一、centos7 安装docker
1:删除老版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
2:安装一些必要的系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
3:添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
4:更新 yum 缓存
yum makecache fast
5:安装 Docker-ce
yum -y install docker-ce
6:启动 Docker 后台服务
systemctl enable docker
systemctl start docker
7:docker镜像加速
2024.06.06以上加速网站的Docker Hub加速大部分无法使用有网友测试 dockerhub.timeweb.cloud 和 huecker.io还可以使用目前还可以使用如下加速方案
1:通过Github Action同步镜像到阿里镜像仓库
从阿里云容器镜像服务中获取命名空间、用户名、密码、仓库地址信息->Github中fork项目github.com/tech-shrimp/docker_image_pusher->在自己的docker_image_pusher中进入Action启用Github Action功能->New Repository secret(配置环境变量将ALIYUN_NAME_SPACE-命名空间,ALIYUN_REGISTRY_USER-用户名,ALIYUN_REGISTRY_PASSWORD-密码,ALIYUN_REGISTRY-仓库地址 的值配置成环境变量)->打开项目中的images.txt添加要拉取的镜像用换行分割->提交修改后就开始拉取了同步到阿里镜像仓库了
可以通过修改/.github/workflows/docker.yaml文件添加schedule: - cron: '00 23 * * *'来定时执行
2:通过cloudflare代理
详细步骤请阅读 Cloudflare 常用操作-CSDN博客
创建或修改/etc/docker/daemon.json
{
"registry-mirrors":[
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com"
]
}
systemctl daemon-reload
systemctl restart docker
docker info在结果中查看配置是否成功
docker默认安装目录为/var/lib/docker
docker服务日志:/var/log/messages
docker容器日志:/var/lib/docker/cintainers/id/...json.log
8:Docker 修改默认存储路径
修改docker systemd的 docker.service配置(可以通过systemctl status docker查看路径Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled))
修改EXECStart:EXECStart=/usr/bin/dockerd --graph /home/docker
systemctl disabke docke && systemctl enable docke && systemctl daemon-reload && systemctl start docke
通过docker info 查看是否修改成功
9:Docker 修改默认容器日志大小
vim /etc/docker/daemon.json
{"registry-mirrors": [],"log-driver":"json-file","log-opts": {"max-size":"500m", "max-file":"3"}} // max-size 容器日志上线,max-file容器日志个数
systemctl daemon-reload systemctl restart docker 注:设置的大小只对新创建的容器有效
10:开启2375端口远程访问
vim /usr/lib/systemd/system/docker.service:
在 ExecStart=/usr/bin/dockerd 后 增加 -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
重新读取配置 systemctl daemon-reload
重启 systemctl restart docker
11:添加私有镜像仓库
方式一:vim /usr/lib/systemd/system/docker.service
在 ExecStart=/usr/bin/dockerd 后 增加 --insecure-registry ip
systemctl daemon-reload systemctl restart docker
方式二:vim /etc/docker/daemon.json
{"registry-mirrors": [], "insecure-registries": ["ip"]}
insecure-registries可以避免非https的私服不能pull镜像的问题
systemctl daemon-reload systemctl restart docker
12:docker启动报错
在启动docker容器时报:Error response from daemon: driver failed programming external connectivity on endpoint XXX(端口映射或启动容器时报错)
原因是我们启动docker后对防火墙进行了操作,需要重启docker来解决
二、docker常用命令
docker pull name:latest获取镜像
docker run -d name:latest快速部署和启动镜像
--name name容器名称
--hostname="" -h指定容器的主机名
--add-host host:127.0.0.1启动时增加hosts到容器
--add-host host.docker.internal:host-gateway 这样可以通过host.docker.internal访问宿主机
--link name:name链接到另一个容器1.12可被network替代
--net bridge指定容器的网络连接类型
