rw
    environment:
      TZ: Asia/Shanghai
    restart: always
    logging: # 设置容器日志大小
      driver: "json-file" 
      options: 
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - nginx

  mysql:
    image: mysql:8.0.20
    container_name: mysql8
    security_opt: # 关闭docker安全验证,否则mysql动态申请内存报mbind: Operation not permitted没有权限,这个是警告可以不处理但影响性能,建议mysql不要使用docker方式安装
      - seccomp:unconfined
    ports:
      - 3306:3306
    volumes:
      - /etc/localtime:/etc/localtime:ro 
      - ./services/mysql8/mysql.cnf:/etc/mysql/conf.d/mysql.cnf:ro
      - ./services/mysql8/data/:/var/lib/mysql/:rw
      - ./services/mysql8/initdb/:/docker-entrypoint-initdb.d/:rw
      - ./logs/mysql8:/var/log/mysql/:rw
    restart: always
    logging: # 设置容器日志大小
      driver: "json-file" 
      options: 
        max-size: "500m"
    networks:
      - default
    environment:
      MYSQL_ROOT_PASSWORD: "xxx@123"
      TZ: "Asia/Shanghai"
  
  php7:
    image: php:7.4.7-fpm-alpine # php:7.4.7-fpm(alpine是基础镜像扩展少)
    container_name: php7
    ports:
      - 9000:9000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/nginx/www:/www/:rw
      #新版不支持挂载文件先注释启动后拷贝出容器中文件再打开重启
      #- ./services/php7/php.ini:/usr/local/etc/php/php.ini:ro
      #- ./services/php7/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf:rw
      - ./logs/php7:/var/log/php
    restart: always
    logging: # 设置容器日志大小
      driver: "json-file" 
      options: 
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - php7

  nodepm2:
    image: nodepm2:latest
    container_name: nodepm2
    restart: always
    ports:
      - 3000:3000
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime
      - ./services/node-pm2/code:/service/code:rw
    networks:
      my_bridge:
        aliases:
          - nodepm2

  nps:
    image: ffdfgdfg/nps
    container_name: nps
    network_mode: "host"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/nps/conf:/conf:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"

  npc:
    image: ffdfgdfg/npc
    container_name: npc
    network_mode: "host"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/npc/conf:/conf:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    environment:
      TZ: "Asia/Shanghai"

  mongo:
    image: mongo:5.0.2
    container_name: mongo
    restart: always
    ports:
      - 27017:27017
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/mongo/data:/data/db:rw
      - ./logs/mongo:/var/log/mongodb:rw
    networks:
      my_bridge:
        aliases:
          - mongo
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: Haite@1234

  elasticsearch:
    image: elasticsearch:7.3.0
    container_name: elasticsearch
    restart: always
    ports:
      - "9200:9200"
      - "9300:9300"
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/es7/data:/usr/share/es7/data:rw
      - ./logs/es7:/usr/share/es7/logs:rw
      - ./services/es7/config/ik:/usr/share/elasticsearch/plugins/ik
    networks:
      my_bridge:
        aliases:
          - elasticsearch
    environment:
      cluster.name: elasticsearch
      discovery.type: single-node
    ulimits:
      nofile:
          soft: 65535
          hard: 65535

  kibana:
    image: docker.elastic.co/kibana/kibana:7.3.0
    container_name: kibana
    restart: always
    ports:
      - 5601:5601
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
    networks:
      my_bridge:
        aliases:
          - kibana
    depends_on: ['elasticsearch']

  logstash:
    image: logstash:7.3.0
    container_name: logstash
    restart: always
    ports:
      - 4560:4560
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/logstash/config/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf:rw
    networks:
      my_bridge:
        aliases:
          - kibana
    depends_on: ['elasticsearch']

