Day 05 Docker network detailed explanation
Note: The cloud server only exposes port 80 by default, so if we want to access through the external network, we can only map to port 80
Understand Docker0
Clean up all mirrors
docker rmi -f $(docker images -aq)
Two, three networks
2.1 Introduction
There are three network modes by default in docker, we can docker network ls
see them through
2.1 Create (delete) network bridge
docker network create [网桥名称]
[root@s ~]# docker network create test01
------------------------------------------------------------------------
ce548d0dd9f88ac22d0d943d8f33dde4c2f81c04c4aeea9319cb3e879cc14945
[root@s ~]# docker network ls
------------------------------------------------------------------------
NETWORK ID NAME DRIVER SCOPE
c4197b1203c6 bridge bridge local
b24a96f44350 host host local
b37725ff8cc6 none null local
ce548d0dd9f8 test01 bridge local
[root@s ~]# docker network rm test01
------------------------------------------------------------------------
test01
[root@s ~]# docker network ls
------------------------------------------------------------------------
NETWORK ID NAME DRIVER SCOPE
c4197b1203c6 bridge bridge local
b24a96f44350 host host local
b37725ff8cc6 none null local
3.docker test whether the same bridge container is interoperable
3.1 Create a bridge
[root@s ~]# docker network create super
------------------------------------------------------------------------
3546c50a8479e3ec04fa008d770fdfabf448614b7b56c3ed417cad533d81fb97
3.2 Create multiple containers (under the same bridge)
3.2.1redis
[root@s ~]# docker run -d --name redis --network super redis
------------------------------------------------------------------------
6facf44e598df8eee101b288e16b199b1731a39a855406b6b6b99a11532e9ecd
3.2.2mysql:5.7
[root@s ~]# docker run -d --name mysql --network super -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
------------------------------------------------------------------------
41c68da6a684a1c733a31d59aea76af5a9a3e6a15e53834ddf416ff870b77a55
3.2.3nginx
[root@s ~]# docker run -d --name nginx --network super nginx
------------------------------------------------------------------------
77b7198f61eb552be672b318fcbec949a1ab9d300d93b8de9978c0eaa1a1014d
3.2.4centos
[root@s ~]# docker run -dit --name centos01 --network super centos /bin/sh
------------------------------------------------------------------------
7aa33a1ddcbba21e2af259bbf3251667a890be084567e3de565c993fe945b208
Through
Question: How does docker handle container network access?
Enter the container to view ip addr
docker exec -it 容器id
ip addr
# 查看容器内部网络地址 发现容器启动的时候会得到一个 eth0@if551 ip地址,docker分配!
At this time, Linux can ping the inside of the container! The container can also ping the outside world-the two are interoperable
principle
Every time we start a docker container, docker will assign an ip to the docker container. As long as we follow docker, there will be a docker0 bridge mode, the technology used is veth-pair technology!
When we start a container again, there will be one more network
The network brought by containers is one-to-one
veth-pair is a pair of virtual device interfaces, they all appear in pairs, one end is connected to the protocol, the other end is connected to each other. Because of this feature, veth-pair acts as a bridge to connect OpenStac and Docker containers of various virtual network devices. The connection between OVS and OVS use evth-pair technology
To test whether the next two containers can be pinged
docker exec -it centos ip addr
------------------------------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
100: eth0@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
docker exec -it b9a558d1c51a ping 172.17.0.2
------------------------------------------------------------------------
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.060 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.055 ms
# 是可以ping通的
From this we can conclude that centos1 and centos2 share a router, that isdocker0
When all containers do not specify a network, they are routed by docker0, and docker will assign a default available ip to our container.