--network name指定加入到名为name的网络中可通过docker network ls查看
--network-alias指定容器name网络中的别名是bvrfis-net
docker start [NAME|ID]启动容器服务
docker stop [NAME|ID]停止容器服务
docker restart [NAME|ID]重启容器服务
docker rm [NAME|ID]删除容器
docker rm $(docker ps -a -q)删除所有非启动状态的容器
docker images 查看本机镜像
docker search [name]查找镜像
docker tag [NAME|ID] msg给镜像设置标签
docker ps -a 查看镜像进程 后面加 --no-trunc 可看详情
docker logs -f [NAME|ID]查看容器日志 --tail 100
docker port [NAME|ID]查看容器进程
docker top [NAME|ID]查看容器端口
docker inspect [NAME|ID]查看容器底层信息JSON
docker attach [NAME|ID]进入容器exit会导致容器停止
docker exec -it [NAME|ID] /bin/bash
docker run -it --rm -v "$(pwd)":/app -w /app my/maven mvn clean package -DskipTests=true
docker cp [NAME|ID]:/etc/mysql/my.cnf /home/tom/
docker stats 查看容器资源使用情况
docker network的常用命令如下:docker run --name mynginx2 --network my-bridge -p 8080:80 -d nginx:latest
connect : 将容器加入到指定网络中docker network connect (--link test2:t2) --alias name my_bridge test2
create : 创建网络docker network create -d bridge my_bridge
disconnect : 将容器中网络中移除;
inspect:查看指定网络的详情;
ls:列出所有网络docker network ls
rm:删除指定网络
三、docker容器日期和主机同步
启动容器docker run时挂载:-e TZ="Asia/Shanghai" (-v /etc/timezone:/etc/timezone) -v /etc/localtime:/etc/localtime
四、Dockerfile使用
FROM centos #制作base image 基础镜像
LABEL version="1.0" #容器元信息,帮助信息
LABEL maintainer="xxx@qq.com"
#尽量使用一条命令,避免无用分层
RUN yum update && yum install -y vim \
Python-dev #反斜杠换行
WORKDIR /root #改变路径尽可能使用绝对路径
WORKDIR test #如果没有会自动创建
RUN pwd
ADD test.tar.gz / #添加到根目录并解压
COPY test.tar.gz / #添加到根目录
EXPOSE 8630 #指定暴露端口
ENV MYSQL_VERSION 5.6 #设置一个mysql常量
ADD ./myspringcloud-auth/target/myspringcloud-auth.jar ./
CMD java -Djava.security.egd=file:/dev/./urandom -jar myspringcloud-auth.jar
#Dockerfile
FROM java # 基础镜像1.8_111 此版本对于java-weixin-pay的jdk有问题
ENTRYPOINT ["java", "-jar", "/common-api-4.2.2.jar"]
FROM openjdk:8-jdk # 基础镜像1.8_132
COPY target/*.jar app.jar
ENV PORT 8890
EXPOSE $PORT
ENTRYPOINT ["java","-Dserver.port=${PORT}","-jar","app.jar"]
#Dockerfile
#Dockerfile
FROM moxm/java:1.8-full
RUN mkdir -p /common-api
WORKDIR /common-api
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app.jar
EXPOSE 8890
ENV TZ=Asia/Shanghai JAVA_OPTS="-Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom"
CMD sleep 60; java $JAVA_OPTS -jar app.jar
#Dockerfile
# 上面两个Dockerfile中启动命令一个是ENTRYPOINT 一个是 CMD
# 这两个区别在于CMD会覆盖文件中的命令,而ENTRYPOINT是追加
# 用CMD ["ls","-a"] 时如果运行docker时加参数 docker run xxx -l 其结果不是 docker run xxx ls -al
# 而是docker run xxx -l
# 用ENTRYPOINT ["ls","-a"] 时如果运行docker时加参数docker run xxx -l 其结果是docker run xxx ls -al
#Dockerfile
FROM alpine # 基础镜像 基于Musl libc和busybox 最小的docker镜像另外scratch是docker默认的空镜像
RUN apk add --no-cache nodejs npm
COPY app.js /future/
COPY package.json /future/
WORKDIR /future
RUN npm install --registry=https://registry.npm.taobao.org
EXPOSE 8000
五、构建镜像和上传镜像到dockerhub
构建镜像:在Dockerfile目录下执行 docker build -t name:0.0.1 .
