文章目录
-
- 一.安装docker-ce和使用
- 二.镜像的分层结构及构建
-
- 1)Docker commit构建新镜像
- 2)Dockerfile构建镜像
- 3)Dockerfile详解
-
- 1.镜像的作者
- 2.FROM:指定base镜像,如果本地不存在会从远程仓库下载。
- 3.COPY模块:把文件从build context复制到镜像
- 4.ADD可以走外网,还可以解压。用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自动解压到dest,也可以自动下载URL并拷贝到镜像:
- 5.ENV:设置环境变量,变量可以被后续的指令使用
- 6.EXPOSE:暴露端口如果容器中运行应用服务,可以把服务端口暴露出去
- 7.VOLUME:声明数据卷:可以作数据持久化,通常指定的是应用的数据挂在点
- 8.CMD会被覆盖
- 9.WORKDIR:相当于cd命令。为RUN、CMD、ENTRYPOINT、ADD和COPY指令设置镜像中的当前工作目录,如果目录不存在会自动创建。
- 三.阿里云注册,控制台里-》容器镜像服务-》镜像加速器 -> 加速
- 四.打包nginx镜像
- 五.镜像优化
Docker是管理容器的引擎,为应用打包、部署平台、而非单纯的虚拟化技术。
一.安装docker-ce和使用
%安装,解决速度和依赖性
#阿里云-》容器-》docker
[root@server11 ~]# cd /etc/yum.repos.d/
[root@server11 yum.repos.d]# ls
dvd.repo redhat.repo
[root@server11 yum.repos.d]# vim docker.repo
[root@server11 yum.repos.d]# cat docker.repo
[docker]
name=docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
[root@server11 yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@server11 yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@server11 yum.repos.d]# vim CentOS-Base.repo
:%s/$releasever/7/g
[root@server11 yum.repos.d]# yum clean all
[root@server11 yum.repos.d]# yum install -y docker-ce
[root@server11 yum.repos.d]# yum repolist
[root@server11 yum.repos.d]# systemctl start docker
[root@server11 yum.repos.d]# systemctl enable docker
[root@server11 yum.repos.d]# docker info
[root@server11 yum.repos.d]# sysctl -a|grep bridge-nf-call
#若没开,执行下面
[root@server11 yum.repos.d]# cd /etc/sysctl.d/
[root@server11 sysctl.d]# vim docker.conf
[root@server11 sysctl.d]# cat docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@server11 sysctl.d]# sysctl --system#查看,已经=1
[root@server11 sysctl.d]# docker search yakexi007
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
yakexi007/game2048 0
yakexi007/mario 0
yakexi007/nginx 0
[root@server11 sysctl.d]# docker pull yakexi007/game2048#导入镜像
[root@server11 ~]# docker history yakexi007/game2048:latest#查看容器端口,做端口映射
root@server11 ~]# docker run -d --name demo -p 80:80 yakexi007/game2048 #运行容器80:80#宿主机:docker
f1345bd8e8209944feaeeb1d9c9df7a8d0100f12c059f60b40be62eea971aad0
[root@server11 ~]# docker ps #查看docker运行的进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1345bd8e820 yakexi007/game2048 "/bin/sh -c 'sed -i …" 8 seconds ago Up 6 seconds 0.0.0.0:80->80/tcp, 443/tcp demo
[root@server11 ~]# docker ps -a#查看docker全部的进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1345bd8e820 yakexi007/game2048 "/bin/sh -c 'sed -i …" 17 seconds ago Up 14 seconds 0.0.0.0:80->80/tcp, 443/tcp demo
#此时网页直接访问http://192.168.100.241/,就能看到游戏2048
[root@server11 ~]# docker rm -f demo #删除
demo
[root@server11 ~]# docker search yakexi007
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
yakexi007/game2048 0
yakexi007/mario 0
yakexi007/nginx 0
[root@server11 ~]# docker pull yakexi007/mario
[root@server11 ~]# docker history mario:latest #查看容器端口
[root@server11 ~]# docker history yakexi007/mario:latest#查看容器端口,做端口映射
IMAGE CREATED CREATED BY SIZE COMMENT
9a35a9e43e8c 5 years ago /bin/sh -c #(nop) CMD ["python3" "-m" "http.… 0B
<missing> 5 years ago /bin/sh -c #(nop) EXPOSE 8080/tcp 0B
[root@server11 ~]# docker run -d --name demo -p 80:8080 yakexi007/mario
此时网页直接访问http://192.168.100.241/
二.镜像的分层结构及构建
- 容器层以下所有镜像层image都是只读的,改变的Image会复制到容器层(最上层)
1)Docker commit构建新镜像
- Docker commit构建新镜像步骤
运行容器
修改容器
将容器保存为新的镜像
[root@server11 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
yakexi007/mario latest 9a35a9e43e8c 5 years ago 198MB
[root@server11 ~]# docker pull busybox#拉取镜像
[root@server11 ~]# docker rm demo#已经关闭的容器,直接docker rm 就能删除
#ctrl+d退出
[root@server11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server11 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea72160c4320 busybox "sh" 5 minutes ago Exited (0) 57 seconds ago youthful_wilson
