1. Docker概述
Docker是一种开源的容器化平台,用于构建、部署和运行应用程序。它使用容器技术,将应用程序及其依赖项打包成一个标准化的单元,实现了应用程序的快速部署和隔离。更多学习教程www.fgedu.net.cn
# docker –version
Docker version 20.10.8, build 3967b7d
# 查看Docker信息
# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 32
Total Memory: 62.8GiB
Name: server
ID: ABCD:1234:EFGH:5678:IJKL:9012:MNOP:3456:QRST
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
2. Docker安装
Docker可以在多种操作系统上安装,包括Linux、Windows和macOS。学习交流加群风哥微信: itpux-com
# yum install -y yum-utils
# yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install -y docker-ce docker-ce-cli containerd.io
# 启动Docker服务
# systemctl start docker
# systemctl enable docker
# 验证安装
# docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
3. Docker基础
Docker的核心概念包括镜像、容器、仓库等,理解这些概念是使用Docker的基础。
# docker –help
# 查看Docker子命令帮助
# docker container –help
# 查看Docker版本信息
# docker version
Client:
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:49 2021
OS/Arch: linux/amd64
Context: default
Experimental: false
Server:
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:54:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
4. 镜像管理
镜像是Docker的基础,用于创建容器。可以从Docker Hub拉取镜像,也可以自己构建镜像。
# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
7b1a6ab2e44d: Pull complete
Digest: sha256:626ffe58f6e7566e00254b638eb7e0f3b11d4da9675088f4781a50ae288f3322
Status: Downloaded newer image for ubuntu:latest
docker.io/library/ubuntu:latest
# 查看本地镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 27941809078c 2 weeks ago 72.8MB
hello-world latest d1165f221234 2 months ago 13.3kB
# 构建自定义镜像
# cat Dockerfile
FROM ubuntu:latest
RUN apt-get update && apt-get install -y nginx
EXPOSE 80
CMD [“nginx”, “-g”, “daemon off;”]
# 构建镜像
# docker build -t mynginx .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM ubuntu:latest
—> 27941809078c
Step 2/4 : RUN apt-get update && apt-get install -y nginx
—> Running in 1234567890ab
…
Step 3/4 : EXPOSE 80
—> Running in abcdefghijkl
…
Step 4/4 : CMD [“nginx”, “-g”, “daemon off;”]
—> Running in mnopqrstuvwx
…
Successfully built 1234567890ab
Successfully tagged mynginx:latest
# 查看构建的镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mynginx latest 1234567890ab 1 minute ago 187MB
ubuntu latest 27941809078c 2 weeks ago 72.8MB
hello-world latest d1165f221234 2 months ago 13.3kB
5. 容器管理
容器是镜像的运行实例,可以启动、停止、重启、删除等。
# docker run -d –name webserver -p 80:80 mynginx
1234567890abcdefghijklmnopqrstuvwxyz
# 查看运行中的容器
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1234567890ab mynginx “nginx -g ‘daemon of…” 1 minute ago Up 1 minute 0.0.0.0:80->80/tcp webserver
# 查看所有容器
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1234567890ab mynginx “nginx -g ‘daemon of…” 1 minute ago Up 1 minute 0.0.0.0:80->80/tcp webserver
abcdefghijkl hello-world “/hello” 1 hour ago Exited (0) 1 hour ago friendly_fermi
# 停止容器
# docker stop webserver
webserver
# 启动容器
# docker start webserver
webserver
# 删除容器
# docker rm webserver
webserver
6. 网络管理
Docker提供了多种网络模式,用于容器之间的通信和容器与外部网络的连接。
# docker network ls
NETWORK ID NAME DRIVER SCOPE
1234567890ab bridge bridge local
cdef01234567 host host local
ghij89012345 none null local
# 创建自定义网络
# docker network create mynetwork
67890abcdef1
# 查看网络详情
# docker network inspect mynetwork
[
{
“Name”: “mynetwork”,
“Id”: “67890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567”,
“Created”: “2026-03-30T10:00:00.000000000Z”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: {},
“Config”: [
{
“Subnet”: “172.18.0.0/16”,
“Gateway”: “172.18.0.1”
}
]
},
“Internal”: false,
“Attachable”: false,
“Ingress”: false,
“ConfigFrom”: {
“Network”: “”
},
“ConfigOnly”: false,
“Containers”: {},
“Options”: {},
“Labels”: {}
}
]
# 运行容器并连接到自定义网络
# docker run -d –name web1 –network mynetwork mynginx
1234567890abcdefghijklmnopqrstuvwxyz
# 查看容器网络信息
# docker inspect web1 | grep -A 20 “Networks”
“Networks”: {
“mynetwork”: {
“IPAMConfig”: {
“IPv4Address”: “172.18.0.2”
},
“Links”: null,
“Aliases”: [
“web1”
],
“NetworkID”: “67890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567”,