上传镜像:
创建账号
#默认登录dockerhub
docker login
#登录指定服务
docker login --username=xxxx xxx.com
#image名称必须为 仓库名/镜像名称:版本
docker tag name:0.0.1 username/name:0.0.1
#推送本地镜像到dockerhub
docker push username/name:0.0.1
#删除本地镜像验证远程镜像
docker rmi name:0.0.1
docker pull username/name:0.0.1
六、docker-compose使用
安装
curl -L --fail https://github.com/docker/compose/releases/download/1.27.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#查看版本
docker-compose version
#卸载
rm /usr/local/bin/docker-compose
使用
# mymysql-自定义mysql、redis、nginx、mysql、php7、nodepm2、nps-内网穿透服务、npc-客户端、mongo、elasticsearch、kibana、logstash、rocketmqserver、rmqbroker、rmqconsole、xxl-job、libreoffice-word转pdf模板服务、rabbit、minIO、mosquitto-mqtt服务、frps-内网穿透服务、frpc-客户端、gopeed-下载工具,mqttx-mqtt在线工具,sqlserver
#docker-compose.yml文件
version: '2'
services:
mymysql:
build:
context: ./
dockerfile: ./Dockerfile
environment:
MYSQL_ROOT_PASSWORD: root
TZ=Asia/Shanghai
restart: always
deploy:
resources:
limits:
cpus: '1.0' # 限制使用1个cpu
cpuset: '0,1' # 指定在0和1cpu上运行
logging: # 设置容器日志大小
driver: "json-file"
options:
max-size: "500m"
container_name: my-mysql
image: mysql
command: mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci # 设置utf8字符集
volumes:
- /etc/localtime:/etc/localtime:ro # 设置容器时区与宿主机保持一致
- /docker/lnmp/mysql/data:/var/lib/mysql
- /docker/lnmp/mysql/conf.d:/etc/mysql/conf.d
extra_hosts:#添加host到容器
- aa:127.0.0.1
- bb:127.0.0.1
- host.docker.internal:host-gateway # 通过host.docker.internal访问宿主机
ports:
- 3306:3306
networks:
my_bridge:
aliases:
- mysql
redis:
image: redis:5.0
ports:
- 6379:6379
restart: always
logging: # 设置容器日志大小
driver: "json-file"
options:
max-size: "500m"
container_name: myspringcloud-redis
hostname: myspringcloud-redis
volumes:
- /etc/localtime:/etc/localtime
- ./services/redis/conf/redis.conf:/etc/redis/redis.conf:rw
- ./services/redis/data:/data:rw
command:
# requirepass密码 appendonly持久化 bind绑定ip daemonize守护进程 protected-mode 开启保护模式
redis-server /etc/redis/redis.conf --requirepass redis --appendonly no --bind 0.0.0.0 --daemonize no --protected-mode no --databases 200
networks:
my_bridge:
aliases:
- myspringcloud-redis
# nginx 需要先去掉挂载启动后拷贝出挂载目录下内容,然后挂载启动
nginx:
image: nginx
container_name: nginx
ports:
- 80:80
- 443:443
volumes:
- ./services/nginx/www:/www/:rw
- ./services/nginx/ssl:/ssl:rw
- ./services/nginx/conf.d:/etc/nginx/conf.d/:rw
- ./services/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./services/nginx/fastcgi-php.conf:/etc/nginx/fastcgi-php.conf:ro
- ./services/nginx/fastcgi_params:/etc/nginx/fastcgi_params:ro
- ./logs/nginx:/var/log/nginx/:rw
environment:
TZ: Asia/Shanghai
restart: always
logging: # 设置容器日志大小
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- nginx
mysql:
image: mysql:8.0.20
container_name: mysql8
security_opt: # 关闭docker安全验证,否则mysql动态申请内存报mbind: Operation not permitted没有权限,这个是警告可以不处理但影响性能,建议mysql不要使用docker方式安装
- seccomp:unconfined
ports:
- 3306:3306
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/mysql8/mysql.cnf:/etc/mysql/conf.d/mysql.cnf:ro
- ./services/mysql8/data/:/var/lib/mysql/:rw
- ./services/mysql8/initdb/:/docker-entrypoint-initdb.d/:rw
- ./logs/mysql8:/var/log/mysql/:rw
restart: always
logging: # 设置容器日志大小
driver: "json-file"
options:
max-size: "500m"
networks:
- default
environment:
MYSQL_ROOT_PASSWORD: "xxx@123"
TZ: "Asia/Shanghai"
php7:
image: php:7.4.7-fpm-alpine # php:7.4.7-fpm(alpine是基础镜像扩展少)
container_name: php7
ports:
- 9000:9000
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/nginx/www:/www/:rw
#新版不支持挂载文件先注释启动后拷贝出容器中文件再打开重启
#- ./services/php7/php.ini:/usr/local/etc/php/php.ini:ro
#- ./services/php7/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf:rw
- ./logs/php7:/var/log/php
restart: always
logging: # 设置容器日志大小
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- php7
nodepm2:
image: nodepm2:latest
container_name: nodepm2
restart: always
ports:
- 3000:3000
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime
- ./services/node-pm2/code:/service/code:rw
networks:
my_bridge:
aliases:
- nodepm2
nps:
image: ffdfgdfg/nps
container_name: nps
network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/nps/conf:/conf:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
npc:
image: ffdfgdfg/npc
container_name: npc
network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/npc/conf:/conf:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
environment:
TZ: "Asia/Shanghai"
mongo:
image: mongo:5.0.2