  # rocket mq name server
  rocketmqserver:
    image: foxiswho/rocketmq:server-4.7.0
    container_name: rocket-server
    restart: always
    ports:
      - 9876:9876
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./logs/rmq/server:/opt/logs
      - ./services/rmq/server/store:/opt/rmqstore
    networks:
      my_bridge:
        aliases:
          - rocketmqserver
    environment:
      JAVA_OPT_EXT: "-server -Xms64m -Xmx64m -Xmn64m"

  # rocket mq broker
  rmqbroker:
    image: foxiswho/rocketmq:broker-4.7.0
    container_name: rocket-broker
    restart: always
    ports:
      - 10909:10909
      - 10911:10911
    ports:
      - 10909:10909
      - 10911:10911
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./logs/rmq/broker/logs:/opt/logs
      - ./services/rmq/broker/store:/opt/rmqstore
      - ./services/rmq/config/broker.conf:/etc/rocketmq/broker.conf
    networks:
      my_bridge:
        aliases:
          - rmqbroker
    environment:
      - NAMESRV_ADDR=rocketmqserver:9876
      - JAVA_OPTS:=-Duser.home=/opt
      - JAVA_OPT_EXT=-server -Xms64m -Xmx64m -Xmn64m
    command: mqbroker -c /etc/rocketmq/broker.conf
    depends_on:
      - rocketmqserver

  # rocket console 这个可以不需要
  rmqconsole:
    image: styletang/rocketmq-console-ng:latest
    container_name: rocket-console
    restart: always
    ports:
      - 8180:8180
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
    networks:
      my_bridge:
        aliases:
          - rmqconsole
    environment:
      - JAVA_OPTS=-Drocketmq.config.namesrvAddr=rocketmqserver:9876 -Dserver.port=8180 -Drocketmq.config.isVIPChannel=false
      - JAVA_OPT_EXT=-Xms128m -Xmx128m -Xmn128m
    depends_on:
      - rocketmqserver

  # xxl-job 分布式调度中心
  xxl-job:
    image: xuxueli/xxl-job-admin:2.3.0
    container_name: xxl-job
    restart: always
    ports:
      - 9001:9001
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/xxl-job/data:/data/applogs
    networks:
      my_bridge:
        aliases:
          - xxljob
    environment:
      - PARAMS=--spring.datasource.url=jdbc:mysql://mysql8:3306/lipinshop?Unicode=true&characterEncoding=UTF-8  --spring.datasource.username=lipinshop --spring.datasource.password=lipinshop --server.port=9001
    depends_on:
      - mysql8

  # word转pdf模板服务
  libreoffice:
    image: my/libreoffice:7.4.2
    container_name: libreoffice
    restart: always
    ports:
      - 8100:8100
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime
      - /docker-services/logs/libreoffice:/logs/:rw
    environment:
      TZ: Asia/Shanghai
    command:
      /opt/libreoffice7.4/program/soffice --headless --accept="socket,host=0.0.0.0,port=8100;urp;" --nofirststartwizard &
    networks:
      my_bridge:
        aliases:
          - libreoffice
  # RabbitMQ,集群方式参考:https://github.com/oprearocks/RabbitMQ-Docker-cluster
  rabbit:
    image: rabbitmq:management
    container_name: rabbit
    hostname: rabbit
    environment:
      TZ: "Asia/Shanghai"
      RABBITMQ_ERLANG_COOKIE: myrabbitmq
      RABBITMQ_NODENAME: rabbit
    volumes:
      - /etc/localtime:/etc/localtime
      - ./services/rabbitmq/plugins.erl:/etc/rabbitmq/enabled_plugins
      - ./services/rabbitmq/data:/var/lib/rabbitmq
    ports:
      - 4369:4369
      - 5671:5671
      - 5672:5672
      - 15670:15670
      - 15671:15671
      - 15672:15672
      - 15674:15674
      - 15675:15675
      - 25672:25672
      - 1883:1883
      - 61613:61613
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - rabbit
# ./services/rabbitmq/plugins.erl:[rabbitmq_management, rabbitmq_management_agent, rabbitmq_mqtt, rabbitmq_web_mqtt, rabbitmq_stomp, rabbitmq_web_stomp, rabbitmq_web_stomp_examples].
# docker cp rabbitmq_delayed_message_exchange-3.9.0.ez rabbit:/plugins->修改plugins.erl添加rabbitmq_delayed_message_exchange->重启容器
# mq集群https://github.com/oprearocks/RabbitMQ-Docker-cluster/blob/master/docker-compose.yml

