docker 服务 (AppArmor)
更多的微服务,代替vm主机。
管理工具
docker run -d --name prtainer-doc --restart=always -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock docker.m.daocloud.io/portainer/portainer
网络相关
http代理
隐藏和伪装对外web服务 提高安全性
docker run -d --name proxym --restart=always --net=host -v /opt/proxym/data:/data -v /opt/proxym/encrypt:/etc/letsencrypt chishin/nginx-proxy-manager-zh #jc21/nginx-proxy-manager
dns+dhcp
可是实现简单上网行为管理
docker run -d --name adguardhome --network host --restart=always -v /opt/adguardhome/work:/opt/adguardhome/work -v /opt/adguardhome/conf:/opt/adguardhome/conf adguard/adguardhome
测速
docker run -itd --name speedtest -p 1234:80 ilemonrain/html5-speedtest:alpine
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.m.daocloud.io",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc"]
}
运维相关
zabbix监控、 graylog 日志系统 Elasticsearch(知识检索) (文件搜索带web,anytxt)
启动文件 /opt/graylog/docker-compose.yml
version: '3'
services:
mongo:
image: mongo:3
container_name: graylog_mongo
restart: unless-stopped
environment:
- TZ=Asia/Shanghai
networks:
- graylog
elasticsearch:
image: elasticsearch
container_name: graylog_elasticsearch
restart: unless-stopped
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- TZ=Asia/Shanghai
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
graylog:
image: graylog/graylog:3.3
container_name: graylog
restart: unless-stopped
environment:
容器下载镜像
docker-pull -proxy socks5://192.168.20.199:1082 nginx
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/work lianshufeng/docker-pull -proxy socks5://192.168.20.199:1082 dockurr/samba
共享相关
docker run -itd --name samba --restart=always --net=host \
-v /mnt/sdc1/backup:/mnt/sdc1/backup \
dperson/samba \
-u "wsf;wsf" -s "共享; /mnt/sdc1/backup;yes;no;no;all;wsf" \
-w "WORKGROUP"
docker-ce
安装社区版本
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian $(lsb_release -cs) stable"
apt install docker-ce docker-compose
podman
依赖 cgroup
ls /sys/fs/cgroup/pids
apt install crun podman -y
nano /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
insecure = false
blocked = false
location = "docker.io"
[[registry.mirror]]
location = "mirror.iscas.ac.cn"
[[registry.mirror]]
location = "docker.rainbond.cc"
podman run hello-world
containerd
ctr images pull docker.m.daocloud.io/library/nginx:latest
ctr images list
镜像代理
docker pull docker.chatsbot.org/library/hello-world
docker pull docker.chatsbot.org/lianshufeng/docker-pull
ctr images pull docker.rainbond.cc/library/some-openmediavault-image
导出导入
ctr images export nginx-latest.tar docker.m.daocloud.io/library/nginx:latest
docker load -i nginx-latest.tar
导入导出
导出镜像:
docker save lianshufeng/docker-pull | gzip > docker-pull.tar.gz
还原镜像:
gunzip -c docker-pull.tar.gz | docker load