container_name: mongo
restart: always
ports:
- 27017:27017
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/mongo/data:/data/db:rw
- ./logs/mongo:/var/log/mongodb:rw
networks:
my_bridge:
aliases:
- mongo
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: Haite@1234
elasticsearch:
image: elasticsearch:7.3.0
container_name: elasticsearch
restart: always
ports:
- "9200:9200"
- "9300:9300"
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/es7/data:/usr/share/es7/data:rw
- ./logs/es7:/usr/share/es7/logs:rw
- ./services/es7/config/ik:/usr/share/elasticsearch/plugins/ik
networks:
my_bridge:
aliases:
- elasticsearch
environment:
cluster.name: elasticsearch
discovery.type: single-node
ulimits:
nofile:
soft: 65535
hard: 65535
kibana:
image: docker.elastic.co/kibana/kibana:7.3.0
container_name: kibana
restart: always
ports:
- 5601:5601
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
networks:
my_bridge:
aliases:
- kibana
depends_on: ['elasticsearch']
logstash:
image: logstash:7.3.0
container_name: logstash
restart: always
ports:
- 4560:4560
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/logstash/config/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf:rw
networks:
my_bridge:
aliases:
- kibana
depends_on: ['elasticsearch']
# rocket mq name server
rocketmqserver:
image: foxiswho/rocketmq:server-4.7.0
container_name: rocket-server
restart: always
ports:
- 9876:9876
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./logs/rmq/server:/opt/logs
- ./services/rmq/server/store:/opt/rmqstore
networks:
my_bridge:
aliases:
- rocketmqserver
environment:
JAVA_OPT_EXT: "-server -Xms64m -Xmx64m -Xmn64m"
# rocket mq broker
rmqbroker:
image: foxiswho/rocketmq:broker-4.7.0
container_name: rocket-broker
restart: always
ports:
- 10909:10909
- 10911:10911
ports:
- 10909:10909
- 10911:10911
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./logs/rmq/broker/logs:/opt/logs
- ./services/rmq/broker/store:/opt/rmqstore
- ./services/rmq/config/broker.conf:/etc/rocketmq/broker.conf
networks:
my_bridge:
aliases:
- rmqbroker
environment:
- NAMESRV_ADDR=rocketmqserver:9876
- JAVA_OPTS:=-Duser.home=/opt
- JAVA_OPT_EXT=-server -Xms64m -Xmx64m -Xmn64m
command: mqbroker -c /etc/rocketmq/broker.conf
depends_on:
- rocketmqserver
# rocket console 这个可以不需要
rmqconsole:
image: styletang/rocketmq-console-ng:latest
container_name: rocket-console
restart: always
ports:
- 8180:8180
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
networks:
my_bridge:
aliases:
- rmqconsole
environment:
- JAVA_OPTS=-Drocketmq.config.namesrvAddr=rocketmqserver:9876 -Dserver.port=8180 -Drocketmq.config.isVIPChannel=false
- JAVA_OPT_EXT=-Xms128m -Xmx128m -Xmn128m
depends_on:
- rocketmqserver
# xxl-job 分布式调度中心
xxl-job:
image: xuxueli/xxl-job-admin:2.3.0
container_name: xxl-job
restart: always
ports:
- 9001:9001
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/xxl-job/data:/data/applogs
networks:
my_bridge:
aliases:
- xxljob
environment:
- PARAMS=--spring.datasource.url=jdbc:mysql://mysql8:3306/lipinshop?Unicode=true&characterEncoding=UTF-8 --spring.datasource.username=lipinshop --spring.datasource.password=lipinshop --server.port=9001
depends_on:
- mysql8
# word转pdf模板服务
libreoffice:
image: my/libreoffice:7.4.2
container_name: libreoffice
restart: always
ports:
- 8100:8100
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime
- /docker-services/logs/libreoffice:/logs/:rw
environment:
TZ: Asia/Shanghai
command:
/opt/libreoffice7.4/program/soffice --headless --accept="socket,host=0.0.0.0,port=8100;urp;" --nofirststartwizard &
networks:
my_bridge:
aliases:
- libreoffice
# RabbitMQ,集群方式参考:https://github.com/oprearocks/RabbitMQ-Docker-cluster
rabbit:
image: rabbitmq:management
container_name: rabbit
hostname: rabbit
environment:
TZ: "Asia/Shanghai"
RABBITMQ_ERLANG_COOKIE: myrabbitmq
RABBITMQ_NODENAME: rabbit
volumes:
- /etc/localtime:/etc/localtime
- ./services/rabbitmq/plugins.erl:/etc/rabbitmq/enabled_plugins
- ./services/rabbitmq/data:/var/lib/rabbitmq
ports:
- 4369:4369
- 5671:5671
- 5672:5672
- 15670:15670
- 15671:15671
- 15672:15672
- 15674:15674
- 15675:15675
- 25672:25672
- 1883:1883
- 61613:61613
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- rabbit
# ./services/rabbitmq/plugins.erl:[rabbitmq_management, rabbitmq_management_agent, rabbitmq_mqtt, rabbitmq_web_mqtt, rabbitmq_stomp, rabbitmq_web_stomp, rabbitmq_web_stomp_examples].