[root@server11 docker]# docker rm -f sharp_carson#-f强制删除
[root@server11 ~]# docker rm ea72160c4320#已经关闭的容器,直接docker rm 就能删除
ea72160c4320
[root@server11 ~]# docker run -it --rm busybox
/ # ip addr
#ctrl+P+Q,推出不会停掉容器
[root@server11 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6861e848902 busybox "sh" 32 seconds ago Up 31 seconds sharp_carson
[root@server11 ~]# docker run -it --name demo busybox#运行容器,并修改
/ # touch f1
/ # touch f2
/ # ls
bin dev etc f1 f2 home proc root sys tmp usr var
/ #
[root@server11 ~]# docker commit -m "add files" demo demo:v1#将容器保存为新的镜像
sha256:71510e41ce37d6fbe279343a26eea70d4a893144795e48a6b863565ba1b6d9c7
[root@server11 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
demo v1 71510e41ce37 8 seconds ago 1.23MB
busybox latest b97242f89c8a 10 days ago 1.23MB
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
yakexi007/mario latest 9a35a9e43e8c 5 years ago 198MB
[root@server11 ~]# docker history demo:v1#就是在busybox上又加了一层demo:v1
IMAGE CREATED CREATED BY SIZE COMMENT
71510e41ce37 27 seconds ago sh 21B add files
b97242f89c8a 10 days ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 10 days ago /bin/sh -c #(nop) ADD file:92e389f575fd4d0a4… 1.23MB
[root@server11 ~]# docker history busybox:latest
IMAGE CREATED CREATED BY SIZE COMMENT
b97242f89c8a 10 days ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 10 days ago /bin/sh -c #(nop) ADD file:92e389f575fd4d0a4… 1.23MB
[root@server11 ~]# docker rm demo#删除demo容器
[root@server11 ~]# docker rmi demo:v1
2)Dockerfile构建镜像
%Dockerfile:一条指令生成一个镜像层
[root@server11 ~]# mkdir docker
[root@server11 ~]# cd docker/
[root@server11 docker]# vim Dockerfile#创建一个Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
RUN mkdir westos
[root@server11 docker]# docker build -t demo:v1 . #构建镜像
[root@server11 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
demo v1 1b9055cd93ef 26 seconds ago 1.23MB
busybox latest b97242f89c8a 10 days ago 1.23MB
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
yakexi007/mario latest 9a35a9e43e8c 5 years ago 198MB
[root@server11 docker]# docker history demo:v1 #查看镜像的分层结构
IMAGE CREATED CREATED BY SIZE COMMENT
1b9055cd93ef 54 seconds ago /bin/sh -c mkdir westos 0B
a4fcc438c6ef 57 seconds ago /bin/sh -c touch file1 0B
b97242f89c8a 10 days ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 10 days ago /bin/sh -c #(nop) ADD file:92e389f575fd4d0a4… 1.23MB
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM demo:v1
RUN touch file2
RUN mkdir redhat
[root@server11 docker]# docker build -t demo:v2 .
[root@server11 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
demo v2 fb71bbeb0f62 35 seconds ago 1.23MB
demo v1 1b9055cd93ef 5 minutes ago 1.23MB
busybox latest b97242f89c8a 10 days ago 1.23MB
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
yakexi007/mario latest 9a35a9e43e8c 5 years ago 198MB
[root@server11 docker]# docker history demo:v2 #镜像的缓存特性
IMAGE CREATED CREATED BY SIZE COMMENT
fb71bbeb0f62 51 seconds ago /bin/sh -c mkdir redhat 0B
56dbe72acfc2 52 seconds ago /bin/sh -c touch file2 0B
1b9055cd93ef 6 minutes ago /bin/sh -c mkdir westos
[root@server11 docker]# docker rmi demo:v2
3)Dockerfile详解
1.镜像的作者
[root@server11 docker]# docker history yakexi007/mario:latest #镜像的作者WORKDIR
IMAGE CREATED CREATED BY SIZE COMMENT
9a35a9e43e8c 5 years ago /bin/sh -c #(nop) CMD ["python3" "-m" "http.… 0B
<missing> 5 years ago /bin/sh -c #(nop) EXPOSE 8080/tcp 0B
<missing> 5 years ago /bin/sh -c #(nop) WORKDIR /app
2.FROM:指定base镜像,如果本地不存在会从远程仓库下载。
3.COPY模块:把文件从build context复制到镜像
[root@server11 docker]# vim index.html
[root@server11 docker]# cat index.html
westos.org.com
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
[root@server11 docker]# docker build -t demo:v1 .