# minio start
  # 单机minio
  minIO:
    image: minio/minio
    container_name: minIO
    # privileged: true 逃逸模式存在安全隐患必要时才用
    ports:
      - 9000:9000
      - 9001:9001
    volumes:
      - /etc/localtime:/etc/localtime
      - ./services/minio/config:/root/.minio:rw
      - ./services/minio/data/data1:/data1:rw
      - ./services/minio/data/data2:/data2:rw
      - ./services/minio/data/data3:/data3:rw
      - ./services/minio/data/data4:/data4:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    command: server --console-address ":9001" --address ":9000" http://minio/data{1...4}
    networks:
      my_bridge:
        aliases:
          - minio
    environment:
      TZ: "Asia/Shanghai"
      MINIO_ACCESS_KEY: admin
      MINIO_SECRET_KEY: minioadmin
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    # 所有容器通用的设置和配置
    x-minio-common: &minio-common
      image: minio/minio
      command: server --console-address ":9001" http://minio{1...4}/data
      expose:
        - "9000"
      # environment:
        # MINIO_ROOT_USER: minioadmin
        # MINIO_ROOT_PASSWORD: minioadmin
      healthcheck:
        test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
        interval: 30s
        timeout: 20s
        retries: 3
    # 启动4个docker容器运行minio服务器实例 https://www.jianshu.com/p/aade99d924a2
    # 使用nginx反向代理9000端口,负载均衡, 你可以通过9001、9002、9003、9004端口访问它们的web console
    services:
      minio1:
        <<: *minio-common
        hostname: minio1
        ports:
          - "9001:9001"
        volumes:
          - ./data/data1:/data
      # minio2 3 4
# minio end

# mosquitto start
# mosquitto mqtt服务,设置密码时先创建/services/mosquitto/config/pwfile文件->进入容器docker exec -it mosquitto sh->mosquitto_passwd /mosquitto/config/pwfile admin->两次密码->exit->重启容器
  mosquitto:
    image: eclipse-mosquitto:latest
    container_name: mosquitto
    ports:
      - 1883:1883
    volumes:
      - /etc/localtime:/etc/localtime
      - ./services/mosquitto/config:/mosquitto/config:rw
      - ./services/mosquitto/data:/mosquitto/data:rw
      - ./logs/mosquitto:/mosquitto/log:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - mosquitto
# mosquitto end

# frp start
# frp内网穿透工具 fatedier的镜像为官方镜像不过需要固定版本号才能pull成功
  frps:
    image: fatedier/frps:v0.56.0
    container_name: frps
    # network_mode: "host" 采用host可以不用一个个配置端口映射
    ports:
      - 8025:7000
      - 7000:8080
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/frps/conf/frps.toml:/frps.toml:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    command:
      - "-c"
      - "/frps.toml"
    networks:
      my_bridge:
        aliases:
          - frps
  frpc:
    image: fatedier/frpc:v0.56.0
    container_name: frpc
    # network_mode: "host"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/frpc/conf/frpc.toml:/frpc.toml:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    environment:
      TZ: "Asia/Shanghai"
    command:
      - "-c"
      - "/frpc.toml"
    networks:
      my_bridge:
        aliases:
          - frpc
# frp end