“EndpointID”: “9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba”,
“Gateway”: “172.18.0.1”,
“IPAddress”: “172.18.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“MacAddress”: “02:42:ac:12:00:02”,
“DriverOpts”: {}
}
}
7. 数据卷管理
数据卷用于持久化容器数据,支持容器之间的数据共享和数据备份。
# docker volume create myvolume
myvolume
# 查看数据卷
# docker volume ls
DRIVER VOLUME NAME
local myvolume
# 查看数据卷详情
# docker volume inspect myvolume
[
{
“CreatedAt”: “2026-03-30T10:00:00Z”,
“Driver”: “local”,
“Labels”: {},
“Mountpoint”: “/var/lib/docker/volumes/myvolume/_data”,
“Name”: “myvolume”,
“Options”: {},
“Scope”: “local”
}
]
# 运行容器并挂载数据卷
# docker run -d –name webserver -p 80:80 -v myvolume:/usr/share/nginx/html mynginx
1234567890abcdefghijklmnopqrstuvwxyz
# 查看容器挂载信息
# docker inspect webserver | grep -A 10 “Mounts”
“Mounts”: [
{
“Type”: “volume”,
“Name”: “myvolume”,
“Source”: “/var/lib/docker/volumes/myvolume/_data”,
“Destination”: “/usr/share/nginx/html”,
“Mode”: “z”,
“RW”: true,
“Propagation”: “rprivate”
}
],
8. Docker Compose
Docker Compose用于定义和运行多容器Docker应用程序,通过YAML文件配置应用程序的服务、网络和数据卷。
# curl -L “https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# 验证安装
# docker-compose –version
docker-compose version 1.29.2, build 5becea4c
# 创建docker-compose.yml文件
# cat docker-compose.yml
version: ‘3’
services:
web:
build: .
ports:
– “80:80”
volumes:
– myvolume:/usr/share/nginx/html
networks:
– mynetwork
db:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: test
volumes:
– dbdata:/var/lib/mysql
networks:
– mynetwork
volumes:
myvolume:
dbdata:
networks:
mynetwork:
# 启动服务
# docker-compose up -d
Creating network “docker_mynetwork” with the default driver
Creating volume “docker_myvolume” with default driver
Creating volume “docker_dbdata” with default driver
Building web
Step 1/4 : FROM ubuntu:latest
—> 27941809078c
Step 2/4 : RUN apt-get update && apt-get install -y nginx
—> Running in 1234567890ab
…
Step 3/4 : EXPOSE 80
—> Running in abcdefghijkl
…
Step 4/4 : CMD [“nginx”, “-g”, “daemon off;”]
—> Running in mnopqrstuvwx
…
Successfully built 1234567890ab
Successfully tagged docker_web:latest
Pulling db (mysql:5.7)…
5.7: Pulling from library/mysql
…
Creating docker_web_1 … done
Creating docker_db_1 … done
# 查看服务状态
# docker-compose ps
Name Command State Ports
———————————————————————
docker_db_1 docker-entrypoint.sh mysqld Up 3306/tcp, 33060/tcp
docker_web_1 nginx -g daemon off; Up 0.0.0.0:80->80/tcp
9. Docker安全
Docker安全包括镜像安全、容器安全、网络安全等,需要采取一系列措施来保护Docker环境。
# docker scan mynginx
Testing mynginx…
Package manager: deb
Project type: deb-based
✓ No vulnerable paths found
# 限制容器权限
# docker run –security-opt=no-new-privileges –cap-drop=ALL –read-only -d –name secure-container mynginx
1234567890abcdefghijklmnopqrstuvwxyz
# 查看容器安全选项
# docker inspect secure-container | grep -A 10 “SecurityOpt”
“SecurityOpt”: [
“no-new-privileges”
],
# 限制容器资源
# docker run –memory=512m –cpus=1 -d –name resource-limited-container mynginx
1234567890abcdefghijklmnopqrstuvwxyz
# 查看容器资源限制
# docker inspect resource-limited-container | grep -A 10 “Resources”
“Resources”: {
“Limits”: {
“cpus”: 1,
“memory”: 536870912
},
“Reservations”: {}
},
10. Docker最佳实践
遵循Docker最佳实践可以提高容器化应用的安全性、可靠性和性能。
# docker pull nginx:alpine
# 最小化镜像大小
# cat Dockerfile
FROM alpine:latest
RUN apk add –no-cache nginx
EXPOSE 80
CMD [“nginx”, “-g”, “daemon off;”]
# 构建最小化镜像
# docker build -t nginx-alpine .
# 查看镜像大小
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx-alpine latest 1234567890ab 1 minute ago 22.8MB
nginx latest 605c77e624dd 2 weeks ago 141MB
# 使用多阶段构建
# cat Dockerfile
FROM node:14 as build
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
FROM nginx:alpine
COPY –from=build /app/build /usr/share/nginx/html
EXPOSE 80
CMD [“nginx”, “-g”, “daemon off;”]
# 构建应用镜像
# docker build -t myapp .
# 查看镜像大小
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myapp latest 1234567890ab 1 minute ago 45.6MB
node 14 1234567890ab 2 weeks ago 916MB
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