[root@server11 docker]# docker history demo:v1
IMAGE CREATED CREATED BY SIZE COMMENT
a91f9969a3ac About a minute ago /bin/sh -c #(nop) COPY file:edce11749423de9f… 15B
326d30e03ae2 About a minute ago /bin/sh -c touch file1 0B
b97242f89c8a 10 days ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 10 days ago /bin/sh -c #(nop) ADD file:92e389f575fd4d0a4… 1.23MB
[root@server11 docker]# docker run -it --rm demo:v1 #查看copy
/ # ls
bin etc home proc sys usr
dev file1 index.html root tmp var
/ #
[root@server11 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server11 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4.ADD可以走外网,还可以解压。用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自动解压到dest,也可以自动下载URL并拷贝到镜像:
[root@server11 docker]# tar zcf test.tar.gz /etc
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
[root@server11 docker]# docker build -t demo:v3 .
[root@server11 docker]# docker history demo:v3
IMAGE CREATED CREATED BY SIZE COMMENT
dbb1e2304773 19 seconds ago /bin/sh -c #(nop) ADD file:dcab4cea1e7063eb1… 31.3MB
[root@server11 docker]# docker run -it --rm demo:v3 查看ls /mnt/etc,文件以解压
5.ENV:设置环境变量,变量可以被后续的指令使用
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
[root@server11 docker]# docker build -t demo:v2 .
[root@server11 docker]# docker run -it --rm demo:v2
/ # env
HOSTNAME=server1
SHLVL=1
HOME=/root
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
/ #
6.EXPOSE:暴露端口如果容器中运行应用服务,可以把服务端口暴露出去
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
[root@server11 docker]# docker build -t demo:v4 .
[root@server11 docker]# docker history demo:v4
IMAGE CREATED CREATED BY SIZE COMMENT
8ea7da997f0d 18 seconds ago /bin/sh -c #(nop) EXPOSE 80 0B
7.VOLUME:声明数据卷:可以作数据持久化,通常指定的是应用的数据挂在点
[root@zhenji images]# cd /home/kiosk/Downloads/qq-files/2558707533/file_recv/
[root@zhenji file_recv]# scp nginx.tar [email protected]:/root/docker/
[root@server11 docker]# ls
Dockerfile index.html nginx.tar test.tar.gz
[root@server11 docker]# docker load -i nginx.tar
[root@server11 docker]# docker run -d --name demo nginx
[root@server11 docker]# docker ps
[root@server11 docker]# docker rm -f demo
demo
[root@server11 docker]# docker run -d --name demo -P nginx
df2e68d3ef1519bd86237551bf054e871de661421d29bf0294eb11b8cf4cbfae
[root@server11 docker]# netstat -antlp
tcp 0 0 192.168.100.241:50868 111.51.82.243:80 TIME_WAIT -
[root@server11 docker]# docker inspect demo
查看卷
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
[root@server11 docker]# docker build -t demo:v5 .
[root@server11 docker]# docker history demo:v5
IMAGE CREATED CREATED BY SIZE COMMENT
fc57e78f6353 56 seconds ago /bin/sh -c #(nop) VOLUME [/data] 0B
[root@server11 docker]# docker run -it --name demo5 demo:v5
/ # cd data/
/data # ls
/data # touch docker1
/data # ls -l docker1
-rw-r--r-- 1 root root 0 Jan 23 15:59 docker1
#注意:ctrl+p+q不中断进程退出
/data # [root@server11 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09babf0ca3d1 demo:v5 "sh" 2 minutes ago Up 2 minutes 80/tcp demo5
[root@server11 _data]# docker inspect demo5
[root@server11 docker]# cd /var/lib/docker/volumes/0b96762f1f2d74f49db6b7b9ddb9b1e79df2a79394e59e6f965ffaaed91c1b58/_data
[root@server11 _data]# ls
docker1
[root@server11 _data]# rm -fr docker1
[root@server11 _data]# ls
[root@server11 _data]# cp /etc/passwd .