# gopeed start
  gopeed:
    image: liwei2633/gopeed
    container_name: gopeed
    ports:
      - 9990:9999
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./services/gopeed/conf/config.json:/app/config.json:rw
      - ./services/gopeed/data/download:/app/Downloads/:rw
      - ./services/gopeed/data/storage:/app/storage/:rw
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - gopeed
    environment:
      TZ: "Asia/Shanghai"
# gopeed end

# mqttx start
  mqttx:
    image: emqx/mqttx-web
    container_name: mqttx
    ports:
      - 83:80
    volumes:
      - /etc/localtime:/etc/localtime:ro
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    networks:
      my_bridge:
        aliases:
          - mqttx
    environment:
      TZ: "Asia/Shanghai"
# mqttx end

# sqlserver start
  sqlserver:
    image: mcr.microsoft.com/mssql/server:2022-latest
    container_name: sqlserver
    hostname: sqlserver
    ports:
      - 1433:1433
    volumes:
      - /docker-services/services/sqlserver/data:/var/opt/mssql:rw
    restart: always
    networks:
      my_bridge:
        aliases:
          - sqlserver
    environment:
      ACCEPT_EULA: "Y"
      MSSQL_SA_PASSWORD: "Xxxxxx!123"
# sqlserver end

networks:
  my_bridge:
    #external: true使用创建好的网络
    driver: bridge

#Dockerfile
FROM mysql:8.0.20
MAINTAINER xxx
ENV TZ=Asia/Shanghai
RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
COPY ./xxx.sql /docker-entrypoint-initdb.d
#Dockerfile END
#libreoffice Dockerfile
FROM centos:7
WORKDIR /home
 #以下设置中文语言环境与修改时区
ENV LANG=zh_CN.UTF-8 \
    LANGUAGE=zh_CN:zh \
    LC_ALL=zh_CN.UTF-8

 #加入windows字体包
ADD fonts.tar.gz /usr/share/fonts/

 #将下载好的包解压到相应文件下
ADD LibreOffice_7.4.2.3_Linux_x86-64_rpm.tar.gz /home/
ADD LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN.tar.gz /usr/

RUN yum update -y && \
    yum reinstall -y glibc-common && \
    yum install -y telnet net-tools && \
    yum clean all && \
    rm -rf /tmp/* && rm -rf /var/cache/yum/* && \
    localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    yum localinstall /home/LibreOffice_7.4.2.3_Linux_x86-64_rpm/RPMS/*.rpm -y && \
    yum localinstall /usr/LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN/RPMS/*.rpm -y && \
    yum install ibus -y && \
    #加入中文字体支持并赋权限
    chmod -R 755 /usr/share/fonts && \
    yum install mkfontscale -y && \
    mkfontscale && \
    yum install fontconfig -y && \
    mkfontdir && \
    fc-cache -fv && \
    #清理缓存,减少镜像大小
    yum clean all && rm -rf /home/LibreOffice_7.4.2.3_Linux_x86-64_rpm && rm -rf /usr/LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN

 #暴露端口
EXPOSE 8100

 #运行
RUN /opt/libreoffice7.4/program/soffice -headless -accept="socket,host=0.0.0.0,port=8100;urp;" -nofirststartwizard &
CMD ["bash"]
#libreoffice Dockerfile END

#/etc/nginx/nginx.conf
user  nginx;
worker_processes  1;

pid        /var/run/nginx.pid;
error_log  /var/log/nginx/nginx.error.log warn;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /dev/null;
    #access_log  /var/log/dnmp/nginx.access.log  main;

    # hide verson string
    server_tokens  off;
    sendfile        on;
    tcp_nopush     on;
    client_header_buffer_size 512k;
    large_client_header_buffers 4 512k;
    client_max_body_size 100M;

    keepalive_timeout  65;

    #gzip  on;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types text/plain application/x-javascript text/css application/xml;
    gzip_vary off;
    include /etc/nginx/conf.d/*.conf;
}
#/etc/nginx/nginx.conf END

