基于ECS快速搭建Docker环境
背景知识
容器技术
容器是一个允许我们在资源隔离的过程中,运行应用程序和其依赖项的 、轻量的 、操作系统级别的虚拟化技术, 运行应用程序所需的所有必要组件都打包为单个镜像,这个镜像是可以重复使用的。当镜像运行时,它是运行在独立的环境中,并不会和其他的应用共享主机操作系统的内存、CPU或磁盘。这保证了容器内的进程不会影响到容器外的任何进程。
Docker
Docker是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux机器或Windows机器上,也可以实现虚拟化,容器是完全使用沙箱机制,相互之间不会有任何接口。Docker底层用的Linux的cgroup和namespace这两项技术来实现应用隔离,一个完整的Docker有以下几个部分组成:
- Docker Client客户端
- Docker Daemon守护进程
- Docker Image镜像
- Docker Container容器
-
CRT连接ECS服务器
-
安装Docker CE
Docker有两个分支版本:Docker CE和Docker EE,即社区版和企业版。本文基于CentOS 7安装Docker CE。
-
安装Docker的依赖库。
[root@iZuf6hc9ky50i4148wr12gZ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
-
添加Docker CE的软件源信息。
[root@iZuf6hc9ky50i4148wr12gZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-
安装Docker CE。
[root@iZuf6hc9ky50i4148wr12gZ ~]# yum makecache fast [root@iZuf6hc9ky50i4148wr12gZ ~]# yum -y install docker-ce
-
启动Docker服务。
[root@iZuf6hc9ky50i4148wr12gZ ~]# systemctl start docker
-
查看docker详细信息
[root@iZuf6hc9ky50i4148wr12gZ ~]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.13 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-1062.18.1.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 991MiB Name: iZuf6hc9ky50i4148wr12gZ ID: 7NPI:QD2S:PM6P:KETT:A4DA:VTX4:3HXB:VWUQ:I2DH:3KBU:ICR3:M57W Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
-
-
配置阿里云镜像仓库(镜像加速)
Docker的默认官方远程仓库是hub.docker.com,由于网络原因,下载一个Docker官方镜像可能会需要很长的时间,甚至下载失败。为此,阿里云容器镜像服务ACR提供了官方的镜像站点,从而加速官方镜像的下载
-
配置Docker的自定义镜像仓库地址。请将下面命令中的镜像仓库地址
https://kqh8****.mirror.aliyuncs.com
替换为阿里云为您提供的专属镜像加速地址。[root@iZuf6hc9ky50i4148wr12gZ ~]# sudo tee /etc/docker/daemon.json <<-'EOF' > { > "registry-mirrors": ["https://b0lp69i2.mirror.aliyuncs.com"] > } > EOF
-
重新加载服务配置文件。重启Docker服务
[root@iZuf6hc9ky50i4148wr12gZ ~]# systemctl daemon-reload [root@iZuf6hc9ky50i4148wr12gZ ~]# systemctl restart docker
-
-
使用Docker安装Nginx服务
-
查看Docker镜像仓库中Nginx的可用版本
[root@iZuf6hc9ky50i4148wr12gZ ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 13771 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1880 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 787 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS… 128 tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 92 [OK] jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 92 bitnami/nginx Bitnami nginx Docker Image 90 [OK] alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 76 [OK] nginxdemos/hello NGINX webserver that serves a simple page co… 61 [OK] jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 54 [OK] nginx/nginx-ingress NGINX Ingress Controller for Kubernetes 41 privatebin/nginx-fpm-alpine PrivateBin running on an Nginx, php-fpm & Al… 35 [OK] schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 19 [OK] nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 17 nginx/nginx-prometheus-exporter NGINX Prometheus Exporter 15 centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 14 centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 13 raulr/nginx-wordpress Nginx front-end for the official wordpress:f… 13 [OK] staticfloat/nginx-certbot Opinionated setup for automatic TLS certs lo… 12 [OK] sophos/nginx-vts-exporter Simple server that scrapes Nginx vts stats a… 7 [OK] bitwarden/nginx The Bitwarden nginx web server acting as a r… 7 mailu/nginx Mailu nginx frontend 7 [OK] bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 6 [OK] ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 1 [OK] wodby/nginx Generic nginx 1 [OK]
-
拉取最新版的Nginx镜像。
[root@iZuf6hc9ky50i4148wr12gZ ~]# docker pull nginx:latest latest: Pulling from library/nginx d121f8d1c412: Pull complete ebd81fc8c071: Pull complete 655316c160af: Pull complete d15953c0e0f8: Pull complete 2ee525c5c3cc: Pull complete Digest: sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest
-
查看本地镜像
[root@iZuf6hc9ky50i4148wr12gZ ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 7e4d58f0e5f3 13 days ago 133MB
-
运行容器。
[root@iZuf6hc9ky50i4148wr12gZ ~]# docker run --name nginx-test -p 8080:80 -d nginx ffe58edd2afbdc195b152da08641facba76965923649400360f293ee94c15097 #命令参数说明: --name nginx-test:容器名称。 -p 8080:80: 端口进行映射,将本地8080端口映射到容器内部的80端口。 -d nginx: 设置容器在后台一直运行。
-
在浏览器地址栏输入
http://<ECS公网地址>:8080
访问Nginx服务
-