# docker cp rabbitmq_delayed_message_exchange-3.9.0.ez rabbit:/plugins->修改plugins.erl添加rabbitmq_delayed_message_exchange->重启容器
# mq集群https://github.com/oprearocks/RabbitMQ-Docker-cluster/blob/master/docker-compose.yml
# minio start
# 单机minio
minIO:
image: minio/minio
container_name: minIO
# privileged: true 逃逸模式存在安全隐患必要时才用
ports:
- 9000:9000
- 9001:9001
volumes:
- /etc/localtime:/etc/localtime
- ./services/minio/config:/root/.minio:rw
- ./services/minio/data/data1:/data1:rw
- ./services/minio/data/data2:/data2:rw
- ./services/minio/data/data3:/data3:rw
- ./services/minio/data/data4:/data4:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
command: server --console-address ":9001" --address ":9000" http://minio/data{1...4}
networks:
my_bridge:
aliases:
- minio
environment:
TZ: "Asia/Shanghai"
MINIO_ACCESS_KEY: admin
MINIO_SECRET_KEY: minioadmin
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
# 所有容器通用的设置和配置
x-minio-common: &minio-common
image: minio/minio
command: server --console-address ":9001" http://minio{1...4}/data
expose:
- "9000"
# environment:
# MINIO_ROOT_USER: minioadmin
# MINIO_ROOT_PASSWORD: minioadmin
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
# 启动4个docker容器运行minio服务器实例 https://www.jianshu.com/p/aade99d924a2
# 使用nginx反向代理9000端口,负载均衡, 你可以通过9001、9002、9003、9004端口访问它们的web console
services:
minio1:
<<: *minio-common
hostname: minio1
ports:
- "9001:9001"
volumes:
- ./data/data1:/data
# minio2 3 4
# minio end
# mosquitto start
# mosquitto mqtt服务,设置密码时先创建/services/mosquitto/config/pwfile文件->进入容器docker exec -it mosquitto sh->mosquitto_passwd /mosquitto/config/pwfile admin->两次密码->exit->重启容器
mosquitto:
image: eclipse-mosquitto:latest
container_name: mosquitto
ports:
- 1883:1883
volumes:
- /etc/localtime:/etc/localtime
- ./services/mosquitto/config:/mosquitto/config:rw
- ./services/mosquitto/data:/mosquitto/data:rw
- ./logs/mosquitto:/mosquitto/log:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- mosquitto
# mosquitto end
# frp start
# frp内网穿透工具 fatedier的镜像为官方镜像不过需要固定版本号才能pull成功
frps:
image: fatedier/frps:v0.56.0
container_name: frps
# network_mode: "host" 采用host可以不用一个个配置端口映射
ports:
- 8025:7000
- 7000:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/frps/conf/frps.toml:/frps.toml:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
command:
- "-c"
- "/frps.toml"
networks:
my_bridge:
aliases:
- frps
frpc:
image: fatedier/frpc:v0.56.0
container_name: frpc
# network_mode: "host"
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/frpc/conf/frpc.toml:/frpc.toml:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
environment:
TZ: "Asia/Shanghai"
command:
- "-c"
- "/frpc.toml"
networks:
my_bridge:
aliases:
- frpc
# frp end
# gopeed start
gopeed:
image: liwei2633/gopeed
container_name: gopeed
ports:
- 9990:9999
volumes:
- /etc/localtime:/etc/localtime:ro
- ./services/gopeed/conf/config.json:/app/config.json:rw
- ./services/gopeed/data/download:/app/Downloads/:rw
- ./services/gopeed/data/storage:/app/storage/:rw
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- gopeed
environment:
TZ: "Asia/Shanghai"
# gopeed end
# mqttx start
mqttx:
image: emqx/mqttx-web
container_name: mqttx
ports:
- 83:80
volumes:
- /etc/localtime:/etc/localtime:ro
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
networks:
my_bridge:
aliases:
- mqttx
environment:
TZ: "Asia/Shanghai"
# mqttx end
# sqlserver start
sqlserver:
image: mcr.microsoft.com/mssql/server:2022-latest
container_name: sqlserver
hostname: sqlserver
ports:
- 1433:1433
volumes:
- /docker-services/services/sqlserver/data:/var/opt/mssql:rw
restart: always
networks:
my_bridge:
aliases:
- sqlserver
environment:
ACCEPT_EULA: "Y"