#/etc/nginx/fastcgi-php.conf
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
#fastcgi_param PATH_INFO $path_info;
fastcgi_read_timeout 3600;

fastcgi_index index.php;
#/etc/nginx/fastcgi-php.conf END

#/etc/nginx/fastcgi_params
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
#/etc/nginx/fastcgi_params END

#/etc/nginx/conf.d/**.conf
server {
    listen       80  default;
    server_name  localhost;
    root   /www/blog;
    index  index.php index.html index.htm;
    #charset koi8-r;

    #access_log /dev/null;
    access_log  /var/log/nginx/nginx.blog.access.log  main;
    error_log  /var/log/nginx/nginx.blog.error.log  warn;
    # 解决跨域问题
    #location / {
    #  add_header Access-Control-Allow-Origin '*';
    #  add_header Access-Control-Allow-Methods 'GET, POST, PATCH, PUT, OPTIONS, DELETE';
    #  add_header Access-Control-Expose-Headers '*';
    #  add_header Access-Control-Allow-Headers 'Origin, Content-Type, Cookie,X-CSRF-TOKEN,Accept,Authorization,sign,timestamps,ticket,token-platform,x-requested-with,usertoken,userkey';#自定义的也要配置上
    #  if ($request_method = 'OPTIONS') {
    #    return 200;
    #}
    # 解决跨域问题
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   php7:9000;
        include        fastcgi-php.conf;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

server {
    listen 443  default ssl http2;
    server_name  localhost;
    root   /www/blog;
    index  index.php index.html index.htm;
    #charset koi8-r;

    #access_log /dev/null;
    access_log  /var/log/nginx/nginx.blog.access.log  main;
    error_log  /var/log/nginx/nginx.blog.error.log  warn;

    #error_page  404              /404.html;

    ssl_certificate /ssl/localhost/localhost.crt;
    ssl_certificate_key /ssl/localhost/localhost.key;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   php7:9000;
        include        fastcgi-php.conf;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

#/etc/nginx/conf.d/**.conf END

#/etc/mysql/conf.d/mysql.cnf
[client]
port                    = 3306
default-character-set   = utf8mb4


[mysqld]
user                    = mysql
port                    = 3306
sql_mode                = NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

default-storage-engine  = InnoDB
default-authentication-plugin   = mysql_native_password
character-set-server    = utf8mb4
collation-server        = utf8mb4_unicode_ci
init_connect            = 'SET NAMES utf8mb4'

disable-log-bin
skip-character-set-client-handshake
explicit_defaults_for_timestamp

slow_query_log
long_query_time         = 3
slow-query-log-file     = /var/lib/mysql/mysql.slow.log
log-error               = /var/lib/mysql/mysql.error.log

default-time-zone       = '+8:00'

[mysql]
default-character-set   = utf8mb4
#/etc/mysql/conf.d/mysql.cnf END

# /mosquitto/config/pwfile
persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/log/mosquitto.log
password_file /mosquitto/config/pwfile
listener 1883
# protocol websockets
# port 1883
# protocol mqtt
allow_anonymous false
# pwfile END

#/frps.toml
bindPort = 7000
auth.token = "xxx123qwe"

webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "xxx"
webServer.password = "xxx"

vhostHTTPPort = 8080 #代理HTTP主机
# vhostHTTPSPort = 443 #代理HTTPs主机
#/frps.toml END

#/frpc.toml
serverAddr =  "frp.xxx.com"
serverPort = 8025
auth.token =  "xxx123qwe"

webServer.addr =  "0.0.0.0"
webServer.port =  7001
webServer.user =  "xxx"
webServer.password =  "xxx"
#管理界面通过frps代理
[[proxies]]
name =  "admin_ui"
type =  "tcp"
localPort = 7001
remotePort = 7002

