想要在java中还是在其他方式访问dockerAPI都需要设置一个端口
运行以下命令:进入docker.service
vi /lib/systemd/system/docker.service
找到Execstart=/usr/bin/dockerd后加上-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock 退出并且保存
运行以下命令:
systemctl daemon-reload
service docker restart//重启启动docker
systemctl stats docker//可以查看相关内容,看看2375是否已经设置好运行:netstat -nlp |grep 2375 可以查看2375是否已经被监听
如果你是阿里的云服务器这种,应该需要在安全组中加入2375或者其他的操作。
如果是在本地搭建的虚拟机,则需要把防火墙关闭或者在防火墙中开启相应端口以供外部使用(我用的是centos7)以下引用的是:https://www.cnblogs.com/moxiaoan/p/5683743.html 此博文详细介绍了如何在防火墙中添加一个端口
1.
启动: systemctl start firewalld
关闭: systemctl stop firewalld
查看状态: systemctl status firewalld
开机禁用 : systemctl disable firewalld
开机启用 : systemctl enable firewalld
那怎么开启一个端口呢
添加
firewall-cmd --zone=public --add-port=2375/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
重新载入
firewall-cmd --reload
查看
firewall-cmd --zone= public --query-port=2375/tcp
删除
firewall-cmd --zone= public --remove-port=2375/tcp --permanent
2.systemctl是CentOS7的服务管理工具中主要的工具,它融合之前service和chkconfig的功能于一体。
启动一个服务:systemctl start firewalld.service
关闭一个服务:systemctl stop firewalld.service
重启一个服务:systemctl restart firewalld.service
显示一个服务的状态:systemctl status firewalld.service
在开机时启用一个服务:systemctl enable firewalld.service
在开机时禁用一个服务:systemctl disable firewalld.service
查看服务是否开机启动:systemctl is-enabled firewalld.service
查看已启动的服务列表:systemctl list-unit-files|grep enabled
查看启动失败的服务列表:systemctl --failed
3.配置firewalld-cmd
查看版本: firewall-cmd --version
查看帮助: firewall-cmd --help
显示状态: firewall-cmd --state
查看所有打开的端口: firewall-cmd --zone=public --list-ports
更新防火墙规则: firewall-cmd --reload
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:firewall-cmd --panic-on
取消拒绝状态: firewall-cmd --panic-off
查看是否拒绝: firewall-cmd --query-panic这时可以通过java来访问docker了,或者可以在浏览器的地址栏中访问docker了
在java中访问:
在Docker官方文档有介绍:https://docs.docker.com/develop/sdk/#unofficial-libraries 翻到最后可以看到有一些不是官方的(Unofficial libraries)
我用的是java语言(docker-java),可相应的选择不同语言
首先在docker-java的github上官方推荐的连接方式:https://github.com/docker-java/docker-java
docker-java推荐使用maven项目引入相关的jar包依赖:
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java</artifactId>
<!-- use latest version https://github.com/docker-java/docker-java/releases -->
<version>3.X.Y</version>
</dependency>但是我的项目是普通的javaweb项目,所以无法使用maven来进行管理和下载jar包,我尝试建立一个新的maven项目把docker-java相关jar包下载好以后在本地仓库中一一放到我的项目中,这样也可以来使用docker-java(大概是48个jar包,有点多啊。。)
如果你想通过最简单的方式连接docker-api的时候只需要在你的宿主机上设置端口然后使用以下连接方式,我设置的是2375端口号
DockerClient dockerClient = DockerClientBuilder.getInstance("tcp://xxx.xxx.xxx.xxx:2375").build();
Info info = dockerClient.infoCmd().exec();
System.out.println(info);在浏览器地址栏中访问:http://192.168.0.3:2375/info 返回的数据是以json的格式展示
具体在地址栏中还有哪些操作可以参考官方文档:https://docs.docker.com/engine/api/v1.29/#operation/ContainerAttach
{"ID":"MID4:FUBP:XWQB:TBNV:LPLN:IUIU:32MG:HBYM:6O2K:HBUW:257R:7DY4","Containers":1,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":1,"Images":1,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","xfs"],["Supports d_type","true"],["Native Overlay Diff","true"]],"SystemStatus":null,"Plugins":{"Volume":["local"],"Network":["bridge","host","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":25,"OomKillDisable":true,"NGoroutines":48,"SystemTime":"2018-08-30T10:31:01.298068483+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"3.10.0-862.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":["https://tpp5ie36.mirror.aliyuncs.com/"],"Secure":true,"Official":true}},"Mirrors":["https://tpp5ie36.mirror.aliyuncs.com/"]},"NCPU":4,"MemTotal":1910075392,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"ywh","Labels":[],"ExperimentalBuild":false,"ServerVersion":"18.06.1-ce","ClusterStore":"","ClusterAdvertise":"","Runtimes":{"runc":{"path":"docker-runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"468a545b9edcd5932818eb9de8e72413e616e86e","Expected":"468a545b9edcd5932818eb9de8e72413e616e86e"},"RuncCommit":{"ID":"69663f0bd4b60df09991c08812a60108003fa340","Expected":"69663f0bd4b60df09991c08812a60108003fa340"},"InitCommit":{"ID":"fec3683","Expected":"fec3683"},"SecurityOptions":["name=seccomp,profile=default"]}这种最简单的连接方式是有漏洞的,存在暴露端口的危害,更安全的连接方式请查看我下一篇文章