MSSQL_SA_PASSWORD: "Xxxxxx!123"
# sqlserver end
networks:
my_bridge:
#external: true使用创建好的网络
driver: bridge
#Dockerfile
FROM mysql:8.0.20
MAINTAINER xxx
ENV TZ=Asia/Shanghai
RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
COPY ./xxx.sql /docker-entrypoint-initdb.d
#Dockerfile END
#libreoffice Dockerfile
FROM centos:7
WORKDIR /home
#以下设置中文语言环境与修改时区
ENV LANG=zh_CN.UTF-8 \
LANGUAGE=zh_CN:zh \
LC_ALL=zh_CN.UTF-8
#加入windows字体包
ADD fonts.tar.gz /usr/share/fonts/
#将下载好的包解压到相应文件下
ADD LibreOffice_7.4.2.3_Linux_x86-64_rpm.tar.gz /home/
ADD LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN.tar.gz /usr/
RUN yum update -y && \
yum reinstall -y glibc-common && \
yum install -y telnet net-tools && \
yum clean all && \
rm -rf /tmp/* && rm -rf /var/cache/yum/* && \
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
yum localinstall /home/LibreOffice_7.4.2.3_Linux_x86-64_rpm/RPMS/*.rpm -y && \
yum localinstall /usr/LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN/RPMS/*.rpm -y && \
yum install ibus -y && \
#加入中文字体支持并赋权限
chmod -R 755 /usr/share/fonts && \
yum install mkfontscale -y && \
mkfontscale && \
yum install fontconfig -y && \
mkfontdir && \
fc-cache -fv && \
#清理缓存,减少镜像大小
yum clean all && rm -rf /home/LibreOffice_7.4.2.3_Linux_x86-64_rpm && rm -rf /usr/LibreOffice_7.4.2.3_Linux_x86-64_rpm_langpack_zh-CN
#暴露端口
EXPOSE 8100
#运行
RUN /opt/libreoffice7.4/program/soffice -headless -accept="socket,host=0.0.0.0,port=8100;urp;" -nofirststartwizard &
CMD ["bash"]
#libreoffice Dockerfile END
#/etc/nginx/nginx.conf
user nginx;
worker_processes 1;
pid /var/run/nginx.pid;
error_log /var/log/nginx/nginx.error.log warn;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/null;
#access_log /var/log/dnmp/nginx.access.log main;
# hide verson string
server_tokens off;
sendfile on;
tcp_nopush on;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
client_max_body_size 100M;
keepalive_timeout 65;
#gzip on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary off;
include /etc/nginx/conf.d/*.conf;
}
#/etc/nginx/nginx.conf END
#/etc/nginx/fastcgi-php.conf
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
#fastcgi_param PATH_INFO $path_info;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
#/etc/nginx/fastcgi-php.conf END
#/etc/nginx/fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
#/etc/nginx/fastcgi_params END
#/etc/nginx/conf.d/**.conf
server {
listen 80 default;
server_name localhost;
root /www/blog;
index index.php index.html index.htm;
#charset koi8-r;
#access_log /dev/null;
access_log /var/log/nginx/nginx.blog.access.log main;
error_log /var/log/nginx/nginx.blog.error.log warn;
# 解决跨域问题
#location / {
# add_header Access-Control-Allow-Origin '*';
# add_header Access-Control-Allow-Methods 'GET, POST, PATCH, PUT, OPTIONS, DELETE';
# add_header Access-Control-Expose-Headers '*';
# add_header Access-Control-Allow-Headers 'Origin, Content-Type, Cookie,X-CSRF-TOKEN,Accept,Authorization,sign,timestamps,ticket,token-platform,x-requested-with,usertoken,userkey';#自定义的也要配置上
# if ($request_method = 'OPTIONS') {
# return 200;
#}
# 解决跨域问题
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass php7:9000;
include fastcgi-php.conf;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
server {
listen 443 default ssl http2;
server_name localhost;
root /www/blog;
index index.php index.html index.htm;
#charset koi8-r;
#access_log /dev/null;
access_log /var/log/nginx/nginx.blog.access.log main;
error_log /var/log/nginx/nginx.blog.error.log warn;
#error_page 404 /404.html;
ssl_certificate /ssl/localhost/localhost.crt;
ssl_certificate_key /ssl/localhost/localhost.key;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass php7:9000;