[[proxies]]
name = "dataserver"
type = "tcp"
localIP = "192.168.0.x"
localPort = 3389
remotePort = 7006
#/frpc.toml END

# gopeed/config.json
{
  "address": "", // 绑定的IP地址(默认:0.0.0.0)
  "port": 0, // 绑定的端口(默认:9999)
  "username": "", // 服务身份认证用户名,为空时不启用身份认证
  "password": "", // 服务身份认证密码(默认:gopeed)
  "token": "", // HTTP API 令牌,在启用身份认证的情况下使用 HTTP API 时,必须配置令牌
  "storageDir": "" // 存储目录
}
# gopeed/config.json END

      使用docker-compose构建自定义应用

#首先创建一个用于打包的maven容器
创建目录mavendata
mavendata下放Dockerfile、maven仓库目录repository和settings.xml文件
构建maven镜像:docker build -t my/maven .
构建maven镜像-镜像内clone:docker build -t my/mavenbuild .
使用自定义maven镜像打包$(pwd)当前路径下的代码
docker run -it --rm -v "$(pwd)":/app -w /app -v /data/mavendata/repository:/usr/share/maven/ref/repository  my/maven mvn clean package -DskipTests=true
打包成功后会在$(pwd)目录下生成打包文件
使用docker-compose部署的脚本
#!/bin/sh
echo "start..."
cd /code
rm -rf xxx
# echo "----------clone code 主机clone----------"
# git clone -b develop git@xxx.git
echo "----------clone code 镜像内clone----------"
docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/mavenbuild git clone -b master ssh://git@npc.bonrui.com:8012/weifangzdsys-group/weifangzdsys.git
cd xxx
echo "----------maven build----------"
docker run -it --rm -v "$(pwd)":/app -w /app -v /data/mavendata/repository:/usr/share/maven/ref/repository  my/maven mvn clean package -DskipTests=true
mkdir /code/xxx/xxx/target/docker
cp /code/Dockerfile /xxx/xxx/target/docker
cp /code/xxx/xxx/target/xxx.jar /xxx/xxx/target/docker/xxx.jar
echo "----------deploy----------"
cd /data/docker-services
docker-compose stop xxx
docker-compose rm -f xxx
docker rmi bonrui/xxx:2.0.0
docker-compose build xxx
docker-compose up -d xxx
docker-compose logs xxx
echo "end"
exit

# fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz超时问题
# 添加语句 RUN echo -e http://mirrors.ustc.edu.cn/alpine/v3.15/main/ > /etc/apk/repositories
Dockerfile文件内容 my/maven:
FROM maven:3-jdk-8-alpine
COPY settings.xml /usr/share/maven/ref/
Dockerfile文件内容 my/mavenbuild:
FROM maven:3-jdk-8-alpine
RUN apk --no-cache add openssh-client git # 镜像内clone
COPY settings.xml /usr/share/maven/conf/

#!/bin/sh
echo "m start..."
cd /data/docker-services/services/xxx/code/xxx
echo "----------clone code(m)----------"
# docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/node14build git clone -b main ssh://git@xxx.git
docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/node14build git pull
echo "----------node build(m)----------"
docker run -it --rm -v "$(pwd)":/app -w /app my/node14build npm install --registry https://registry.npmmirror.com
docker run -it --rm -v "$(pwd)":/app -w /app my/node14build npm run build
echo "----------deploy(m)----------"
if [ $? -eq 0 ]; then
  rm -rf ./distbak
  mkdir ./distbak
  cp -r /data/docker-services/services/nginx/www/m/* ./distbak
  rm -rf /data/docker-services/services/nginx/www/m/*
  cp -r ./dist/* /data/docker-services/services/nginx/www/m
  ls /data/docker-services/services/nginx/www/m
else
  echo "-----------failed(m)-------------"
fi
echo "end(m)"
exit