[root@server11 _data]# ls
passwd
[root@server11 _data]# docker attach demo5#是同步的
/data # ls
passwd
/data #
[root@server11 _data]# docker ps
[root@server11 _data]# docker rm -f demo
demo
[root@server11 _data]# docker rm demo5
demo5
[root@server11 _data]# docker volume ls
DRIVER VOLUME NAME
local 0b96762f1f2d74f49db6b7b9ddb9b1e79df2a79394e59e6f965ffaaed91c1b58
[root@server11 _data]# docker volume prune #删除没有被占用的卷(没有挂载)
[root@server11 _data]# docker volume ls#以被删除
中括号不能解析变量,需要加上
[root@server11 _data]# docker run -it --rm nginx bash
root@043fe2707561:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@043fe2707561:/# cd /etc/nginx/
root@043fe2707561:/etc/nginx# ls
conf.d koi-utf mime.types nginx.conf uwsgi_params
fastcgi_params koi-win modules scgi_params win-utf
root@043fe2707561:/etc/nginx# exit
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
CMD echo "hello word"
[root@server11 docker]# docker build -t demo:v6 .
[root@server11 docker]# docker run --rm demo:v6
hello word
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
CMD echo "hello $HOSTNAME"
[root@server11 docker]# docker build -t demo:v7 .
[root@server11 docker]# docker run --rm demo:v7
hello server1
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
CMD [ "echo", "hello $HOSTNAME"]
[root@server11 docker]# docker build -t demo:v8 .
[root@server11 docker]# docker run --rm demo:v8#中括号不能解析变量
hello $HOSTNAME
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
CMD [ "/bin/sh", "-c", "echo hello $HOSTNAME"]
[root@server11 docker]# docker build -t demo:v9 .
[root@server11 docker]# docker run --rm demo:v9
hello server1
8.CMD会被覆盖
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# cat Dockerfile
FROM busybox
RUN touch file1
COPY index.html /
ADD test.tar.gz /mnt
ENV HOSTNAME server1
EXPOSE 80
VOLUME ["/data"]
ENTRYPOINT ["echo", "hello"]
CMD [ "word"]
[root@server11 docker]# docker build -t demo:v10 .
[root@server11 docker]# docker run --rm demo:v10
hello word
[root@server11 docker]# docker run --rm demo:v10 westo
hello westo
[root@server11 docker]# docker run --rm demo:v10 yij
hello yij
9.WORKDIR:相当于cd命令。为RUN、CMD、ENTRYPOINT、ADD和COPY指令设置镜像中的当前工作目录,如果目录不存在会自动创建。
三.阿里云注册,控制台里-》容器镜像服务-》镜像加速器 -> 加速
%用rhel7。6
[root@server11 docker]# docker rmi `docker images | grep demo|awk '{print $1":"$2}'`
[root@server11 ~]# ls
99-sysctl.conf docker rhel7.tar
[root@server11 ~]# cd /etc/docker/
[root@server11 docker]# ls
key.json
[root@server11 docker]# vim daemon.json
[root@server11 docker]# cat daemon.json
{
"registry-mirrors": ["https://qxj9x6qf.mirror.aliyuncs.com"]
}
[root@server11 docker]# systemctl daemon-reload
[root@server11 docker]# systemctl reload docker
四.打包nginx镜像
1.commit打包nginx镜像
[root@server11 docker]# docker pull nginx
[root@server11 docker]# docker image prune #删除更新之前的nginx
[root@server11 docker]# docker pull ubuntu
[root@server11 docker]# docker images
[root@server11 ~]# docker load -i rhel7.tar
[root@server11 ~]# ls
99-sysctl.conf docker nginx-1.18.0.tar.gz rhel7.tar
[root@server11 ~]# docker cp nginx-1.18.0.tar.gz demo:/
[root@server11 ~]# docker run -it --name demo rhel7 bash#这个一定要加个bash
bash-4.2# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.0 (Maipo)
bash-4.2# cd /etc/yum.