Summary: Docker uses a Linux bridge, and the host is a Docker container bridge docker0
All network interfaces in Docker are virtual , and the virtual forwarding efficiency is high (intranet transfer files) As long as the container is deleted, the corresponding bridge pair is gone!
two,-link
$ docker exec -it tomcat02 ping tomca01 # ping不通
ping: tomca01: Name or service not known
# 运行一个tomcat03 --link tomcat02
$ docker run -d -P --name tomcat03 --link tomcat02 tomcat
5f9331566980a9e92bc54681caaac14e9fc993f14ad13d98534026c08c0a9aef
# 用tomcat03 ping tomcat02 可以ping通
$ docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.115 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.080 ms
# 用tomcat02 ping tomcat03 ping不通
Three, custom network
docker network
connect -- Connect a container to a network
create -- Creates a new network with a name specified by the
disconnect -- Disconnects a container from a network
inspect -- Displays detailed information on a network
ls -- Lists all the networks created by the user
prune -- Remove all unused networks
rm -- Deletes one or more networks
Day 08 build image
1. When the file name for writing instructions must be: Dockerfile
vim Dockerfile
Two, write instructions to build a mirror
# 依赖镜像
FROM python:3.6.12
# 安装django
RUN pip3 install django==2.2.2 -i https://pypi.douban.com/simple/
# 添加本地Django文件(Test)到 镜像中的(Test)下
ADD /Test /Test
# 镜像执行 cd命令 并运行
CMD cd /Test && python3 manage.py runserver 0.0.0.0:8000
Three, start building
docker build -t python:v1 . # 打开当前目录下的Dockerfield 构建python:v1镜像
Four, verification
Start custom image
docker run -d -p8080:8000 python:v1
Start and specify port mapping
If you terminate after startup, you can go docker logs [容器id|名称]
to view the error message
Intranet access is successful!
外网访问django中的settings.py 修改ALLOW_HOST = ["*"]
And the port is mapped as80
Five, nginx proxy django
1. Build nginx image
# Dockerfile
# 设置基础镜像
FROM centos:7
RUN yum install wget -y
# 换源
RUN mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
RUN cd /etc/yum.repos.d && wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
RUN mv /etc/yum.repos.d/CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
# 创建nginx源的文件
ADD nginx.repo /etc/yum.repos.d/
# 刷新yum缓存
RUN yum makecache
# 安装yum工具
RUN yum install yum-utils -y
# 安装Nginx
RUN yum install nginx -y
# 复制配置文件
ADD default.conf /etc/nginx/conf.d/
# 设置启动命令
CMD nginx -g 'daemon off;'
# nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
upstream
The module will nginx
cross the limitation of a single machine to complete the receiving, processing and forwarding of network data.
# default.conf
upstream django {
server django:8000; # 此处代理的时 容器名和端口号
}
server {
listen 80;
server_name _;
location / {
:
proxy_pass http://django; # 与上面对应
index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Because the two files are in the /home
directory, I want to enter the cd
cd /home
docker build -t nginx:v1 . # 小数点代表当前目录
2. Build django image
# Dockerfile
依赖镜像
FROM python:3.6
# 安装django
RUN pip3 install django==2.1.7 -i https://pypi.douban.com/simple/
# 创建项目
RUN django-admin startproject test
# 进入到项目下 启动项目
RUN cd test && django-admin startapp app01
# 镜像执行 cd命令 并运行
CMD cd test && python3 manage.py runserver 0.0.0.0:8000
docker build -t python:v1 . # 小数点代表当前目录
3. Start running, it must be under the same network
docker run -d --network oldboy --name django python:v1
------------------------------------------------------------------------
82ae3f1e3d9d4bdc56489205a39cf49912939058707a4ebddae8a7c9a0b8c8b0
docker run -d -p80:80 --network oldboy nginx:v3
------------------------------------------------------------------------
776ce7cd6154ebfbdd4454927013175db1c25fe7e9f97f7a0d0e7b7103dba24e
docker ps
------------------------------------------------------------------------
NTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
776ce7cd6154 nginx:v3 "/bin/sh -c 'nginx -…" 3 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp infallible_mestorf
82ae3f1e3d9d python:v1 "/bin/sh -c 'cd test…" 8 minutes ago Up 8 minutes django
Can be tested