常用操作目录
1. 查看容器的主机名
[root@docker ~]# docker run -it --name t1 --rm busybox
/ # hostname
394a2c0539f5
2. 在容器启动时注入主机名
[root@docker ~]# docker run -it --name t1 --hostname busybox --rm busybox
/ # hostname
busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 busybox # 注入主机名时会自动创建主机名到IP的映射关系
/ # cat /etc/resolv.conf
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
nameserver 100.100.2.136 # DNS也会自动配置为宿主机的DNS
nameserver 100.100.2.138
/ # ping www.baidu.com
PING www.baidu.com (220.181.38.150): 56 data bytes
64 bytes from 220.181.38.150: seq=0 ttl=51 time=8.225 ms
64 bytes from 220.181.38.150: seq=1 ttl=51 time=8.367 ms
3. 手动指定容器要使用的DNS
[root@docker ~]# docker run -it --name t1 --hostname busybox --dns 114.114.114.114 --rm busybox/ # cat /etc/resolv.conf
nameserver 114.114.114.114
options timeout:2 attempts:3 rotate single-request-reopen
/ # nslookup -type=a www.baidu.com
Server: 114.114.114.114
Address: 114.114.114.114:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 180.101.49.12
Name: www.a.shifen.com
Address: 180.101.49.11
4. 手动往/etc/hosts文件中注入主机名到IP地址的映射
[root@docker ~]# docker run -it --name t1 --hostname busybox --add-host www.a.com:1.1.1.1 --rm busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.1.1.1 www.a.com
172.17.0.2 busybox
5. 开放容器端口
执行docker run的时候有个-p选项,可以将容器中的应用端口映射到宿主机中,从而实现让外部主机可以通过访问宿主机的某端口来访问容器内应用的目的。
-p选项能够使用多次,其所能够暴露的端口必须是容器确实在监听的端口。
-p选项的使用格式:
- -p <containerPort>
- 将指定的容器端口映射至主机所有地址的一个动态端口
- -p <hostPort>:<containerPort>
- 将容器端口<containerPort>映射至指定的主机端口<hostPort>
- -p <ip>::<containerPort>
将指定的容器端口<containerPort>映射至主机指定<ip>的动态端口 - -p <ip>:<hostPort>:<containerPort>
- 将指定的容器端口<containerPort>映射至主机指定<ip>的端口<hostPort>
动态端口指的是随机端口,具体的映射结果可使用docker port
命令查看。
[root@docker ~]# docker run --name web --rm -p 80 nginx
以上命令执行后会一直占用着前端,新开一个终端连接来看一下容器的80端口被映射到了宿主机的什么端口上
[root@docker ~]# docker port web
80/tcp -> 0.0.0.0:32768
[root@docker ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:32768 [::]:*
由此可见,容器的80端口被暴露到了宿主机的32768端口上,此时我们在宿主机上访问一下这个端口看是否能访问到容器内的站点
[root@docker ~]# curl http://127.0.0.1:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
iptables防火墙规则将随容器的创建自动生成,随容器的删除自动删除规则。
将容器端口映射到指定IP的随机端口
1.将容器端口映射到指定IP的随机端口
[root@docker ~]# docker run --name web --rm -p 172.26.169.24::80 nginx
2.在另一个终端上查看端口映射情况
[root@docker ~]# docker port web
80/tcp -> 172.26.169.24:32768
3.访问站点
[root@docker ~]# curl http://172.26.169.24:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
将容器端口映射到宿主机的指定端口
1.将容器端口映射到宿主机的指定端口
[root@localhost ~]# docker run --name web --rm -p 80:80 nginx
2.在另一个终端上查看端口映射情况
[root@docker ~]# docker port web
80/tcp -> 0.0.0.0:80
[root@docker ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:80 [::]:*
3.访问站点
[root@docker ~]# curl http://172.26.169.24 #网站默认访问端口为80,ip后可不加端口号
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
6. 自定义docker0桥的网络属性信息
官方文档相关配置:https://docs.docker.com/network/bridge/
自定义docker0桥的网络属性信息需要修改/etc/docker/daemon.json配置文件
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://8c6gj8l.mirror.aliyuncs.com"],
"bip": "172.17.0.1/16",
"mtu": 1500,
"dns": ["8.8.8.8","114.114.114.114"]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:0d:73:7c brd ff:ff:ff:ff:ff:ff
inet 172.26.169.24/20 brd 172.26.175.255 scope global dynamic eth0
valid_lft 314623765sec preferred_lft 314623765sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:53:74:03:90 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其它选项可通过此地址计算得出。
7. 设置容器异常终止后自动重启
设置参数–restart=always,当容器异常终止时容器会自动重启,手动关闭容器则容器不会重启
[root@docker ~]# docker run --name web -d --restart=always nginx
63ea28c8b421a5d9e5c7f4497ee4ded0cffd2429abac41ff5c1b44d048c9b308
[root@docker ~]# ps -ef |grep nginx
root 28637 28619 0 22:08 ? 00:00:00 nginx: master process nginx -g daemon off;
101 28664 28637 0 22:08 ? 00:00:00 nginx: worker process
root 28666 27979 0 22:09 pts/2 00:00:00 grep --color=auto nginx
[root@docker ~]# pkill nginx
[root@docker ~]# ps -ef |grep nginx
root 28776 28759 0 22:09 ? 00:00:00 nginx: master process nginx -g daemon off;
101 28803 28776 0 22:09 ? 00:00:00 nginx: worker process
root 28805 27979 0 22:09 pts/2 00:00:00 grep --color=auto nginx
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63ea28c8b421 nginx "nginx -g 'daemon of…" 55 seconds ago Up 17 seconds 80/tcp web
[root@docker ~]# docker stop 63ea28c8b421
63ea28c8b421
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8. 创建自定义网桥
创建一个额外的自定义桥,区别于docker0
[root@docker ~]# docker network create -d bridge --subnet "192.168.80.0/24" --gateway "192.168.80.1" br0
a0e87a8a5fd448343caf108e2da9fad406cd80cf94e3cf819887a49101fb887f
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
a0e87a8a5fd4 br0 bridge local
74b4cf29674e bridge bridge local
88b8afad65ed host host local
835ad42a1ad2 none null local
使用新创建的自定义网桥创建容器:
[root@docker ~]# docker run -it --name t1 --network br0 busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:50:02
inet addr:192.168.80.2 Bcast:192.168.80.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
9. 删除自定义网桥
[root@docker ~]# docker network rm br0
br0
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
74b4cf29674e bridge bridge local
88b8afad65ed host host local
835ad42a1ad2 none null local