Dockerfile文件内容 my/node14build:
FROM node:14.16.1-alpine
RUN apk --no-cache add openssh-client git

settings文件内容:
<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <localRepository>/usr/share/maven/ref/repository</localRepository>
  <mirrors>
     <mirror>
                <id>alimaven</id>
                <name>aliyun maven</name>
                <url>https://maven.aliyun.com/repository/public</url>
                <mirrorOf>*</mirrorOf>
        </mirror>
  </mirrors>
</settings>

# docker-compose.yml
version: "3"
services:
  xxx:
    # 包含Dockefile的主机目录,注意Dockerfile中的文件路径是基于这个路径的
    build: /data/docker-services/services/hairbiz/code/xxxapi/xxx/target/docker
      #context: /data/docker-services/services/xxx/code
      #dockerfile: /data/docker-services/services/xxx/code/Dockerfile
    image: xxx/xxx:2.0.0
    container_name: xxx
    restart: always
    ports:
      - 9999:9999
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    volumes:
      - /etc/localtime:/etc/localtime
      - ./logs/xxx:/logs/:rw
    environment:
      spring.profiles.active: dev
      TZ=Asia/Shanghai
    networks:
      my_bridge:
        aliases:
          - xxx

networks:
  my_bridge:
    driver: bridge


# Dockerfile
FROM java
# 这个路径是基于上面的路径的
ADD /hair-biz.jar //
ENTRYPOINT ["java", "-jar", "/xxx.jar"]

      命令

#构建在docker-compose.yml目录下执行
docker-compose build
#启动服务 -d后台运行
docker-compose up -d
#停止服务--rmi删除镜像 -v删除已经在compose文件中定义的和匿名的附在容器上的数据卷
docker-compose down --rmi all -v
#查看日志
docker-compose logs -f --tail 100
#列出项目中所有的容器
docker-compose ps
#停止正在运行的容器,可以通过docker-compose start 再次启动
docker-compose stop
#启动已经存在的服务容器
docker-compose start
#拉取服务依赖的镜像
docker-compose pull
#重启项目中的服务
docker-compose restart
#删除所有(停止状态的)服务容器。推荐先执行docker-compose stop命令来停止容器–f, –force强制直接删除,包括非停止状态的容器 -v删除容器所挂载的数据卷
docker-compose rm
#在指定容器上执行一个ping命令。
docker-compose run ubuntu ping www.baidu.com
#设置指定服务运行的容器个数。通过service=num的参数来设置数量
docker-compose scale web=3 db=2
#暂停一个服务容器
docker-compose pause [SERVICE...]
#恢复处于暂停状态中的服务
docker-compose unpause [SERVICE...]
#通过发送SIGKILL信号来强制停止服务容器。支持通过-s参数来指定发送的信号,例如通过如下指令发送SIGINT信号:
docker-compose kill -s SIGINT
#验证并查看compose文件配置–resolve-image-digests 将镜像标签标记为摘要-q, –quiet 只验证配置,不输出。 当配置正确时,不输出任何内容,当文件配置错误,输出错误信息–services 打印服务名,一行一个–volumes 打印数据卷名,一行一个
docker-compose config [options]
#推送服务依的镜像–ignore-push-failures 忽略推送镜像过程中的错误
docker-compose push [options] [SERVICE...]
#显示某个容器端口所映射的公共端口–protocol=proto,指定端口协议,TCP(默认值)或者UDP –index=index,如果同意服务存在多个容器,指定命令对象容器的序号(默认为1)
docker-compose port [options] SERVICE PRIVATE_PORT
#-d 分离模式,后台运行命令–privileged 获取特权–user USER 指定运行的用户-T 禁用分配TTY,默认docker-compose exec分配TTY–index=index,当一个服务拥有多个容器时,可通过该参数登陆到该服务下的任何服务,例如:docker-compose exec –index=1 web /bin/bash ,web服务中包含多个容器
docker-compose exec [options] SERVICE COMMAND [ARGS...]

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值
>