include fastcgi-php.conf;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
#/etc/nginx/conf.d/**.conf END
#/etc/mysql/conf.d/mysql.cnf
[client]
port = 3306
default-character-set = utf8mb4
[mysqld]
user = mysql
port = 3306
sql_mode = NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
default-storage-engine = InnoDB
default-authentication-plugin = mysql_native_password
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect = 'SET NAMES utf8mb4'
disable-log-bin
skip-character-set-client-handshake
explicit_defaults_for_timestamp
slow_query_log
long_query_time = 3
slow-query-log-file = /var/lib/mysql/mysql.slow.log
log-error = /var/lib/mysql/mysql.error.log
default-time-zone = '+8:00'
[mysql]
default-character-set = utf8mb4
#/etc/mysql/conf.d/mysql.cnf END
# /mosquitto/config/pwfile
persistence true
persistence_location /mosquitto/data
log_dest file /mosquitto/log/mosquitto.log
password_file /mosquitto/config/pwfile
listener 1883
# protocol websockets
# port 1883
# protocol mqtt
allow_anonymous false
# pwfile END
#/frps.toml
bindPort = 7000
auth.token = "xxx123qwe"
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "xxx"
webServer.password = "xxx"
vhostHTTPPort = 8080 #代理HTTP主机
# vhostHTTPSPort = 443 #代理HTTPs主机
#/frps.toml END
#/frpc.toml
serverAddr = "frp.xxx.com"
serverPort = 8025
auth.token = "xxx123qwe"
webServer.addr = "0.0.0.0"
webServer.port = 7001
webServer.user = "xxx"
webServer.password = "xxx"
#管理界面通过frps代理
[[proxies]]
name = "admin_ui"
type = "tcp"
localPort = 7001
remotePort = 7002
[[proxies]]
name = "dataserver"
type = "tcp"
localIP = "192.168.0.x"
localPort = 3389
remotePort = 7006
#/frpc.toml END
# gopeed/config.json
{
"address": "", // 绑定的IP地址(默认:0.0.0.0)
"port": 0, // 绑定的端口(默认:9999)
"username": "", // 服务身份认证用户名,为空时不启用身份认证
"password": "", // 服务身份认证密码(默认:gopeed)
"token": "", // HTTP API 令牌,在启用身份认证的情况下使用 HTTP API 时,必须配置令牌
"storageDir": "" // 存储目录
}
# gopeed/config.json END
使用docker-compose构建自定义应用
#首先创建一个用于打包的maven容器
创建目录mavendata
mavendata下放Dockerfile、maven仓库目录repository和settings.xml文件
构建maven镜像:docker build -t my/maven .
构建maven镜像-镜像内clone:docker build -t my/mavenbuild .
使用自定义maven镜像打包$(pwd)当前路径下的代码
docker run -it --rm -v "$(pwd)":/app -w /app -v /data/mavendata/repository:/usr/share/maven/ref/repository my/maven mvn clean package -DskipTests=true
打包成功后会在$(pwd)目录下生成打包文件
使用docker-compose部署的脚本
#!/bin/sh
echo "start..."
cd /code
rm -rf xxx
# echo "----------clone code 主机clone----------"
# git clone -b develop git@xxx.git
echo "----------clone code 镜像内clone----------"
docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/mavenbuild git clone -b master ssh://git@npc.bonrui.com:8012/weifangzdsys-group/weifangzdsys.git
cd xxx
echo "----------maven build----------"
docker run -it --rm -v "$(pwd)":/app -w /app -v /data/mavendata/repository:/usr/share/maven/ref/repository my/maven mvn clean package -DskipTests=true
mkdir /code/xxx/xxx/target/docker
cp /code/Dockerfile /xxx/xxx/target/docker
cp /code/xxx/xxx/target/xxx.jar /xxx/xxx/target/docker/xxx.jar
echo "----------deploy----------"
cd /data/docker-services
docker-compose stop xxx
docker-compose rm -f xxx
docker rmi bonrui/xxx:2.0.0
docker-compose build xxx
docker-compose up -d xxx
docker-compose logs xxx
echo "end"
exit
# fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz超时问题
# 添加语句 RUN echo -e http://mirrors.ustc.edu.cn/alpine/v3.15/main/ > /etc/apk/repositories
Dockerfile文件内容 my/maven:
FROM maven:3-jdk-8-alpine
COPY settings.xml /usr/share/maven/ref/
Dockerfile文件内容 my/mavenbuild:
FROM maven:3-jdk-8-alpine
RUN apk --no-cache add openssh-client git # 镜像内clone
COPY settings.xml /usr/share/maven/conf/
#!/bin/sh
echo "m start..."