yum.conf yum.repos.d/
bash-4.2# cd /etc/yum.repos.d/
bash-4.2# ls
rhel7.repo
bash-4.2# vi dvd.repo
bash-4.2# cat dvd.repo
[dvd]
name=rhel7.6
baseurl=http://192.168.100.141/rhel7.6
gpgcheck=0
bash-4.2# cd /
bash-4.2# yum install gcc pcre-devel lftp tar zlib-devel make
bash-4.2# tar zxf nginx-1.18.0.tar.gz
bash-4.2# cd nginx-1.18.0
bash-4.2# ./configure
bash-4.2# make
bash-4.2# make install
bash-4.2# whereis nginx
nginx: /usr/local/nginx
bash-4.2# /usr/local/nginx/sbin/nginx -t
[root@server11 ~]# docker inspect demo 看ip
[root@server11 ~]# curl 172.17.0.2
2.Dockerfile打包zabbix镜像
[root@server11 docker]# ls
Dockerfile index.html nginx-1.18.0.tar.gz nginx.tar
[root@server11 docker]# vim dvd.repo
[dvd]
name=rhel7.6
baseurl=http://192.168.100.141/rhel7.6
gpgcheck=0
[root@server11 docker]# ls
Dockerfile dvd.repo index.html nginx-1.18.0.tar.gz nginx.tar
[root@server11 docker]# vim Dockerfile
[root@server11 docker]# curl 172.17.0.2/test.html
curl: (7) Failed connect to 172.17.0.2:80; Connection refused
[root@server11 docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.18.0.tar.gz /mnt
WORKDIR /mnt/nginx-1.18.0
RUN rpmdb --rebuilddb
RUN yum install -y gcc make pcre-devel zlib-devel &> /dev/null
RUN ./configure &> /dev/null
RUN make &> /dev/null
RUN make install &> /dev/null
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server11 docker]# docker build -t webserver:v1 .
[root@server11 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
webserver v1 1e08374b273e About a minute ago 303MB
[root@server11 docker]# docker rm -f demo
demo
[root@server11 docker]# docker run -d --name webserver webserver:v1
d8c7b2adc4e67810abb8c26753221ee94a3809f84ac1e1da4b015aa210bd3f52
[root@server11 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8c7b2adc4e6 webserver:v1 "/usr/local/nginx/sb…" 4 seconds ago Up 3 seconds 80/tcp webserver
[root@server11 _data]# docker inspect webserver
[root@server11 docker]# cd /var/lib/docker/volumes/f1babd2ecea8040ac889329e10ca4a69ccb283c0ce5fdc37411b7e703f1d5160/_data
[root@server11 _data]# ls
50x.html index.html
[root@server11 _data]# echo www.westos.org > test.html
[root@server11 _data]# curl 172.17.0.2
<h1>Welcome to nginx!</h1>
[root@server11 _data]# curl 172.17.0.2/test.html
www.westos.org
五.镜像优化
- 减少镜像层,合并层,效果不明显
- 清理中间产物
- 多阶段,把第一阶段的产物考到第二阶段。效果较明显
- 选择最精简的基础镜像。效果最好
1.多阶段,把第一阶段的产物拷贝到第二阶段。
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.18.0.tar.gz /mnt
WORKDIR /mnt/nginx-1.18.0
RUN rpmdb --rebuilddb && yum install -y gcc make pcre-devel zlib-devel &> /dev/null && ./configure &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.18.0 && yum remove -y gcc make && yum clean all
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server11 docker]# docker build -t webserver:v2 .
[root@server11 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
webserver v2 621d03c716d8 6 minutes ago 144MB
2.base压缩, 选择最精简的基础镜像
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
[root@server11 docker]# docker load -i
[root@server11 docker]# docker images
[root@server11 docker]# mkdir /root/docker/nginx
[root@server11 docker]# cd /root/docker/nginx
[root@server11 docker]# vim Dockerfile
FROM nginx:1.18.0 as base
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@server11 nginx]# docker build -t webserver:v4 .
[root@server11 nginx]# docker images#只有31.7MB
REPOSITORY TAG IMAGE ID CREATED SIZE
webserver v4 fcc5b816e63d 2 minutes ago 31.7MB
[root@server11 nginx]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8c7b2adc4e6 webserver:v1 "/usr/local/nginx/sb…" 30 minutes ago Up 30 minutes 80/tcp webserver
[root@server11 nginx]# docker rm -f webserver
[root@server11 nginx]# docker run -d --name webserver webserver:v4
64eeb8239588706a86d321f712f375457423411d3f3b7bf947c29fb0ebdea656
[root@server11 nginx]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
64eeb8239588 webserver:v4 "nginx -g 'daemon of…" 15 seconds ago Up 14 seconds 80/tcp, 443/tcp webserver
[root@server11 nginx]# curl 172.17.0.2
https://github.com/kyos0109/nginx-distroless/blob/master/Dockerfile
https://github.com/GoogleContainerTools/distroless