cd /data/docker-services/services/xxx/code/xxx
echo "----------clone code(m)----------"
# docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/node14build git clone -b main ssh://git@xxx.git
docker run -it --rm -v "$(pwd)":/app -w /app -v /root/.ssh:/root/.ssh my/node14build git pull
echo "----------node build(m)----------"
docker run -it --rm -v "$(pwd)":/app -w /app my/node14build npm install --registry https://registry.npmmirror.com
docker run -it --rm -v "$(pwd)":/app -w /app my/node14build npm run build
echo "----------deploy(m)----------"
if [ $? -eq 0 ]; then
rm -rf ./distbak
mkdir ./distbak
cp -r /data/docker-services/services/nginx/www/m/* ./distbak
rm -rf /data/docker-services/services/nginx/www/m/*
cp -r ./dist/* /data/docker-services/services/nginx/www/m
ls /data/docker-services/services/nginx/www/m
else
echo "-----------failed(m)-------------"
fi
echo "end(m)"
exit
Dockerfile文件内容 my/node14build:
FROM node:14.16.1-alpine
RUN apk --no-cache add openssh-client git
settings文件内容:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>/usr/share/maven/ref/repository</localRepository>
<mirrors>
<mirror>
<id>alimaven</id>
<name>aliyun maven</name>
<url>https://maven.aliyun.com/repository/public</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
</settings>
# docker-compose.yml
version: "3"
services:
xxx:
# 包含Dockefile的主机目录,注意Dockerfile中的文件路径是基于这个路径的
build: /data/docker-services/services/hairbiz/code/xxxapi/xxx/target/docker
#context: /data/docker-services/services/xxx/code
#dockerfile: /data/docker-services/services/xxx/code/Dockerfile
image: xxx/xxx:2.0.0
container_name: xxx
restart: always
ports:
- 9999:9999
logging:
driver: "json-file"
options:
max-size: "500m"
volumes:
- /etc/localtime:/etc/localtime
- ./logs/xxx:/logs/:rw
environment:
spring.profiles.active: dev
TZ=Asia/Shanghai
networks:
my_bridge:
aliases:
- xxx
networks:
my_bridge:
driver: bridge
# Dockerfile
FROM java
# 这个路径是基于上面的路径的
ADD /hair-biz.jar //
ENTRYPOINT ["java", "-jar", "/xxx.jar"]
命令
#构建在docker-compose.yml目录下执行
docker-compose build
#启动服务 -d后台运行
docker-compose up -d
#停止服务--rmi删除镜像 -v删除已经在compose文件中定义的和匿名的附在容器上的数据卷
docker-compose down --rmi all -v
#查看日志
docker-compose logs -f --tail 100
#列出项目中所有的容器
docker-compose ps
#停止正在运行的容器,可以通过docker-compose start 再次启动
docker-compose stop
#启动已经存在的服务容器
docker-compose start
#拉取服务依赖的镜像
docker-compose pull
#重启项目中的服务
docker-compose restart
#删除所有(停止状态的)服务容器。推荐先执行docker-compose stop命令来停止容器–f, –force强制直接删除,包括非停止状态的容器 -v删除容器所挂载的数据卷
docker-compose rm
#在指定容器上执行一个ping命令。
docker-compose run ubuntu ping www.baidu.com
#设置指定服务运行的容器个数。通过service=num的参数来设置数量
docker-compose scale web=3 db=2
#暂停一个服务容器
docker-compose pause [SERVICE...]
#恢复处于暂停状态中的服务
docker-compose unpause [SERVICE...]
#通过发送SIGKILL信号来强制停止服务容器。支持通过-s参数来指定发送的信号,例如通过如下指令发送SIGINT信号:
docker-compose kill -s SIGINT
#验证并查看compose文件配置–resolve-image-digests 将镜像标签标记为摘要-q, –quiet 只验证配置,不输出。 当配置正确时,不输出任何内容,当文件配置错误,输出错误信息–services 打印服务名,一行一个–volumes 打印数据卷名,一行一个
docker-compose config [options]
#推送服务依的镜像–ignore-push-failures 忽略推送镜像过程中的错误
docker-compose push [options] [SERVICE...]
#显示某个容器端口所映射的公共端口–protocol=proto,指定端口协议,TCP(默认值)或者UDP –index=index,如果同意服务存在多个容器,指定命令对象容器的序号(默认为1)
docker-compose port [options] SERVICE PRIVATE_PORT
#-d 分离模式,后台运行命令–privileged 获取特权–user USER 指定运行的用户-T 禁用分配TTY,默认docker-compose exec分配TTY–index=index,当一个服务拥有多个容器时,可通过该参数登陆到该服务下的任何服务,例如:docker-compose exec –index=1 web /bin/bash ,web服务中包含多个容器
docker-compose exec [options] SERVICE COMMAND [ARGS...]